Re: GPG Workshop during DebCamp

[YunQiang Su]

Jose-Luis Rivas  于2024年7月29日周一 21:54写道：
>
> On Sat Jul 27, 2024 at 1:05 PM -03, Holger Levsen wrote:
> > On Sat, Jul 27, 2024 at 11:40:26AM -0300, Jose-Luis Rivas wrote:
> > > Maybe Sequoia could make a good landing page about these differences? I
> > > am not that bad about googling and I couldn't figure it out by myself
> > > when you mentioned it before :)
> >
> > there's https://wiki.debian.org/OpenPGP/Sequoia but it's not yet what I 
> > would
> > like it to be.
> >
> > plus there's obviously also upstream documentation from the Sequoia project,
> > but that's not my department. ;)
>
> I took the liberty to add a section on the differences of implementation
> between Sequoia and GnuPG v2.3.0+.
>
> If it is incorrect to do in that page, or the content looks
> biased/problematic, please feel free to make the necessary corrections.
>
> https://wiki.debian.org/OpenPGP/Sequoia#Differences_in_implementation_with_GnuPG_v2.3.0_or_later
>

So, do we have any conclusion during this workshop?
I am looking for to use GNUPG2.4+ for TPM2 support.

Is it possbile for us to patch GNUPG2.4+ to override its default behaivor
to generate pre-V5 certificate by defualt?

> - Jose
>


-- 
YunQiang Su

Re: GPG Workshop during DebCamp

[Jose-Luis Rivas]

On Sat Jul 27, 2024 at 1:05 PM -03, Holger Levsen wrote:
> On Sat, Jul 27, 2024 at 11:40:26AM -0300, Jose-Luis Rivas wrote:
> > Maybe Sequoia could make a good landing page about these differences? I
> > am not that bad about googling and I couldn't figure it out by myself
> > when you mentioned it before :)
>  
> there's https://wiki.debian.org/OpenPGP/Sequoia but it's not yet what I would
> like it to be.
>
> plus there's obviously also upstream documentation from the Sequoia project,
> but that's not my department. ;)

I took the liberty to add a section on the differences of implementation
between Sequoia and GnuPG v2.3.0+.

If it is incorrect to do in that page, or the content looks
biased/problematic, please feel free to make the necessary corrections.

https://wiki.debian.org/OpenPGP/Sequoia#Differences_in_implementation_with_GnuPG_v2.3.0_or_later

- Jose

Re: GPG Workshop during DebCamp

[Justus Winter]

Ansgar 🙀  writes:

> On Fri, 2024-07-26 at 14:08 +0900, Justus Winter wrote:
>> In the OpenPGP ecosystem, we have seen that people think that if GnuPG
>> accepts an artifact, then it must be okay to emit such an artifact.  As
>> you can see [0], GnuPG still accepts SHA1-based signatures.  And, we
>> have seen big players [1][2] use SHA-1 in their signing keys.
>> 
>> 0: https://tests.sequoia-pgp.org/#Signature_over_the_shattered_collision
>> 1: https://github.com/microsoft/linux-package-repositories/issues/47
>> 2: https://bugzilla.redhat.com/show_bug.cgi?id=2170878#c19
>> 
>> We considerably improved the situation by rejecting these signatures,
>> even though that caused a considerable amount of pain in the short term.
>
> Recently on debian-vote@ it was pointed out repeatedly that SHA-1 is
> still a perfectly secure hash algorithm for many applications

SHA-1 is not a perfectly secure hash algorithm.  It has been disallowed
for use in digital signatures by NIST in 2013, 11 years ago.  There are
practical attacks against its collision resistance.  An attack has been
demonstrated against OpenPGP's authentication mechanism.

  https://sha-mbles.github.io/

There is a modified SHA-1 algorithm that protects against all currently
known collision attacks, but it incurs a 20% overhead over software-only
implementations, making it considerably more expensive than SHA2.

Just stop using SHA-1, and stop advocating for its use.

> (probably just as MD5).

There is a short, low-entropy, alphanumeric collision constructed
against MD5 where the blocks differ by a single byte.  It is hard to
overstate how broken MD5 is.

  https://x.com/realhashbreaker/status/1770161965006008570

Stop saying MD5 is fine.


Best,
Justus


signature.asc
Description: PGP signature

Re: GPG Workshop during DebCamp

[Holger Levsen]

On Sat, Jul 27, 2024 at 11:40:26AM -0300, Jose-Luis Rivas wrote:
> Maybe Sequoia could make a good landing page about these differences? I
> am not that bad about googling and I couldn't figure it out by myself
> when you mentioned it before :)
 
there's https://wiki.debian.org/OpenPGP/Sequoia but it's not yet what I would
like it to be.

plus there's obviously also upstream documentation from the Sequoia project,
but that's not my department. ;)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

It ain't no revolution, just because you can dance to it.


signature.asc
Description: PGP signature

Re: GPG Workshop during DebCamp

[Ansgar 🙀]

Hi,

On Fri, 2024-07-26 at 14:08 +0900, Justus Winter wrote:
> In the OpenPGP ecosystem, we have seen that people think that if GnuPG
> accepts an artifact, then it must be okay to emit such an artifact.  As
> you can see [0], GnuPG still accepts SHA1-based signatures.  And, we
> have seen big players [1][2] use SHA-1 in their signing keys.
> 
> 0: https://tests.sequoia-pgp.org/#Signature_over_the_shattered_collision
> 1: https://github.com/microsoft/linux-package-repositories/issues/47
> 2: https://bugzilla.redhat.com/show_bug.cgi?id=2170878#c19
> 
> We considerably improved the situation by rejecting these signatures,
> even though that caused a considerable amount of pain in the short term.

Recently on debian-vote@ it was pointed out repeatedly that SHA-1 is
still a perfectly secure hash algorithm for many applications (probably
just as MD5).

If Debian already relies on SHA-1 to be a cryptographic strong hash,
there is probably no reason to not accept SHA-1 signatures nor for
hashes other than SHA-1 in Packages/Sources indices (or even just MD5
to save space).

Currently dak already has code to reject SHA-1 signatures, but maybe we
should also remove that given SHA-1-based signatures are trusted by
other parts as well.

Ansgar

Re: GPG Workshop during DebCamp

[Josh Santos]

+1 - forking standards on an existing tool is the main concern here

On Fri, Jul 26, 2024, 1:57 PM Holger Levsen  wrote:

> On Fri, Jul 26, 2024 at 06:39:17AM +0200, Simon Josefsson wrote:
> > On the contrary, I believe forking when you disagree with something is
> > at the very heart of the free software spirit.
>
> forking tools is one thing, but forking standards is something entirely
> different.
>
>
> --
> cheers,
> Holger
>
>  ⢀⣴⠾⠻⢶⣦⠀
>  ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
>  ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
>  ⠈⠳⣄
>
> Be careful when you follow the masses. Sometimes the "m" is silent.
>

Re: GPG Workshop during DebCamp

[Jose-Luis Rivas]

On Wed Jul 24, 2024 at 12:33 PM -03, Justus Winter wrote:
> GnuPG no longer tracks OpenPGP, but something they call LibrePGP.  If
> you look closely at a certificate created from it, you can see some
> troubling divergences already.
> [...]

Justus, thank you so much for your explanation here and in the other
messages.

I am now more interested than ever in checking out Sequoia and using it
as a replacement of gpg in my machines.

Maybe Sequoia could make a good landing page about these differences? I
am not that bad about googling and I couldn't figure it out by myself
when you mentioned it before :)

Big hug,
Jose.

Re: GPG Workshop during DebCamp

[Simon Josefsson]

Justus Winter  writes:

> Hi Simon :)
>
> Simon Josefsson  writes:
>
>> Justus Winter  writes:
>>
>>> Petter Reinholdtsen  writes:
>>>
 [Justus Winter]
> GnuPG no longer tracks OpenPGP, but something they call LibrePGP.  If
> you look closely at a certificate created from it, you can see some
> troubling divergences already.  For example, this is from one created
> by GnuPG 2.4.4:

 Thank you for the details.  I found https://librepgp.org/ > which
 explain their rationale.  Seem to be quite a split in world view in
 place here.
>>>
>>> Yes, that is what the media has dubbed "the SCHISM",
>>> e.g. https://lwn.net/Articles/953797/
>>>
>>> I played around with GnuPG 2.4.4, and it is easy to accidentally create
>>> an out-of-spec cert with it:
>>
>> To be fair, the spec is available, isn't it?  It just isn't OpenPGP.
>
> I didn't say that it isn't available.  But, everybody can write up such
> an document, that doesn't make it a standard.  And, having actually read
> it, I can say that without considerable work and editing, this is far
> away from the quality we expect from a standard.

Right, it is the process to gather implementations around a document
that makes something a standard.  Even if a document has low quality,
but a sufficient mass of implementations tend to follow it in a similar
enough way, I don't think the quality of the document is particular
important.

>>> % gpg --export 
>>> F3AE83A58BD3B8981C8F0AECC5AD7DC02CFAB1F1F14D7998FF87244ADDE1B6C1 | sq 
>>> toolbox packet dump --hex
>>> Unknown or Unsupported Packet, old CTB, 2 header bytes + 73 bytes
>>
>> Looks like a feature request on the 'sq' tool to support this packet
>> type would be useful.
>
> One of the more difficult, yet maybe most important aspects of
> maintaining and developing software is saying no to a request.
>
> We believe that declining this request is in the best interest of the
> OpenPGP ecosystem and its users, even if it may hurt some fraction of
> users who inadvertently used the newer GnuPG versions to create new
> keys, and may are stuck with unusable keys and/or messages.
>
> In the OpenPGP ecosystem, we have seen that people think that if GnuPG
> accepts an artifact, then it must be okay to emit such an artifact.  As
> you can see [0], GnuPG still accepts SHA1-based signatures.  And, we
> have seen big players [1][2] use SHA-1 in their signing keys.
>
> 0: https://tests.sequoia-pgp.org/#Signature_over_the_shattered_collision
> 1: https://github.com/microsoft/linux-package-repositories/issues/47
> 2: https://bugzilla.redhat.com/show_bug.cgi?id=2170878#c19
>
> We considerably improved the situation by rejecting these signatures,
> even though that caused a considerable amount of pain in the short term.
>
>
> I think Debian shouldn't be asking whether Sequoia can add support for a
> proprietary format.
>
> I think Debian should be asking whether GnuPG can add support for a
> format standardized in an international standardization body, which
> enjoys broad support from the implementation community.

Those are reasonable requests, but I don't think they are the only ones.

Compare the situation with OpenSSH and the SSH protocol.  If you
implement the SSH RFCs I believe you won't be able to interoperate with
OpenSSH.  So all usable SSH implementations add protocol elements that
OpenSSH has added.  The other implementations could just have said no
and regard compatibility with OpenSSH as unimportant, but they didn't.

Are you saying that Debian should be asking OpenSSH to comply with the
IETF RFCs?

Should Debian be modifying OpenSSH to comply with the RFCs, even if that
would deviate from upstream OpenSSH?

Should Debian switch to a SSH server that comply with the RFCs?

These are rethoric questions, but I think they illustrate my point that
this matter is complex and involves chosing who you want to trust.
GnuPG authors?  OpenSSH authors?  Sequoia authors?  An international
standardization body?

Another analogy would be Signal vs SMS.  For good or bad, the Signal
authors didn't like what they saw in SMS security, so they created
something else.  Signal is not standardized, and SMS is governed by an
international standardization body too.

/Simon


signature.asc
Description: PGP signature

Re: GPG Workshop during DebCamp

[Justus Winter]

Hi Simon :)

Simon Josefsson  writes:

> Justus Winter  writes:
>
>> Petter Reinholdtsen  writes:
>>
>>> [Justus Winter]
 GnuPG no longer tracks OpenPGP, but something they call LibrePGP.  If
 you look closely at a certificate created from it, you can see some
 troubling divergences already.  For example, this is from one created
 by GnuPG 2.4.4:
>>>
>>> Thank you for the details.  I found https://librepgp.org/ > which
>>> explain their rationale.  Seem to be quite a split in world view in
>>> place here.
>>
>> Yes, that is what the media has dubbed "the SCHISM",
>> e.g. https://lwn.net/Articles/953797/
>>
>> I played around with GnuPG 2.4.4, and it is easy to accidentally create
>> an out-of-spec cert with it:
>
> To be fair, the spec is available, isn't it?  It just isn't OpenPGP.

I didn't say that it isn't available.  But, everybody can write up such
an document, that doesn't make it a standard.  And, having actually read
it, I can say that without considerable work and editing, this is far
away from the quality we expect from a standard.

>> % gpg --export 
>> F3AE83A58BD3B8981C8F0AECC5AD7DC02CFAB1F1F14D7998FF87244ADDE1B6C1 | sq 
>> toolbox packet dump --hex
>> Unknown or Unsupported Packet, old CTB, 2 header bytes + 73 bytes
>
> Looks like a feature request on the 'sq' tool to support this packet
> type would be useful.

One of the more difficult, yet maybe most important aspects of
maintaining and developing software is saying no to a request.

We believe that declining this request is in the best interest of the
OpenPGP ecosystem and its users, even if it may hurt some fraction of
users who inadvertently used the newer GnuPG versions to create new
keys, and may are stuck with unusable keys and/or messages.

In the OpenPGP ecosystem, we have seen that people think that if GnuPG
accepts an artifact, then it must be okay to emit such an artifact.  As
you can see [0], GnuPG still accepts SHA1-based signatures.  And, we
have seen big players [1][2] use SHA-1 in their signing keys.

0: https://tests.sequoia-pgp.org/#Signature_over_the_shattered_collision
1: https://github.com/microsoft/linux-package-repositories/issues/47
2: https://bugzilla.redhat.com/show_bug.cgi?id=2170878#c19

We considerably improved the situation by rejecting these signatures,
even though that caused a considerable amount of pain in the short term.


I think Debian shouldn't be asking whether Sequoia can add support for a
proprietary format.

I think Debian should be asking whether GnuPG can add support for a
format standardized in an international standardization body, which
enjoys broad support from the implementation community.


Best,
Justus


signature.asc
Description: PGP signature

Re: GPG Workshop during DebCamp

[Holger Levsen]

On Fri, Jul 26, 2024 at 06:39:17AM +0200, Simon Josefsson wrote:
> On the contrary, I believe forking when you disagree with something is
> at the very heart of the free software spirit.

forking tools is one thing, but forking standards is something entirely 
different.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Be careful when you follow the masses. Sometimes the "m" is silent.


signature.asc
Description: PGP signature

Re: GPG Workshop during DebCamp

[Simon Josefsson]

Gunnar Wolf  writes:

> Simon Josefsson dijo [Thu, Jul 25, 2024 at 10:12:23AM +0200]:
>> > Yes, that is what the media has dubbed "the SCHISM",
>> > e.g. https://lwn.net/Articles/953797/
>> >
>> > I played around with GnuPG 2.4.4, and it is easy to accidentally create
>> > an out-of-spec cert with it:
>> 
>> To be fair, the spec is available, isn't it?  It just isn't OpenPGP.
>
> Right. But there is an ecosystem of tools other than GnuPG that
> implement OpenPGP. Forking and going your own way is not a tactic that
> follows the ethos of the free software communities; being the dominant
> implementation should not give the leverage to force your view upon
> others.

On the contrary, I believe forking when you disagree with something is
at the very heart of the free software spirit.

I do agree with you that it feels uncomfortable when you are subject to
decisions you don't like, and is faced with a decision to fork a project
or switch to an alternative.

Especially when decisions are made in an important project that you
cannot easily influence.

We have many examples of this pattern -- a close example to OpenPGP vs
LibrePGP is that OpenSSH de-facto dictate what other SSH implementations
have to support, and that protocol behaviour isn't consistent with any
RFCs -- the difference is that most users trust OpenSSH more than the
broken RFC system.  We've had the GCC vs EGCS split.  We've had
 Debian force systemd on its users, or debian-installer
including non-free software.  We've had SSLeay vs OpenSSL.  We've seen
SunJDK vs OpenJDK.  Remember Emacs vs XEmacs?  We recently had Redis vs
Valkey.

All these examples have their own unique properties, but one common
pattern is that some dominant project make a decision that some set of
users dislike, leading to forks of the project or people switch to
alternatives.  Saying that this pattern is against the ethos of free
software when you dislike a decision is not convincing to me.  I believe
the essence of free software is merely that it gives you the ability to
do something constructive about the decision (fork) when it occurs.

Leveraging your own dominance to force another view upon others is a
common reaction when someone else uses their dominance to force their
view.  For example, Debian could replace use of GnuPG's gpgv with some
other implementation.  That is the same kind of dominance decision as
GnuPG replacing OpenPGP with LibrePGP, but the difference is that this
feels more pleasant when the decision is consistent with your own views.
That makes it the right decision for some set of users, but it will
alienate and drive away others.  There is another way of working and
that is to be inclusive towards as many viewpoints as possible, although
that approach has its costs and downsides too.

/Simon


signature.asc
Description: PGP signature

Re: GPG Workshop during DebCamp

[Gunnar Wolf]

Simon Josefsson dijo [Thu, Jul 25, 2024 at 10:12:23AM +0200]:
> > Yes, that is what the media has dubbed "the SCHISM",
> > e.g. https://lwn.net/Articles/953797/
> >
> > I played around with GnuPG 2.4.4, and it is easy to accidentally create
> > an out-of-spec cert with it:
> 
> To be fair, the spec is available, isn't it?  It just isn't OpenPGP.

Right. But there is an ecosystem of tools other than GnuPG that
implement OpenPGP. Forking and going your own way is not a tactic that
follows the ethos of the free software communities; being the dominant
implementation should not give the leverage to force your view upon
others.

Re: GPG Workshop during DebCamp

[Simon Josefsson]

Justus Winter  writes:

> Petter Reinholdtsen  writes:
>
>> [Justus Winter]
>>> GnuPG no longer tracks OpenPGP, but something they call LibrePGP.  If
>>> you look closely at a certificate created from it, you can see some
>>> troubling divergences already.  For example, this is from one created
>>> by GnuPG 2.4.4:
>>
>> Thank you for the details.  I found https://librepgp.org/ > which
>> explain their rationale.  Seem to be quite a split in world view in
>> place here.
>
> Yes, that is what the media has dubbed "the SCHISM",
> e.g. https://lwn.net/Articles/953797/
>
> I played around with GnuPG 2.4.4, and it is easy to accidentally create
> an out-of-spec cert with it:

To be fair, the spec is available, isn't it?  It just isn't OpenPGP.

> % gpg --export 
> F3AE83A58BD3B8981C8F0AECC5AD7DC02CFAB1F1F14D7998FF87244ADDE1B6C1 | sq toolbox 
> packet dump --hex
> Unknown or Unsupported Packet, old CTB, 2 header bytes + 73 bytes

Looks like a feature request on the 'sq' tool to support this packet
type would be useful.

/Simon


signature.asc
Description: PGP signature

Re: GPG Workshop during DebCamp

[Justus Winter]

Petter Reinholdtsen  writes:

> [Justus Winter]
>> GnuPG no longer tracks OpenPGP, but something they call LibrePGP.  If
>> you look closely at a certificate created from it, you can see some
>> troubling divergences already.  For example, this is from one created
>> by GnuPG 2.4.4:
>
> Thank you for the details.  I found https://librepgp.org/ > which
> explain their rationale.  Seem to be quite a split in world view in
> place here.

Yes, that is what the media has dubbed "the SCHISM",
e.g. https://lwn.net/Articles/953797/

I played around with GnuPG 2.4.4, and it is easy to accidentally create
an out-of-spec cert with it:

% gpg --with-colons --list-config version
cfg:version:2.4.4
% gpg --quick-generate-key 4...@example.org ed448
gpg: keybox '/tmp/tmp.6fiRMwVdo6/pubring.kbx' created
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /tmp/tmp.6fiRMwVdo6/trustdb.gpg: trustdb created
gpg: directory '/tmp/tmp.6fiRMwVdo6/openpgp-revocs.d' created
gpg: revocation certificate stored as 
'/tmp/tmp.6fiRMwVdo6/openpgp-revocs.d/F3AE83A58BD3B8981C8F0AECC5AD7DC02CFAB1F1F14D7998FF87244ADDE1B6C1.rev'
public and secret key created and signed.

pub   ed448 2024-07-25 [SC] [expires: 2027-07-25]
  F3AE83A58BD3B8981C8F0AECC5AD7DC02CFAB1F1F14D7998FF87244ADDE1B6C1
uid  4...@example.org

% gpg --export F3AE83A58BD3B8981C8F0AECC5AD7DC02CFAB1F1F14D7998FF87244ADDE1B6C1 
| sq toolbox packet dump --hex
Unknown or Unsupported Packet, old CTB, 2 header bytes + 73 bytes
Tag: Public-Key Packet
Error: Malformed packet: unknown version

  98 CTB
0001 49  length
000205   version
0003   66 a1 e8 17 16  00 00 00 3f 03 2b 65 71  
f...?.+eq
0010  01 c8 f5 1c d3 a4 8b 4a  b0 cf a9 b3 2c b7 c6 b6   
...J,...
0020  3e 74 46 e4 38 be ed d2  8d ec 48 4b 8e 89 41 b8   
>tF.8.HK..A.
0030  08 ae 81 5c 0b 0e 5a e7  26 79 59 db 85 0a e6 77   
...\..Z.&yYw
0040  de 8f 76 c7 c6 f4 24 3f  5a 7c 00  ..v...$?Z|.

User ID Packet, old CTB, 2 header bytes + 23 bytes
Value: another-...@example.org

  b4 CTB
0001 17  length
000261 6e 6f 74 68 65  72 2d 34 34 38 40 65 78   value
0010  61 6d 70 6c 65 2e 6f 72  67

Unknown or Unsupported Packet, old CTB, 2 header bytes + 205 bytes
Tag: Signature Packet
Error: Malformed packet: unknown version

  88 CTB
0001 cd  length
000205   version
0003   13 16 0a 00 4d  22 21 05 e4 8f ab 29 d0  
M"!).
0010  c9 77 1a 30 df 39 20 72  12 22 47 f6 39 e6 6e a4   .w.0.9 
r."G.9.n.
0020  39 d5 8d 1e 24 89 ef ce  47 c0 58 05 02 66 a1 e8   
9...$...G.X..f..
0030  17 02 1b 03 05 09 05 a3  9a 80 05 0b 09 08 07 02   

0040  02 22 02 06 15 0a 09 08  0b 02 04 16 02 03 01 02   
."..
0050  1e 07 02 17 80 00 00 e5  7b 01 c8 a5 0d 4e 46 0b   
{NF.
0060  e3 8c d2 7d 9b 83 33 9a  e3 c1 fc 0e 90 8b 73 5c   
...}..3...s\
0070  ee b4 41 19 73 ca 8b cc  ef e2 59 55 28 f2 39 d4   
..A.s.YU(.9.
0080  58 29 fd b8 c4 7e 0f a6  7d 40 b4 2f b7 62 73 26   
X)...~..}@./.bs&
0090  f0 33 09 00 01 c4 0e 55  bc 1d db b6 49 e8 37 c6   
.3.UI.7.
00a0  b5 e0 76 51 1b fc 59 2b  d1 8c f5 5d 60 fd d5 1b   
..vQ..Y+...]`...
00b0  ca 7e 67 1d 0a de 52 ac  f3 f8 85 96 83 5a e7 59   
.~g...R..Z.Y
00c0  0b e7 9e 0e 88 67 04 96  e5 71 cd 31 dd 30 00  .g...q.1.0.

No warning, no opting in, it just created a "v5" primary key and a "v5"
signature just because one selected the Ed448 algorithm.


Best,
Justus


signature.asc
Description: PGP signature

Re: GPG Workshop during DebCamp

[Josh Santos]

22.04

On Thu, Jul 25, 2024, 4:39 AM Simon Josefsson  wrote:

> Josh Santos  writes:
>
> > Just checked, and luckily it seems Ubuntu LTS uses GPG 2.2 - when I saw
> > this, was worried my key would have been made incorrectly, but should be
> > good.
>
> Which LTS do you refer to?  I believe the latest LTS, Ubuntu 24.04, uses
> GnuPG 2.4.
>
> /Simon
>
> > This is all new to me :)
> >
> > On Wed, Jul 24, 2024, 10:19 PM Justus Winter 
> wrote:
> >
> >> Hi,
> >>
> >> Carlos Henrique Lima Melara  writes:
> >>
> >> > Last year I did a small workshop explaining the basics of GPG and
> >> > asymetric cryptography to newcomers and helped them to create their
> >> > own GPG key so they could join our keysigning party.
> >>
> >> If you want to create a new OpenPGP key with GnuPG, please make sure to
> >> use GnuPG version 2.2.x (i.e. the version available in Debian), not
> >> 2.4.x (i.e. the version available in Ubuntu, Fedora, and some other more
> >> yolo distributions).
> >>
> >> If you use GnuPG 2.4.x or newer, you risk creating a non-compliant key,
> >> i.e. not an OpenPGP key, but a GnuPG key.
> >>
> >> Best,
> >> Justus
> >>
>

Re: GPG Workshop during DebCamp

[Simon Josefsson]

Josh Santos  writes:

> Just checked, and luckily it seems Ubuntu LTS uses GPG 2.2 - when I saw
> this, was worried my key would have been made incorrectly, but should be
> good.

Which LTS do you refer to?  I believe the latest LTS, Ubuntu 24.04, uses
GnuPG 2.4.

/Simon

> This is all new to me :)
>
> On Wed, Jul 24, 2024, 10:19 PM Justus Winter  wrote:
>
>> Hi,
>>
>> Carlos Henrique Lima Melara  writes:
>>
>> > Last year I did a small workshop explaining the basics of GPG and
>> > asymetric cryptography to newcomers and helped them to create their
>> > own GPG key so they could join our keysigning party.
>>
>> If you want to create a new OpenPGP key with GnuPG, please make sure to
>> use GnuPG version 2.2.x (i.e. the version available in Debian), not
>> 2.4.x (i.e. the version available in Ubuntu, Fedora, and some other more
>> yolo distributions).
>>
>> If you use GnuPG 2.4.x or newer, you risk creating a non-compliant key,
>> i.e. not an OpenPGP key, but a GnuPG key.
>>
>> Best,
>> Justus
>>


signature.asc
Description: PGP signature

Re: GPG Workshop during DebCamp

[Petter Reinholdtsen]

[Justus Winter]
> GnuPG no longer tracks OpenPGP, but something they call LibrePGP.  If
> you look closely at a certificate created from it, you can see some
> troubling divergences already.  For example, this is from one created
> by GnuPG 2.4.4:

Thank you for the details.  I found https://librepgp.org/ > which
explain their rationale.  Seem to be quite a split in world view in
place here.

-- 
Happy hacking
Petter Reinholdtsen

Re: GPG Workshop during DebCamp

[Justus Winter]

Hi :)

"Jose-Luis Rivas"  writes:

> On Wed Jul 24, 2024 at 10:12 AM -03, Justus Winter wrote:
>>
>> If you use GnuPG 2.4.x or newer, you risk creating a non-compliant key,
>> i.e. not an OpenPGP key, but a GnuPG key.
>>
>
> Hi Justus,
>
> Is there any place where there's more information on these differences?
> I tried googling and I can't find something different than "GnuPG is a
> software implementation of the OpenPGP protocol" nor way to
> differentiate keys that may be non-compliant. pgpdump shows keys created
> with <2.4.x and >=2.4.x as ver 4, and that's it.

GnuPG no longer tracks OpenPGP, but something they call LibrePGP.  If
you look closely at a certificate created from it, you can see some
troubling divergences already.  For example, this is from one created by
GnuPG 2.4.4:

Public-Key Packet, old CTB, 51 bytes
Version: 4
Creation time: 2024-07-11 15:32:07 UTC
Pk algo: EdDSA
Pk size: 256 bits
Fingerprint: 6E4BF25E02FA23B447A68367C0D934AB2CE1FDCB
KeyID: C0D934AB2CE1FDCB

User ID Packet, old CTB, 26 bytes
Value: Bernadette 

Signature Packet, old CTB, 153 bytes
Version: 4
Type: PositiveCertification
Pk algo: EdDSA
Hash algo: SHA512
Hashed area:
  Issuer Fingerprint: 6E4BF25E02FA23B447A68367C0D934AB2CE1FDCB
  Signature creation time: 2024-07-11 15:32:07 UTC
  Key flags: CS
  Key expiration time: P1095D
  Symmetric algo preferences: AES256, AES192, AES128, TripleDES
  AEAD preferences (deprecated): OCB
  Hash preferences: SHA512, SHA384, SHA256, SHA224, SHA1
  Compression preferences: Zlib, BZip2, Zip
  Features: SEIPDv1, AEAD, #2
  Keyserver preferences: no modify
Unhashed area:
  Issuer: C0D934AB2CE1FDCB
Digest prefix: 3ABF
Level: 0 (signature over data)

Public-Subkey Packet, old CTB, 56 bytes
Version: 4
Creation time: 2024-07-11 15:32:07 UTC
Pk algo: ECDH
Pk size: 256 bits
Fingerprint: D698DFADDCC3EE4C31E503A17F6792FAA34132A8
KeyID: 7F6792FAA34132A8

Signature Packet, old CTB, 120 bytes
Version: 4
Type: SubkeyBinding
Pk algo: EdDSA
Hash algo: SHA512
Hashed area:
  Issuer Fingerprint: 6E4BF25E02FA23B447A68367C0D934AB2CE1FDCB
  Signature creation time: 2024-07-11 15:32:07 UTC
  Key flags: EtEr
Unhashed area:
  Issuer: C0D934AB2CE1FDCB
Digest prefix: 654B
Level: 0 (signature over data)

Notably,

  AEAD preferences (deprecated): OCB
  Features: SEIPDv1, AEAD, #2

will invite your peers also running GnuPG 2.4.x or above to send
messages encrypted with their idea of AEAD.  These messages will not be
OpenPGP compliant, and they will not, in general, decrypt with OpenPGP
implementations.  There is another flag set in the preferences, and our
decoder doesn't even know what that should mean, but I'm pretty sure it
is not good to advertise that if you are interested in getting
OpenPGP-compliant messages.

It is true that technically, this certificate is OpenPGP compliant, but
the messages you will receive when advertising these features may not
be.  And, there is no guarantee that future versions will generate
technically compliant certificates.


Best,
Justus


signature.asc
Description: PGP signature

Re: GPG Workshop during DebCamp

[Jose-Luis Rivas]

On Wed Jul 24, 2024 at 10:12 AM -03, Justus Winter wrote:
>
> If you use GnuPG 2.4.x or newer, you risk creating a non-compliant key,
> i.e. not an OpenPGP key, but a GnuPG key.
>

Hi Justus,

Is there any place where there's more information on these differences?
I tried googling and I can't find something different than "GnuPG is a
software implementation of the OpenPGP protocol" nor way to
differentiate keys that may be non-compliant. pgpdump shows keys created
with <2.4.x and >=2.4.x as ver 4, and that's it.

Thanks,

Re: GPG Workshop during DebCamp

[Josh Santos]

Just checked, and luckily it seems Ubuntu LTS uses GPG 2.2 - when I saw
this, was worried my key would have been made incorrectly, but should be
good.

This is all new to me :)

On Wed, Jul 24, 2024, 10:19 PM Justus Winter  wrote:

> Hi,
>
> Carlos Henrique Lima Melara  writes:
>
> > Last year I did a small workshop explaining the basics of GPG and
> > asymetric cryptography to newcomers and helped them to create their
> > own GPG key so they could join our keysigning party.
>
> If you want to create a new OpenPGP key with GnuPG, please make sure to
> use GnuPG version 2.2.x (i.e. the version available in Debian), not
> 2.4.x (i.e. the version available in Ubuntu, Fedora, and some other more
> yolo distributions).
>
> If you use GnuPG 2.4.x or newer, you risk creating a non-compliant key,
> i.e. not an OpenPGP key, but a GnuPG key.
>
> Best,
> Justus
>

Re: GPG Workshop during DebCamp

[Justus Winter]

Hi,

Carlos Henrique Lima Melara  writes:

> Last year I did a small workshop explaining the basics of GPG and
> asymetric cryptography to newcomers and helped them to create their
> own GPG key so they could join our keysigning party.

If you want to create a new OpenPGP key with GnuPG, please make sure to
use GnuPG version 2.2.x (i.e. the version available in Debian), not
2.4.x (i.e. the version available in Ubuntu, Fedora, and some other more
yolo distributions).

If you use GnuPG 2.4.x or newer, you risk creating a non-compliant key,
i.e. not an OpenPGP key, but a GnuPG key.

Best,
Justus


signature.asc
Description: PGP signature

(dpkg) triggers expert at DebCamp?

[David Bremner]

Is there someone at DebCamp who understands triggers to the level of
knowing whether the non-promises about ordering are still current?

If so, Sean and/or I would like to talk.

d

Re: GPG Workshop during DebCamp

[Carlos Henrique Lima Melara]

Hi again,

On Wed, Jul 24, 2024 at 02:57:36PM GMT, Carlos Henrique Lima Melara wrote:
> Last year I did a small workshop explaining the basics of GPG and
> asymetric cryptography to newcomers and helped them to create their
> own GPG key so they could join our keysigning party.
> 
> I'd like to do this again but I'm not seeing as many local newcomers
> around. Would anyone be interested? We can schedule it for tomorrow
> afternoon 3pm.

I've got replies so we are doing it! [1]

We are going to do it tomorrow 10:30 at Hacklab (a.k.a. Bada) because
during the afternoon we already have a workshop by an3as [2].

Cheers,
Charles

[1] https://debconf24.debconf.org/talks/164-gpg-workshop-for-newcomers/
[2] 
https://debconf24.debconf.org/talks/153-creating-web-galleries-including-maps-from-a-geo-tagged-photo-collection/


signature.asc
Description: PGP signature

Re: GPG Workshop during DebCamp

[Grégory Perrin]

I’m interested! 
Sent from my iPhone

> On Jul 24, 2024, at 14:57, Carlos Henrique Lima Melara 
>  wrote:
> 
> Hi,
> 
> Last year I did a small workshop explaining the basics of GPG and
> asymetric cryptography to newcomers and helped them to create their
> own GPG key so they could join our keysigning party.
> 
> I'd like to do this again but I'm not seeing as many local newcomers
> around. Would anyone be interested? We can schedule it for tomorrow
> afternoon 3pm.
> 
> Cheers,
> Charles
> 

GPG Workshop during DebCamp

[Carlos Henrique Lima Melara]

Hi,

Last year I did a small workshop explaining the basics of GPG and
asymetric cryptography to newcomers and helped them to create their
own GPG key so they could join our keysigning party.

I'd like to do this again but I'm not seeing as many local newcomers
around. Would anyone be interested? We can schedule it for tomorrow
afternoon 3pm.

Cheers,
Charles


signature.asc
Description: PGP signature

Looking for roommate during debcamp/debconf

[T K Sourabh]

Hi,

I will be attending debconf/debcamp in September and I have booked
accommodation nearby Infopark,Kochi. The hotel room can house 2 adults and
I was wondering if someone was looking for accommodation to share. Please
feel free to email me if you're looking for accommodation and I can share
more details.

Alternatively if you're looking for a roommate, please let me know since I
have free cancellation on the booking.

Thanks
T K Sourab

Re: DebCamp 22 Daily Announcements (Friday)

[Kapanda Phiri]

Hi All
I have been building Wheel hoes to help smallholder farmers in Zambia for
over a year.
I have successfully built the tool and am now looking at an opportunity to
gain traction.

Please help me raise the money to place my product on the market and help
the 1.5 million smallholder farmers in Zambia.
Visit my website to see my journey at www.lusafarmz.xyz
Support my GoFundMe at: https://gofund.me/22401d28

Thank you in advance and please share my story.

Kind Regards
Kapanda Phiri


On Fri, Jul 15, 2022 at 9:07 PM Stefano Rivera  wrote:

> We're nearing the end of DebCamp, DebConf starts on Sunday.
>
> Network upgrades
> 
> The Noisy hacklab, Lubardhi room, and Drini room have installed
> additional WiFi APs. The uplinks will also be upgraded to Gigabit for
> DebConf.
>
> COVID-19 Safety
> ===
> COVID-19 numbers in Kosovo have been going up in the last few days. We'd
> recommend that you stay away from indoor spaces when out. If you have to
> be, please wear a mask.
>
> There are masks available at the Front Desk. If you need testing, wait
> outside Front Desk and ask for somebody to hand you a kit outside.
>
> Day Trip
> 
> Please add yourself to one of the day trip options on the wiki. Don't
> wait until the last minute, if we need additional busses for a group,
> we'd like to find out soon.
> https://wiki.debian.org/DebConf/22/DayTrip
>
> DebConf Share
> =
> Have you taken photos of DebConf? Share them (and archive them for the
> future) in the debconf22 share repo. This is a git-lfs repo on salsa.
> See the README for instructions:
> https://salsa.debian.org/debconf-team/public/share/debconf22
>
> The dormitory walls have ears
> =
> Please remember that the accommodation dormitory walls are thin. Be
> polite to your neighbours, and let them sleep. They were probably
> playing Mao and drinking rakia until 3am last night. Close doors behind
> you slowly.
> Please don't have loud conversations in the corridors, rooms, or
> anywhere near the accommodation buildings.
>
> Stamps available
> 
> Stamps for post-cards are available at front desk. They cost €0.50 each,
> which we believe is also the flat-rate cost of a postcard to Europe, but
> do check the postage with the post-office, we aren't 100% confident.
>

DebCamp Latin and Balkan dancing festival

[jathan]

Hello everybody,

Due the success of Tursday's Salsa evening and the high demand for
more dancing lessons, tonight and tomorrow the following activities will
take place at the Noisy Hacklab with DJ Jathan:

Saturday July 16th
21:00 hrs. Bachata basic lesson
22:00 hrs. Salsa intermediate lesson
23:00 hrs. - 02:00 hrs. Salsa, Bachata and Balkan dancing party

Sunday July 17th
21:00 hrs. Kizomba basic lesson
22:00 hrs. Bachata or Salsa intermediate lesson
23:00 hrs. - 02:00 hrs. Salsa, Bachata and Kizomba dancing party

Please wear a mask during the lessons due the face to face and body
contact we will have, as well wash your hands at the beginning of each
dancing lesson. For the Salsa intermediate lesson, I suggest to bring
paper and a pen to take some important notes. I share some songs and
videos about Bachata and Kizomba:

https://www.youtube.com/watch?v=v0kAN5x35AQ
https://www.youtube.com/watch?v=p8KdcJ-neRc
https://www.youtube.com/watch?v=S9TfJqccnmA
https://www.youtube.com/watch?v=Zl2m873o4T4

See you at the dancing floor in front of the Bar!
Jathan

-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Jonathan Bustillos
⢿⡄⠘⠷⠚⠋⠀ Debian Developer
⠈⠳⣄⠀

https://wiki.debian.org/jathan

DebCamp Latin and Balkan dancing festival

[jathan]

Hello everybody,

Due the success of Tursday's Salsa evening and the high demand for
more dancing lessons, tonight and tomorrow the following activities will
take place at the Noisy Hacklab with DJ Jathan:

Saturday July 16th
21:00 hrs. Bachata basic lesson
22:00 hrs. Salsa intermediate lesson
23:00 hrs. - 02:00 hrs. Salsa, Bachata and Balkan dancing party

Sunday July 17th
21:00 hrs. Kizomba basic lesson
22:00 hrs. Bachata or Salsa intermediate lesson
23:00 hrs. - 02:00 hrs. Salsa, Bachata and Kizomba dancing party

Please wear a mask during the lessons due the face to face and body
contact we will have, as well wash your hands at the beginning of each
dancing lesson. For the Salsa intermediate lesson, I suggest to bring
paper and a pen to take some important notes. I share some songs and
videos about Bachata and Kizomba:

https://www.youtube.com/watch?v=v0kAN5x35AQ
https://www.youtube.com/watch?v=p8KdcJ-neRc
https://www.youtube.com/watch?v=S9TfJqccnmA
https://www.youtube.com/watch?v=Zl2m873o4T4

See you at the dancing floor in front of the Bar!
Jathan

-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Jonathan Bustillos
⢿⡄⠘⠷⠚⠋⠀ Debian Developer
⠈⠳⣄⠀

https://wiki.debian.org/jathan

Party Posponement DebCamp Latin and Balkan dancing festival

[jathan]

Hello there,

I will not be able to start tonight the first day of the weekend dancing
lessons and festival, so the schedule of tonight will be tomorrow
Saturday starting at 22:00 hrs. An apology and have fun!

Regards
Jathan

-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Jonathan Bustillos
⢿⡄⠘⠷⠚⠋⠀ Debian Developer
⠈⠳⣄⠀

https://wiki.debian.org/jathan

DebCamp Latin and Balkan dancing festival

[jathan]

Hello everybody,

Due the success of yesterday's Salsa evening and the high demand for
more dancing lessons, tonight and tomorrow the following activities will
take place at the Noisy Hacklab with DJ Jathan:

Friday July 15th
22:00 hrs. Bachata basic lesson
23:00 hrs. Salsa intermediate lesson
00:00 hrs. - 02:00 hrs. Salsa, Bachata and Balkan dancing party

Saturday July 16th
22:00 hrs. Kizomba basic lesson
23:00 hrs. Bachata or Salsa intermediate lesson
00:00 hrs. - 02:00 hrs. Salsa, Bachata and Kizomba dancing party

Please wear a mask during the lessons due the face to face and body
contact we will have as well wash your hands at the beginning of each
dancing lesson. I share some songs and videos about Bachata and Kizomba:

https://www.youtube.com/watch?v=v0kAN5x35AQ
https://www.youtube.com/watch?v=p8KdcJ-neRc
https://www.youtube.com/watch?v=S9TfJqccnmA
https://www.youtube.com/watch?v=Zl2m873o4T4

See you at the dancing floor in front of the Bar!
Jathan

-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Jonathan Bustillos
⢿⡄⠘⠷⠚⠋⠀ Debian Developer
⠈⠳⣄⠀

https://wiki.debian.org/jathan

Re: DebCamp activities

[jathan]

On 07/07/2022 08:27, Thomas Lange wrote:
>> On Wed, 06 Jul 2022 22:21:41 +0200, Jonas Smedegaard  
>> said:
> 
> > If not too late, I could add "FRIENDLY GEEK, ASK ME ANYTHING" - but
> > looking now I cannot find where to edit the badge text.
> 
> This reminds me of an idea I had in the past.
> Why not set up a "ask me anything, anytime" table with a big sign. So
> all people (esp. people new to debconf) are welcome to ask
> people at this table knowing that they do no disturb anyone.
> 
> I often find it hard to go to people if they are working on their
> computer and ask them, because I might disturb them.
> 
> This may be a permanent table, or we might set up this table for some
> "office hours".
I think it is a great proposal and that permanent table with a sign have
to exist in every DebConf. It is really a nice idea Thomas,

Regards
Jathan

-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Jonathan Bustillos
⢿⡄⠘⠷⠚⠋⠀ Debian Developer
⠈⠳⣄⠀

https://wiki.debian.org/jathan

Re: DebCamp activities

[Jathan]

I think it is a great proposal and that permanent table have to exist in every 
DebConf. It is really a nice idea Thomas,

Regards
Jathan

Re: DebCamp activities

[Thomas Lange]

> On Wed, 06 Jul 2022 22:21:41 +0200, Jonas Smedegaard  
> said:

> If not too late, I could add "FRIENDLY GEEK, ASK ME ANYTHING" - but
> looking now I cannot find where to edit the badge text.

This reminds me of an idea I had in the past.
Why not set up a "ask me anything, anytime" table with a big sign. So
all people (esp. people new to debconf) are welcome to ask
people at this table knowing that they do no disturb anyone.

I often find it hard to go to people if they are working on their
computer and ask them, because I might disturb them.

This may be a permanent table, or we might set up this table for some
"office hours".
-- 
regards Thomas

Re: DebCamp activities

[jathan]

On 06/07/2022 12:31, Enkelena Haxhiu wrote:
> Hi,
> 
>  
> 
> During DebCamp we may have people not involved in Debian who want to
> attend and get to know the community.
> 
>  
> 
> There might be students and people eager to learn, so my question is if
> people are open to give random explanations or maybe some ad-hoc short
> workshops on demand?
> 
>  
> 
> Would be great to know actual names we could talk to when you arrive. So
> feel free to reply here.
> 
>  
> 
> Ideas how to implement such a thing are very welcome.
> 
>  
> 
> Regards,
> 
> Enkelena
> 
>  
> 
>  
> 
That sounds wonderful! I will share dancing workshops of Salsa, Bachata
and Kizomba the whole week with them :D Just joking. I can participate
since Sunday July 10th with workshops and explanations about the Debian
Project, Reproducible Builds, Debian on Mobile and Debian Academy.
Please register my name Jonathan Bustillos for such activities for
anyone interested,

Regards!
Jathan

-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Jonathan Bustillos
⢿⡄⠘⠷⠚⠋⠀ Debian Developer
⠈⠳⣄⠀

https://wiki.debian.org/jathan

Re: DebCamp activities

[Thomas Goirand]

On 7/6/22 22:58, Anastasios Lisgaras wrote:

On 7/6/22 19:31, Enkelena Haxhiu wrote:
If there are interested people, I can also organize a basic course on 
Linux Commands, based on this: https://ocw.fs.al/course/view.php?id=23 

It is not quite related to Debian, but it should be good enough for 
beginners.
It is better to create an event somewhere, where people can register, 
so that we can have an idea about how many people could participate, 
to notify them about the meeting times, etc..


We can also talk privately about the organization details, if these 
proposals seem interesting.


Regards,
Dashamir




Nice idea, if you want help, ping me, I will be happy if  I am able to 
help.
I think it would be a nice idea to have an organized presentation 
somewhere with collected material. Just so we know where it's better to 
start and what not to forget to mention.




If you do it after Wednesday (that's when I arrive), then maybe my kids 
will be interested. I can translate (in real time) to them what you say, 
if you think that works.


Cheers,

Thomas Goirand (zigo)

Re: DebCamp activities

[Evangelos Ribeiro Tzaras]

On Wed, 2022-07-06 at 21:25 +, Holger Levsen wrote:
> On Wed, Jul 06, 2022 at 07:31:26PM +0200, Enkelena Haxhiu wrote:
> > During DebCamp we may have people not involved in Debian who want to attend
> > and get to know the community.
> [...] 
> > Ideas how to implement such a thing are very welcome.
> 
> for the Debian events in Hamburg Gregor proposed and organized daily standup
> meetings at a *regular* time (15:00 localtime) where everyone (who wanted)
> very briefly (in 15s-60s usually) said their name and what they were working
> on or where they needed help or wanted to give help... 

> those were really cool
> and I expect this would also work well for DebCamps. :)

ACK!

-- 
Cheers,

Evangelos
PGP: B938 6554 B7DD 266B CB8E 29A9 90F0 C9B1 8A6B 4A19

Re: DebCamp activities

[Holger Levsen]

On Wed, Jul 06, 2022 at 07:31:26PM +0200, Enkelena Haxhiu wrote:
> During DebCamp we may have people not involved in Debian who want to attend
> and get to know the community.
[...] 
> Ideas how to implement such a thing are very welcome.

for the Debian events in Hamburg Gregor proposed and organized daily standup
meetings at a *regular* time (15:00 localtime) where everyone (who wanted)
very briefly (in 15s-60s usually) said their name and what they were working
on or where they needed help or wanted to give help... those were really cool
and I expect this would also work well for DebCamps. :)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

We need to learn to live with cholera. What is the alternative? Breaking up
all streets, building drainage with toilets in every building? (@tadeas_)


signature.asc
Description: PGP signature

Re: DebCamp activities

[Anastasios Lisgaras]

On 7/6/22 19:31, Enkelena Haxhiu wrote:
There might be students and people eager to learn, so my question is if 
people are open to give random explanations or maybe some ad-hoc short 
workshops on demand?


Would be great to know actual names we could talk to when you arrive. So 
feel free to reply here.


Very nice that it will happen and a very nice idea.
I am willing and glad if I can help with this.


On 7/6/22 21:23, Dashamir Hoxha wrote:
On Wed, Jul 6, 2022 at 7:31 PM Enkelena Haxhiu Enkelena, I will be present (hopefully) during the DebCamp.

I am ready to help people install Debian, if they wish.


Nice idea! I am also be there during the Debcamp.
I think I can help with that too.

If there are interested people, I can also organize a basic course on 
Linux Commands, based on this: https://ocw.fs.al/course/view.php?id=23 
<https://ocw.fs.al/course/view.php?id=23>
It is not quite related to Debian, but it should be good enough for 
beginners.
It is better to create an event somewhere, where people can register, so 
that we can have an idea about how many people could participate, to 
notify them about the meeting times, etc..


We can also talk privately about the organization details, if these 
proposals seem interesting.


Regards,
Dashamir




Nice idea, if you want help, ping me, I will be happy if  I am able to help.
I think it would be a nice idea to have an organized presentation 
somewhere with collected material. Just so we know where it's better to 
start and what not to forget to mention.


--
Kind regards,
Anastasios Lisgaras
Open Source Software Engineer.
🔗 Keybase: https://keybase.io/tas_sos
📜 GnuPG Fingerprint: 5003 03E8 CA50 1878 06D9 3AEA FC25 8330 FE34 8E41
🖊️ Use plain text => https://useplaintext.email/

Re: DebCamp activities

[Jonas Smedegaard]

Quoting Enkelena Haxhiu (2022-07-06 19:31:26)
> During DebCamp we may have people not involved in Debian who want to attend
> and get to know the community.
> 
> There might be students and people eager to learn, so my question is if
> people are open to give random explanations or maybe some ad-hoc short
> workshops on demand?
> 
> Would be great to know actual names we could talk to when you arrive. So
> feel free to reply here.

I am happy to give random explanations.

I will not commit to more formal workshops, however.

If not too late, I could add "FRIENDLY GEEK, ASK ME ANYTHING" - but
looking now I cannot find where to edit the badge text.

(also, at the badge preview the back side info is still for Debconf19).


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Re: DebCamp activities

[Dashamir Hoxha]

On Wed, Jul 6, 2022 at 7:31 PM Enkelena Haxhiu  wrote:

> Hi,
>
>
>
> During DebCamp we may have people not involved in Debian who want to
> attend and get to know the community.
>
>
>
> There might be students and people eager to learn, so my question is if
> people are open to give random explanations or maybe some ad-hoc short
> workshops on demand?
>
>
>
> Would be great to know actual names we could talk to when you arrive. So
> feel free to reply here.
>
>
>
> Ideas how to implement such a thing are very welcome.
>

Enkelena, I will be present (hopefully) during the DebCamp.
I am ready to help people install Debian, if they wish.

If there are interested people, I can also organize a basic course on Linux
Commands, based on this: https://ocw.fs.al/course/view.php?id=23
It is not quite related to Debian, but it should be good enough for
beginners.
It is better to create an event somewhere, where people can register, so
that we can have an idea about how many people could participate, to notify
them about the meeting times, etc..

We can also talk privately about the organization details, if these
proposals seem interesting.

Regards,
Dashamir


>
>
> Regards,
>
> Enkelena
>
>
>
>
>

Re: DebCamp activities

[Sruthi Chandran]

On 6 July 2022 7:31:26 pm GMT+02:00, Enkelena Haxhiu  
wrote:
>Hi,
>
>
>
>During DebCamp we may have people not involved in Debian who want to attend
>and get to know the community.
>
>
>
>There might be students and people eager to learn, so my question is if
>people are open to give random explanations or maybe some ad-hoc short
>workshops on demand?
>
>
>
>Would be great to know actual names we could talk to when you arrive. So
>feel free to reply here.
>
>
>
>Ideas how to implement such a thing are very welcome.
>
Enkelenah,

Some of us have an idea of a Debian bootcamp during DebCamp. I was supposed to 
propose it earlier, but could not do it. I will do it today. But I'm not sure I 
when I can make it to DebCamp (wrt visa situation).

>
>
>Regards,
>
>Enkelena

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

DebCamp activities

[Enkelena Haxhiu]

Hi,



During DebCamp we may have people not involved in Debian who want to attend
and get to know the community.



There might be students and people eager to learn, so my question is if
people are open to give random explanations or maybe some ad-hoc short
workshops on demand?



Would be great to know actual names we could talk to when you arrive. So
feel free to reply here.



Ideas how to implement such a thing are very welcome.



Regards,

Enkelena

Re: DebCamp

[Luna Jernberg]

Hey!

Some people have started Debcamping on Jitsi and IRC:
https://jitsi.debian.social/DebConf2021
#debconf #debcamp @ irc.debian.org

Don't have time to join now as i have another personal meeting, but will
join later during the day

On Mon, Aug 16, 2021 at 7:46 AM Luna Jernberg  wrote:

> Will attend, this is my second Debcamp Online
>
> On Mon, Aug 16, 2021 at 12:50 AM Jonas Smedegaard  wrote:
>
>> Quoting InfoWiki (2021-08-15 22:55:48)
>> > Hi, it's the first time I register in DebConf. ¿What's DebCamp? ¿Where
>> I can found information/schedule about it?
>> >
>> > Hola, es la primera vez que me registro para la DebConf. ¿Qué es
>> DebCamp? ¿Dónde puedo encontrar información y el programa de la misma?
>>
>> This is a good introduction: https://wiki.debian.org/DebCamp
>>
>> Welcome :-)
>>
>>  - Jonas
>>
>> --
>>  * Jonas Smedegaard - idealist & Internet-arkitekt
>>  * Tlf.: +45 40843136  Website: http://dr.jones.dk/
>>
>>  [x] quote me freely  [ ] ask before reusing  [ ] keep private
>
>

Re: DebCamp

[Luna Jernberg]

Will attend, this is my second Debcamp Online

On Mon, Aug 16, 2021 at 12:50 AM Jonas Smedegaard  wrote:

> Quoting InfoWiki (2021-08-15 22:55:48)
> > Hi, it's the first time I register in DebConf. ¿What's DebCamp? ¿Where I
> can found information/schedule about it?
> >
> > Hola, es la primera vez que me registro para la DebConf. ¿Qué es
> DebCamp? ¿Dónde puedo encontrar información y el programa de la misma?
>
> This is a good introduction: https://wiki.debian.org/DebCamp
>
> Welcome :-)
>
>  - Jonas
>
> --
>  * Jonas Smedegaard - idealist & Internet-arkitekt
>  * Tlf.: +45 40843136  Website: http://dr.jones.dk/
>
>  [x] quote me freely  [ ] ask before reusing  [ ] keep private

Re: DebCamp

[InfoWiki]

 Thanks Gregor, Jonas and Eduardo!
Very clear introduction and description.

Sergio


El domingo, 15 de agosto de 2021 20:15:36 ART, gregor herrmann 
 escribió:  
 
 On Mon, 16 Aug 2021 00:41:00 +0200, Jonas Smedegaard wrote:

> > Hi, it's the first time I register in DebConf. ¿What's DebCamp? ¿Where I 
> > can found information/schedule about it?
> This is a good introduction: https://wiki.debian.org/DebCamp

Also https://wiki.debian.org/DebConf/21/DebCamp
A bit empty, but DebCamp is self-organized.

(And, IMO, in the online version a bit of a phantasm.)


Cheers,
gregor

-- 
 .''`.  https://info.comodo.priv.at -- Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
  `-  
  

Re: DebCamp

[gregor herrmann]

On Mon, 16 Aug 2021 00:41:00 +0200, Jonas Smedegaard wrote:

> > Hi, it's the first time I register in DebConf. ¿What's DebCamp? ¿Where I 
> > can found information/schedule about it?
> This is a good introduction: https://wiki.debian.org/DebCamp

Also https://wiki.debian.org/DebConf/21/DebCamp
A bit empty, but DebCamp is self-organized.

(And, IMO, in the online version a bit of a phantasm.)


Cheers,
gregor

-- 
 .''`.  https://info.comodo.priv.at -- Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
   `-   


signature.asc
Description: Digital Signature

Re: DebCamp

[Jonas Smedegaard]

Quoting InfoWiki (2021-08-15 22:55:48)
> Hi, it's the first time I register in DebConf. ¿What's DebCamp? ¿Where I can 
> found information/schedule about it?
> 
> Hola, es la primera vez que me registro para la DebConf. ¿Qué es DebCamp? 
> ¿Dónde puedo encontrar información y el programa de la misma?

This is a good introduction: https://wiki.debian.org/DebCamp

Welcome :-)

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

DebCamp

[InfoWiki]

Hi, it's the first time I register in DebConf. ¿What's DebCamp? ¿Where I can 
found information/schedule about it?

Hola, es la primera vez que me registro para la DebConf. ¿Qué es DebCamp? 
¿Dónde puedo encontrar información y el programa de la misma?
Sergio

Re: [DebCamp Announcements] Sunday

[Paulo Henrique de Lima Santana]

Hi,

On 14/07/2019 11:21, Jonathan Carter wrote:
> 
> * Remember that for today (Sunday local universe time) front desk is not
> available yet. Don't go to the university, the hack lab is on the 13th
> floor of the Nacional Inn Hotel and is open to everyone. It's the "very
> noisy hacklab" so follow the voices once you've reached the 13th floor.
There is a room called "Morretes" on the 12o floor reservated to be our
quiet hacklab.
If you need to use it, just take the key on the 13th floor.

Best regards,


Paulo Henrique de Lima Santana (phls)
Curitiba - Brasil
Debian Developer
Diretor do Instituto para Conservação de Tecnologias Livres
Membro da Comunidade Curitiba Livre
Site: http://www.phls.com.br
GNU/Linux user: 228719  GPG ID: 0443C450

Organizador da DebConf19 - Conferência Mundial de Desenvolvedores(as) Debian
Curitiba - 21 a 28 de julho de 2019
http://debconf19.debconf.org



signature.asc
Description: OpenPGP digital signature

Re: [DebCamp Announcements] Sunday

[Luna Jernberg]

Joined the irc channel on OFTC and will watch the stream when it starts
tomorrow

On Sun, Jul 14, 2019 at 4:30 PM Jonathan Carter  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
>
> Hi!
>
> Even if you come to DebCamp/DebConf at a later stage, it's usually a
> good idea to glance through all of them since some information will be
> useful later on. We'll try to keep FAQ's and other docs up to date if
> possible.
>
> == 2019-07-14 ==
>
> === Information specific to today ===
>
> * Remember that for today (Sunday local universe time) front desk is not
> available yet. Don't go to the university, the hack lab is on the 13th
> floor of the Nacional Inn Hotel and is open to everyone. It's the "very
> noisy hacklab" so follow the voices once you've reached the 13th floor.
> * For your meal tickets on Sunday, talk to Taowa. If you don't know who
> Taowa is, ask anyone else around and they will point him out to you.
>
> === Important accommodation information ===
>
> * Don't put Toilet Paper down the toilet in Brazil, read the notice
> above the toilet and use the bins provided.
>
> * Remember that the items in the mini-bar fridge are not free of charge,
> see the pricing above the mini-bar. Co-ordinate with your room-mate if
> you find yourself having to use anything from there so that you know
> what to pay when you check-out.
>
> Have a good DebCamp!
>
> - -DebConf19 Team
> -BEGIN PGP SIGNATURE-
>
> iQIzBAEBCgAdFiEExyA8CpIGcL+U8AuxsB0acqyNyaEFAl0rOl0ACgkQsB0acqyN
> yaHP7BAAuw82gdL3sBIt8kgPKiO/rtb9DGBagoi+CnFvogvMs/LRwNCbOxy1d33P
> H2Smu0kJ2Iz4vXNLAKCrA5TsY7/Xdlkuw5PeJNMiLwS1kRs3Aq9JOshPPEZNLMJh
> yBmUb/vg8TvYeZRPWAHLPLpljCVtTljVv9Ekn1VtRTS5VJTpVYUFDQ/tjFssDy5w
> m8X7kD3QZKtjP0/nb6lOZJL4bVz2VVSrzNWmuxjX/wT+d674BhXgPehhADN6i7Cg
> SITMQFh/3vdSVTK0zUS02bsncZAgQXXj6AJJMIIsHuT0wPpAJVWMZ0CbWTOiqGsZ
> tmqG+ZkKmCXFd/+MnWs+lYQZvdyQuTHUeATF3KkcZ8aOtYV40dQq7j4DB+uifPJD
> 01XC38llXYtjF9JDX1TZw8uzl7pqpSU2g9l8FPof1tXM5zy2GCsv+k1DURlOs+3D
> mDp5VfLKxZI17nyTXBQZqKEHQqj2QAT+qhRNkz0nSuyydlf/V3DAZs1AvWalLh1D
> IFSLoqI6w270UbLNg6HGabGvsksakDt6S0emMZTyLQZW82vSyGZrOVUKzU9/Clip
> xM/ixg1rjk0IyK3WTzGVizDLupAybCbfu1SuSzEPDKJsxzYQVzOH7bpzBfjKYZZ4
> TC3EVGa4PlkfCJzudKDMvGtm87YPoMrlAp1Vj1iNkqOxx+3OHF0=
> =YJKn
> -END PGP SIGNATURE-
>
>

warmer hacklabs (Re: DebCamp Announcements for 2018-07-25)

[Holger Levsen]

On Wed, Jul 25, 2018 at 12:04:01PM +0200, Jonathan Carter (highvoltage) wrote:
> We currently have no plans to augment ES203 (Quiet Hacklab), ES510
> (Another Hacklab) or ES815 (Yet Another Hacklab).

can we make those hacklabs warmer than the noisy hacklab? 30 degrees or
at least 28 would be, ahem, cool!


-- 
cheers,
Holger


signature.asc
Description: PGP signature

Re: Taking the bus from Hsinchu station on the first day of DebCamp

[Chris Lamb]

Hi Sean,

> > I'm taking the bus to the venue from Hsinchu station sometime around
> > late morning/midday on the first day of DebCamp.  I'll be coming from
> > central Taipei.
> 
> Subject line was incorrect: first day of Deb*Camp*.

The following wiki page may help canonicalise such arrangements:

  https://wiki.debconf.org/wiki/DebConf18/TravelCoordination


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Taking the bus from Hsinchu station on the first day of DebCamp

[Sean Whitton]

Hello,

On Tue, Jul 10 2018, Sean Whitton wrote:

> I'm taking the bus to the venue from Hsinchu station sometime around
> late morning/midday on the first day of DebCamp.  I'll be coming from
> central Taipei.

Subject line was incorrect: first day of Deb*Camp*.

-- 
Sean Whitton