Re: ratt as a service?
I've made some progress on a service for this during a GSOC project: - https://salsa.debian.org/autodeb-team/autodeb-packaging - https://auto.debian.net/ (expired ssl cert - sorry) Managing a service like this takes a lot of energy and time. GSOC would allow me to work on it full time, but I could never find the time to manage it outside of that. I'd be willing to give tips to anyone who would want to pick it up, or give ideas if you decide to start fresh. I'd even be willing to mentor a GSOC project on it. Cheers, -- Alexandre Viau av...@debian.org
Re: FTP Team -- call for volunteers
On Sat, Mar 14, 2020 at 4:38 PM Sean Whitton wrote: > > Hello everyone, > > The FTP Team is seeking volunteers to train to become FTP Assistants. Hello Sean, I'd like to volunteer. I remember answering to a call for volunteers in 2018. I was told that I would be contacted for the next steps and it never happened. I hope this time is different! Thank you for taking the time to help bring in new blood to this team. Cheers, -- Alexandre Viau av...@debian.org
Re: Sending using my @debian.org in gmail
On 2018-12-01 3:43 a.m., Marc Haber wrote: > On Fri, 30 Nov 2018 17:32:23 -0500, Alexandre Viau > wrote: >> I shouldn't have said that, I just didn't want to overstate the security >> of a setup like this as I am not an email expert :) > > The people running the Debian mail system _are_ mail experts. I haven't criticized anyone's work, this is just a discussion. > You should trust them do to a good job instead of reciting "spam filter" > marketing slides. This comment brings nothing to the discussion. I don't know why your tone is suddenly so aggressive. > Spam hasn't broken e-mail in two decades. Spam fighters are on a good > way to finally kill off e-mail. Of course, nothing less. -- Alexandre Viau av...@debian.org signature.asc Description: OpenPGP digital signature
Re: Sending using my @debian.org in gmail
On 2018-11-30 5:29 p.m., Paul Wise wrote: > On Fri, 2018-11-30 at 17:17 -0500, Alexandre Viau wrote: > >> DMARC, SPF and DKIM can be used together prevent almost all scenarios >> of debian.org email spoofing. > > Which spoofing scenarios are not covered by this combination? Ah, none that I know of. I shouldn't have said that, I just didn't want to overstate the security of a setup like this as I am not an email expert :) -- Alexandre Viau av...@debian.org signature.asc Description: OpenPGP digital signature
Re: Sending using my @debian.org in gmail
On 2018-11-30 4:58 p.m., Paul Wise wrote: > On Sat, Dec 1, 2018 at 1:49 AM Alexandre Viau wrote: > >> Debian can specify which servers it sends emails from and ask mail >> servers around the world to only accept emails from these servers and >> discard the others. > > Does this break the bounce/resend/redirect feature of various MUAs? > i.e., arbitrary parties must be able to redirect mail they have > received from d.o addresses to other parties via arbitrary SMTP > servers, with everyone still able to differentiate between forged d.o > mail and mail sent through d.o but redirected later by arbitrary > parties. DMARC/SPF don't have to deny bounces to achieve good security as long as the original email was sent from a Debian MTA and signed with DKIM. You can use DMARC to say that all outgoing Debian emails will be signed by a domain key. This means: If there is an email signed by debian.org's domain key that pretends to come from av...@debian.org, then the owner of the debian.org domain has done due diligence to verify that aviau actually wanted to send that email (for example by allowing me to set an SMTP password in db.debian.org). Read about DKIM here: - https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail DKIM was actually used in the past verify that leaked emails were legit: - https://wikileaks.org/DKIM-Verification.html DMARC, SPF and DKIM can be used together prevent almost all scenarios of debian.org email spoofing. Cheers, -- Alexandre Viau av...@debian.org signature.asc Description: OpenPGP digital signature
Re: Sending using my @debian.org in gmail
On 2018-11-30 12:59 p.m., Jeremy Stanley wrote: > On 2018-11-30 12:49:02 -0500 (-0500), Alexandre Viau wrote: > [...] >> If we wanted, we could largely limit this with more restrictive >> debian.org DNS records. > [...] > > _And_ restrict those with @debian.org addresses to only sending them > through specific MTAs. Received headers indicate your message to > which I'm responding, just for example, was sent through GMail so > the change you're suggesting would preclude your current pattern of > E-mail usage. Of course. I just want to make sure that we know this is a choice. Debian could provide MTAs and force DDs to use them if they want to send from a @debian email. I would consider this reasonable. DMARC allows to do this very slowly and progressively with warnings and such. The "flexibility" of sending mails from any MTA isn't really relevant if you ask me. I could configure gmail to send mails trough Debian-hosted SMTP servers and still use gmail to send my emails. The real answer to "everyone can send from debian.org addresses" isn't: "this is a generic email problem". The answer is: "Debian has this problem because it wants to support everyone's workflows and configs". It just isn't true that the common user wants to be able to send emails from any MTA. Power users might, but the common user is happy to configure its mail client however you tell him to. Cheers, -- Alexandre Viau av...@debian.org signature.asc Description: OpenPGP digital signature
Re: Sending using my @debian.org in gmail
On 2018-11-30 9:29 a.m., Roberto C. Sánchez wrote: > That is just how email works. With the help of a cooperating mail > server (which is trivial to setup) anybody in the world can send mail > with any from address that they wish. This problem is not unique to > Debian. Yes and no. It is true that others are vulnerable, but this is a choice that Debian makes and it can be fixed. If we wanted, we could largely limit this with more restrictive debian.org DNS records. When a mail server accepts incoming emails, it has the responsibility of checking the mail comes from. Debian can specify which servers it sends emails from and ask mail servers around the world to only accept emails from these servers and discard the others. This is done trough DNS, with DMARC and SPF records: - https://en.wikipedia.org/wiki/Sender_Policy_Framework - https://en.wikipedia.org/wiki/DMARC Currently, Debian does not publish such records so it opts out from this protection. == SPF example == I use gmail to send mails from alexan...@alexandreviau.net. alexandreviau.net has the following TXT record: - "v=spf1 include:_spf.google.com ~all" It reads: - version: spf1 - include google's SPF config, effectively authorizing everything that google asks to authorize. - ~ "SoftFail": don't take this rule too seriously but consider it when filtering spam - "all": match all addresses (not sure if we can specify one or groups..) If I wanted, I could change "~all" to "-all" in my spf config, asking mail servers to discard every emails that pretends to be from alexandreviau.net but wasn't sent from google servers. Cheers, -- Alexandre Viau av...@debian.org signature.asc Description: OpenPGP digital signature
Bug#911195: ITP: dxvk -- Vulkan-based translation layer for Direct3D 10/11
Package: wnpp Severity: wishlist Owner: Alexandre Viau X-Debbugs-CC: debian-devel@lists.debian.org * Package name: dxvk Version : 0.90-1 Upstream Author : Philip Rebohle * URL : https://github.com/doitsujin/dxvk * License : Expat Programming Lang: C++ Description : Vulkan-based translation layer for Direct3D 10/11 which allows running 3D applications on Linux using Wine. This allows Debian gamers to enjoy much better performances in Direct3D games using Wine. I am still unsure which team this would fit in the best, let me know. Cheers, -- Alexandre Viau av...@debian.org signature.asc Description: OpenPGP digital signature
Re: Problem sending my key to keyring.debian.org
On 2018-10-02 9:10 p.m., Seth Arnold wrote: > Second, the keyservers all communicate with each other. If one is down, > aim for another. e.g. keyserver.ubuntu.com or other choices from keyring.debian.org pulls updates from the keyserver network? I wasn't sure, and I would always send to keyring.debian.org separately. Cheers, -- Alexandre Viau av...@debian.org signature.asc Description: OpenPGP digital signature
Re: Sending using my @debian.org in gmail
On 2018-10-02 8:52 p.m., Joseph Herlant wrote: > Hi guys, > > Wondering if anybody here succeeded to configure your debian email in > the "Send mail as" configuration in gmail (for the gmail users). If so > do you have tips on how you didi it? I did. > My main problem seems to be that gmail forces the authentication and > master.debian.org doesn't allow it. It returns: "Unspecified Error > (SENT_SECOND_EHLO): Smtp server does not advertise AUTH capability, > code: 0" It looks like you are trying to use Debian smtp servers. I just use smtp.gmail.com. There is a Gmail trick where you can add one send-as email and provide smtp.gmail.com credentials. You might have to create an app password. I think that this guide does something similar to what I did: - https://blog.alexlenail.me/i-want-to-send-emails-from-my-google-domains-email-through-gmail-992bb3eae4c9 Let me know if this works out for you. Cheer, -- Alexandre Viau av...@debian.org signature.asc Description: OpenPGP digital signature
Re: MemberBenefits - Steam Keys (Was: Bits from the DPL (May 2018))
No, I have not received a reply. Cheers, On 2018-07-21 07:40 PM, Samuel Henrique wrote: > Hello everyone, > > I sent an email on 1st June (when this thread started) > to debian-steam[a]collabora.com <http://collabora.com> requesting it > but got no response. > Is it still going? > > Did you receive a reply Alexandre? > > Thanks > > On Fri, 1 Jun 2018 at 16:10, Alexandre Viau <mailto:av...@debian.org>> wrote: > > On 2018-06-01 01:22 PM, Andrej Shadura wrote: > > The benefit should still be valid. The person responsible for it is > > already looking into it, expect a reply shortly ;) > > Great, thanks :)! > > -- > Alexandre Viau > av...@debian.org <mailto:av...@debian.org> > > > > > -- > Samuel Henrique -- Alexandre Viau av...@debian.org signature.asc Description: OpenPGP digital signature
Re: MemberBenefits - Steam Keys (Was: Bits from the DPL (May 2018))
On 2018-06-01 01:22 PM, Andrej Shadura wrote: > The benefit should still be valid. The person responsible for it is > already looking into it, expect a reply shortly ;) Great, thanks :)! -- Alexandre Viau av...@debian.org signature.asc Description: OpenPGP digital signature
MemberBenefits - Steam Keys (Was: Bits from the DPL (May 2018))
On 2018-05-31 12:33 PM, Chris Lamb wrote: > [11] https://wiki.debian.org/MemberBenefits Oh, this reminds me of something. Has anyone gotten replies to their requests sent to debian-st...@collabora.com for the Steam subscriptions mentioned in the MemberBenefits page? I think that I have sent two mails in the past 3 years but have gotten no responses. Should we remove this benefit from the wiki page? Or do we have someone to contact about it? Cheers, -- Alexandre Viau av...@debian.org signature.asc Description: OpenPGP digital signature
Re: Git Service for Debian (was Re: Next steps for gitlab.debian)
On 29/07/16 11:36 AM, Julien Cristau wrote: > On Fri, Jul 29, 2016 at 20:53:48 +0530, Balasankar C wrote: >> When did we (i.e Debian) finalize on using Pagure? I think, we should first >> fix >> a solution and then start working on that. Or, we would be going the same way >> as of GitLab. >> > That seems like a pretty failsafe way of never actually doing anything. +1 Feel free to keep discussing here if you think this is useful, but please lets move on with Pirate's request for shukra.debian.org. -- Alexandre Viau av...@debian.org signature.asc Description: OpenPGP digital signature
Re: Next steps for gitlab.debian (Re: GitLab B.V. to host free-software GitLab for Debian project)
On 29/07/16 11:12 AM, Alexander Wirt wrote: > I also looked into pagure and I see two problems: it is not packaged Relevant bug: https://bugs.debian.org/829046 I will contribute to this. Cheers, -- Alexandre Viau av...@debian.org signature.asc Description: OpenPGP digital signature
Re: Next steps for gitlab.debian (Re: GitLab B.V. to host free-software GitLab for Debian project)
On 28/07/16 02:40 AM, Pirate Praveen wrote: > At this point, I'm dropping work on gitlab for debian and moving to less > controversial alternative pagure. Pagure looks great and I am happy to see that we are finally moving towards something that (more) people agree with. Thank you for your efforts, I am impressed that you still want to work on this project even if we are not going to use Gitlab. Once again, I would like to mention that I want to help this move forward as I consider it very important. Is there a list of things that have to be done where I can give a hand? Cheers, -- Alexandre Viau av...@debian.org signature.asc Description: OpenPGP digital signature
Re: Pagure and Gitolite for project+code hosting
On 09/06/16 12:21 PM, Alexander Wirt wrote: > On Thu, 09 Jun 2016, Ben Finney wrote: > >> Ben Finney writes: >> >>> Barry Warsaw writes: >>> >>>> Another possible option is Pagure >>>> https://pagure.io/ >>> >>> Wow, that's an attractive option. Thanks! >> >> Recently reviewed at Linux Weekly News: “Pagure and Fedora” >> https://lwn.net/Articles/687821/>. >> >>>> Written in Python and developed by Fedora. >>> >>> Apropos the discussions in this thread: [Pagure] uses Gitolite >>> https://docs.pagure.org/pagure/overview.html> as its component >>> for managing access to repositories. >> >> >From what little I've seen in the architecture documents, it appears >> Pagure is quite modular – interoperating service programs with decent >> protocols between them – and actively resists the monolithic nature of >> GitLab. >> >> Hopefully this makes it rather more attractive to Debian Project sys >> admins. > Indeed, I should give it a try. Indeed, this looks like a great option. Alex, I am always available to help if that is needed. -- Alexandre Viau av...@debian.org signature.asc Description: OpenPGP digital signature
Re: Next steps for gitlab.debian (Re: GitLab B.V. to host free-software GitLab for Debian project)
On 08/06/16 10:17 AM, Ole Streicher wrote: > Alexandre Viau writes: >> - DDs login with Debian SSO and upload their public key on the web inteface > > Just a question: aren't there already SSH keys in ldap, and can't these > be re-used? If that is possible, then yes! It would be great. But this could be complicated due to the fact that -guest accounts don't come from the same source. I haven't looked into it. -- Alexandre Viau av...@debian.org signature.asc Description: OpenPGP digital signature
Re: Next steps for gitlab.debian (Re: GitLab B.V. to host free-software GitLab for Debian project)
On 08/06/16 07:57 AM, Alexander Wirt wrote: > On Wed, 08 Jun 2016, Antonio Terceiro wrote: > >> On Wed, Jun 08, 2016 at 09:47:56AM +0200, Alexander Wirt wrote: >> for authentication, I think you should probably use the Debian SSO with >> client certificates: >> https://wiki.debian.org/DebianSingleSignOn > Nope, thats http only and doesn't cover ssh. Client certificates also have > several problems, see enricos mails for details about it. Alioth accounts are first created on the web interface and then users upload their SSH keys. I don't see why we wouldn't do the same with gitlab? I can see the following: - DDs login with Debian SSO and upload their public key on the web inteface - Debian Contributors are able to create -guest a account and upload theur public key on the web interface -- Alexandre Viau av...@debian.org signature.asc Description: OpenPGP digital signature
Re: Generating upstream version from git history with uscan
Hello! On 08/06/16 09:13 AM, Mo Zhou wrote: > I read all the uscan examples, and it seems that uscan > works basing on http and ftp only. That is to say uscan > will not scan Git repos so the above demand won't be > satisfied. `man uscan` will tell you that there is a `git mode`. Unfortunately, this mode is only able to read version numbers from tags and not generate version numbers by reading git commit dates and such. I have opened a bug on uscan for this: #811565 [1]. Please take a look at it and redirect the discussion there. I would love to see someone working on this, as this is a feature that would be much needed in the go packaging team. Cheers, 1. https://bugs.debian.org/811565 -- Alexandre Viau av...@debian.org signature.asc Description: OpenPGP digital signature
Re: Next steps for gitlab.debian (Re: GitLab B.V. to host free-software GitLab for Debian project)
On 07/06/16 01:51 PM, Antonio Terceiro wrote: > Fair enough. One cannot plan to replace a service that is maintained by > someone else, specially when that someone still has plans to maintain it > _and_ disagrees with the replacement. git.debian.org is an important service widely used within the project. The fact that the maintainer does not agree with migrating to another technology is one thing but for the good of everyone using it we should consdier all options. > Also, DSA's wish to keep the number of services down to the minimum > necessary and avoid redundancy is completely reasonable. For this reason, we should consider moving everything to gitlab. > OTOH, in my opinion the status of alioth today is hurting the project. I I completely agree. Better tools with better user interfaces like Gitlab will greatly help us ease the process of contributing to Debian. > Praveen, I think you could call this new thing something like > labs.debian.net. pkgs.debian.net (the fedora git server is called > pkgs.fedoraproject.org), of even dev.debian.net. +1 for dev.debian.net Gitlab is more than just a git service. When and if this moves to dev.debian.org, I also see it being possible to translate git.debian.org links so that they still work. Tools like Gitlab will be very important for the project. They will play a great role in improving the new contributor experience. I hope that the effect of this is more contributions to Debian. If there are ways in which I can help maintain and setup the new service, I would like to volunteer some of my time. Please keep me in the loop so that I can help! Cheers, -- Alexandre Viau av...@debian.org signature.asc Description: OpenPGP digital signature
Re: mkdocs locale error building djangorestframework
On Mon, Jan 25, 2016 at 8:12 PM, Ben Hutchings wrote: > On Tue, 2016-01-26 at 11:49 +1100, Brian May wrote: >>>> import subprocess >>>> rv = subprocess.Popen(['locale', '-a'], stdout=subprocess.PIPE, > ... stderr=subprocess.PIPE).communicate()[0] >>>> type(rv) > > > This is clearly a bug in python3-click. Yes it was. I have just uploaded a fix. -- Alexandre Viau av...@debian.org
Re: Icedove now
Hey, On 31/12/15 11:59 AM, MENGUAL Jean-Philippe wrote: > Hi, > > Just a small question: does someone has an idea of the future of Icedove > if Thunderbird is no longer developped by Mozilla? Will be updates? New > features? Or maybe Thunderbird is still maintained by the community? Mozilla has not given up Thunderbird. It is just not longer developed by the Firefox inc. It now under the Mozzila Foundation. See: https://blog.mozilla.org/thunderbird/ > Practically what this means is that in 2016, Thunderbird will finally > be able to accept donations from users directed toward the update and > maintenance of Thunderbird. In the long run, Thunderbird needs to > rely on our users for support, and not expect to be subsidized by > revenue from Firefox. We welcome this help from the Mozilla > Foundation in moving toward our goal of developing independent > sources of income for Thunderbird. Icedove will continue to exist. Cheers, -- Alexandre Viau av...@debian.org signature.asc Description: OpenPGP digital signature
Bug#807121: ITP: golang-github-dgryski-go-bits -- amd64 optimized bit operations
X-Debbugs-CC: debian-devel@lists.debian.org Package: wnpp Severity: wishlist Owner: Alexandre Viau * Package name: golang-github-dgryski-go-bits Version : 0.0~git20151205.0.86c69b3-1 Upstream Author : Damian Gryski * URL : https://github.com/dgryski/go-bits * License : TODO Programming Lang: Go Description : amd64 optimized bit operations This is needed for InfluxDB signature.asc Description: OpenPGP digital signature