Re: A few changes
On Fri, 24 Sep 1999, Matthew Vernon wrote: This is all very well, except for those of us who email from work, and have their PGP key at home... Well, depending on how paranoid you may be, there are a few solutions: * Keep a copy of at least your `secring.pgp' on a floppy disk, and use this at work (trying to avoid disk cacheing problems). * Use an intermediary machine (i.e. one always part of the Internet). This option depends on many things -- the machine is bound to be a multi-user one, which is in theory a no-no, but if it's fairly tightly under your administrative control, then it's unlikely that your keyrings stored on it will be compromised. If you can ssh into this machine, it should be safe. I actually do this, almost; I have two keys: [EMAIL PROTECTED] and [EMAIL PROTECTED]. The former sits on a system with many users that I administrate (inkvine.fluff.org), and is in theory vulnerable at various times to several attacks: Ethernet snooping, and compromise by local root-style exploit. The latter has never left my home machine, and assuming no one breaks in to my home machine during dial-up time (unlikely; I watch /var/log like a hawk), the key is safe from those sorts of exploits. So, for anything lasting or really important, I use the home signature, from home. -- Chris [EMAIL PROTECTED] ( http://www.fluff.org/chris )
Re: A few changes
On Fri, 24 September 1999 09:12:31 +0100, Matthew Vernon wrote: This is all very well, except for those of us who email from work, and have their PGP key at home... Best point of all. At work even on a private box my co-workers also have root on it. I don't dare having my private key there... Alexander -- Lies, damn lies, and computer documentation. Alexander Koch - - WWJD - aka Efraim - PGP 0xE7694969 - ARGH-RIPE
Re: A few changes
Samuel Tardieu writes: On 23/09, Marco d'Itri wrote: | I see no point in checking signatures if you don't also reject unsigned | messages. For me, a message with no signature is a message with a bad signature :) This is all very well, except for those of us who email from work, and have their PGP key at home... Matthew -- At least you know where you are with Microsoft. True. I just wish I'd brought a paddle. http://www.debian.org/
Re: A few changes
It would be nice to have a mail server command `resurrect', or similar, that would bring a dead bug back to life (if it were found not to be dead, or whatever; several reasons were listed above). You mean reopen. Existing feature. Presumably reopen now also works for bugs closed longer than 28 days, yes? This would also be some way to producing some kind of automated list of bugs fixed in each release of Debian; people could visit a list somewhere showing them precisely which bugs in which packages had been fixed between their version of Debian and unstable. You mean: bugs closed in the last n days, or since DDMM. Then just fill in the last release date (April 9?). Of course, you can only get an approximation here, since bugs are often fixed in NMUs long before anyone gets around to closing them. Then again, just make it has been either closed or set to severity: fixed since DDMM. -- Peter Samuelson sampo.creighton.edu!psamuels
Re: A few changes
On Sep 21, Samuel Tardieu [EMAIL PROTECTED] wrote: Well, IMO, [EMAIL PROTECTED], [EMAIL PROTECTED] and [EMAIL PROTECTED] should. I see no point in checking signatures if you don't also reject unsigned messages. -- ciao, Marco
Re: A few changes
On 23/09, Marco d'Itri wrote: | I see no point in checking signatures if you don't also reject unsigned | messages. For me, a message with no signature is a message with a bad signature :) pgpRhxmqgVtup.pgp Description: PGP signature
Re: A few changes
On Sat, 18 Sep 1999, Darren Benham wrote: Bugs are no longer deleted!!! We don't have a way for you to access them directly but there's an official location in the database where they're being archived. We're trying to decide how to serve them up... by requesting a bug number, obviously, but any other way? Do we need them index by maintainer or package? Remember, these are closed -- solved -- bugs. The correct and usual thing to do when finding a bug is to look into the BTS to see if it has already been filed or even dealt with. Now remember a lot of Debian users live off stable from CD. Considering the time between to stable releases, chances are high someone discovers a bug long after it has been closed (because he's installing a previously unused package). The person will then be disappointed (because Debian doesnt't handle rather obvious bugs) and/or file it again. Conclusion: make closed bugs available by package. The original bug report and the closing message should be sufficient. Bjorn Brill [EMAIL PROTECTED] Frankfurt am Main, Germany
Re: A few changes
Previously Joseph Carter wrote: Essentially, it does exactly what people like me have been complaining it didn't do: IGNORE the MIME/PGP/whatever crap and just read the message. That would be bad. At the very least it should complain loudly if the message does not verify. Wichert. -- == This combination of bytes forms a message written to you by Wichert Akkerman. E-Mail: [EMAIL PROTECTED] WWW: http://www.wi.leidenuniv.nl/~wichert/ pgpVLUFYV6RjU.pgp Description: PGP signature
Re: A few changes
The BTS should check pgp signatures? On Tue, Sep 21, 1999 at 10:49:44PM +0200, Wichert Akkerman wrote: Previously Joseph Carter wrote: Essentially, it does exactly what people like me have been complaining it didn't do: IGNORE the MIME/PGP/whatever crap and just read the message. That would be bad. At the very least it should complain loudly if the message does not verify. Wichert. -- == This combination of bytes forms a message written to you by Wichert Akkerman. E-Mail: [EMAIL PROTECTED] WWW: http://www.wi.leidenuniv.nl/~wichert/ pgp04OPoBbzMr.pgp Description: PGP signature
Re: A few changes
On 21/09, Darren Benham wrote: | The BTS should check pgp signatures? Well, IMO, [EMAIL PROTECTED], [EMAIL PROTECTED] and [EMAIL PROTECTED] should. pgpOO3jJIuj3l.pgp Description: PGP signature
Re: A few changes
On Sat, 18 Sep 1999, Michael Stone wrote: Definately by package. I can think of several circumstances where this is useful: when a bug is closed in unstable but someone using stable wants an explanation for a problem; when a bug is inadvertantly reintroduced; when a maintainer closes a bug caused by user error, and [...] Agreed. It would be nice to have a mail server command `resurrect', or similar, that would bring a dead bug back to life (if it were found not to be dead, or whatever; several reasons were listed above). This would also be some way to producing some kind of automated list of bugs fixed in each release of Debian; people could visit a list somewhere showing them precisely which bugs in which packages had been fixed between their version of Debian and unstable. -- Chris [EMAIL PROTECTED] ( http://www.fluff.org/chris )
Re: A few changes
On Sun, Sep 19, 1999 at 07:18:54PM +0100, Edward Betts wrote: Does anything special happen if the a message is signed? Other than it gets processed? Nope... Oh, do you mean that it will work with [EMAIL PROTECTED] If so then I understand what you are saying, if not then I don't. Essentially, it does exactly what people like me have been complaining it didn't do: IGNORE the MIME/PGP/whatever crap and just read the message. This means that if I Cc [EMAIL PROTECTED] to change something about a bug in a message and forget to tell mutt NOT to sign it, control will now process the control request normally instead of sending me 20k or so of documentation in 3 seperate emails telling me I screwed up. This makes me happy. = -- Joseph Carter [EMAIL PROTECTED] Debian GNU/Linux developer GnuPG: 2048g/3F9C2A43 - 20F6 2261 F185 7A3E 79FC 44F9 8FF7 D7A3 DCF9 DAB3 PGP 2.6: 2048R/50BDA0ED - E8 D6 84 81 E3 A8 BB 77 8E E2 29 96 C9 44 5F BE -- Flood can I write a unix-like kernel in perl? pgpr35z1Gvu3s.pgp Description: PGP signature
A few changes
I thought some of you might be interested in a few changes that have been made to the BTS software... In the new software, the X-Debian-CC was changed to X-Debbugs-CC (more general) and it appears to be working. Some of the perl scripts have been made -w clean. A column was added to http://www.debian.org/Bugs/db/ix/summary.html that indicates the severity of the bug. A single letter (First letter of the severity) after the reference number. Case has been removed from the pseudoheader entries. That means Package: is the same as package: and Package: Netscape4 is the same as Package: netscApe4. Bugs are no longer deleted!!! We don't have a way for you to access them directly but there's an official location in the database where they're being archived. We're trying to decide how to serve them up... by requesting a bug number, obviously, but any other way? Do we need them index by maintainer or package? Remember, these are closed -- solved -- bugs. The message that gets sent to the debian-bugs-closed list and back to the closer now inlcudes the text of the message that closed the bug... as well as the original bug report. All @bugs.debian.org will accept PGP/GPG clearsigned and most forms of mime formated email. Most? Let me put it this way, I havn't found one that it barfs on but I'm sure there's some evil MUA that will prove it's not perfect. Also, there is a bug that was filed against the BTS, #30682 that I'd like to invite public comment on. I'm inclined to agree with the opinion that: if it's that trivial, just email the maintainer. If the maintainer doesn't respond/fix it.. it's a bug.. ie. normal - Darren
Re: A few changes
On Sat, Sep 18, 1999 at 04:09:17PM -0700, Darren Benham wrote: In the new software, the X-Debian-CC was changed to X-Debbugs-CC (more general) and it appears to be working. Oh yeah, indeed :) Some of the perl scripts have been made -w clean. Ueber-Cool. Bugs are no longer deleted!!! We don't have a way for you to access them directly but there's an official location in the database where they're being archived. We're trying to decide how to serve them up... by requesting a bug number, obviously, but any other way? Do we need them index by maintainer or package? Remember, these are closed -- solved -- bugs. I think requesting them by package would be useful at least. I am not sure if by maintainer is useful (only if you update the maintainer to match the current maintainer each time). The message that gets sent to the debian-bugs-closed list and back to the closer now inlcudes the text of the message that closed the bug... as well as the original bug report. Well, seems I should resubscribing to those lists now :) Also, there is a bug that was filed against the BTS, #30682 that I'd like to invite public comment on. I'm inclined to agree with the opinion that: if it's that trivial, just email the maintainer. If the maintainer doesn't respond/fix it.. it's a bug.. ie. normal I don't think we should encourage private mail to the maintainer. It has a tendency to get lost (look at your desk if you don't believe me :) and it does not serve well if maintainer changes etc. Now that we have teh Closes: feature in changelog file it is trivial to close fixed bugs. Let's just stay with normal bug reports, even for trivialities. Thanks, Marcus -- `Rhubarb is no Egyptian god.' Debian http://www.debian.org Check Key server Marcus Brinkmann GNUhttp://www.gnu.orgfor public PGP Key [EMAIL PROTECTED]PGP Key ID 36E7CD09 http://homepage.ruhr-uni-bochum.de/Marcus.Brinkmann/
Re: A few changes
On Sat, Sep 18, 1999 at 04:09:17PM -0700, Darren Benham wrote: Bugs are no longer deleted!!! We don't have a way for you to access them directly but there's an official location in the database where they're being archived. We're trying to decide how to serve them up... by requesting a bug number, obviously, but any other way? Do we need them index by maintainer or package? Remember, these are closed -- solved -- bugs. Definately by package. I can think of several circumstances where this is useful: when a bug is closed in unstable but someone using stable wants an explanation for a problem; when a bug is inadvertantly reintroduced; when a maintainer closes a bug caused by user error, and another user does the same thing; when a package is adopted and the new maintainer wants to get a feel for the packages history and the rationale behind various packaging decisions. It would be most useful if someone could search by package name, keyword, and status of the bug report. pgpCWbv7Mlw1Y.pgp Description: PGP signature
Re: A few changes
In article [EMAIL PROTECTED] you wrote: Bugs are no longer deleted!!! We don't have a way for you to access them directly but there's an official location in the database where they're being archived. We're trying to decide how to serve them up... by requesting a bug number, obviously, but any other way? Do we need them index by maintainer or package? Remember, these are closed -- solved -- bugs. By package would be nice. Bdale
Re: A few changes
Michael Stone [EMAIL PROTECTED] wrote: Definately by package. I can think of several circumstances where this is useful: when a bug is closed in unstable but someone using stable On a side note, it would be nice to be able to see the bugs filed against all binary packages of a source package, perhaps under the source package's bug page. -- Debian GNU/Linux 2.1 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Re: A few changes
Darren Benham [EMAIL PROTECTED] wrote: In the new software, the X-Debian-CC was changed to X-Debbugs-CC (more general) and it appears to be working. With an alias so that X-Debian-CC still works? Some of the perl scripts have been made -w clean. and `use strict;' clean? Bugs are no longer deleted!!! We don't have a way for you to access them directly but there's an official location in the database where they're being archived. We're trying to decide how to serve them up... by requesting a bug number, obviously, but any other way? Do we need them index by maintainer or package? Remember, these are closed -- solved -- bugs. Add them to the end of the package pages in the resolved section. All @bugs.debian.org will accept PGP/GPG clearsigned and most forms of mime formated email. Most? Let me put it this way, I havn't found one that it barfs on but I'm sure there's some evil MUA that will prove it's not perfect. Does anything special happen if the a message is signed? -- I consume, therefore I am pgpa04UPHY4Lg.pgp Description: PGP signature
Re: A few changes
On Sun, Sep 19, 1999 at 02:27:20PM +0100, Edward Betts wrote: With an alias so that X-Debian-CC still works? Not guarenteed... It's not in the upstream package so I'd have to remeber to put it in every time I upgrade.. Some of the perl scripts have been made -w clean. and `use strict;' clean? I figured somebody would ask :) That comes next. Lots of global variable and from what I understand, thats one of the things that'll kill the scripts. Bugs are no longer deleted!!! We don't have a way for you to access them directly but there's an official location in the database where they're being archived. We're trying to decide how to serve them up... by requesting a bug number, obviously, but any other way? Do we need them index by maintainer or package? Remember, these are closed -- solved -- bugs. Add them to the end of the package pages in the resolved section. I'd rather not. Otherwise there's no reason to have the bugs expire at all and the size of the web mirror would grow.. and grow.. and grow and never shrink. Instead, they'll be a seperate page where you can enter a bug number and...? a package name (I had about decided that, too) and the page would be served up. All @bugs.debian.org will accept PGP/GPG clearsigned and most forms of mime formated email. Most? Let me put it this way, I havn't found one that it barfs on but I'm sure there's some evil MUA that will prove it's not perfect. Does anything special happen if the a message is signed? Other than it gets processed? Nope... -- I consume, therefore I am pgpnj9umubrxe.pgp Description: PGP signature
Re: A few changes
Darren Benham [EMAIL PROTECTED] wrote: All @bugs.debian.org will accept PGP/GPG clearsigned and most forms of mime formated email. Most? Let me put it this way, I havn't found one that it barfs on but I'm sure there's some evil MUA that will prove it's not perfect. Does anything special happen if the a message is signed? Other than it gets processed? Nope... Oh, do you mean that it will work with [EMAIL PROTECTED] If so then I understand what you are saying, if not then I don't. -- I consume, therefore I am
Re: A few changes
On Sun, Sep 19, 1999 at 07:18:54PM +0100, Edward Betts wrote: Darren Benham [EMAIL PROTECTED] wrote: All @bugs.debian.org will accept PGP/GPG clearsigned and most forms of mime formated email. Most? Let me put it this way, I havn't found one that it barfs on but I'm sure there's some evil MUA that will prove it's not perfect. Does anything special happen if the a message is signed? Other than it gets processed? Nope... Oh, do you mean that it will work with [EMAIL PROTECTED] If so then I understand what you are saying, if not then I don't. Yes, it will work with [EMAIL PROTECTED] I've been signing all my mails I've been testing with yesterday :) -- Please cc all mailing list replies to me, also. = * http://benham.net/index.html[EMAIL PROTECTED] * * * ---* * Debian Developer, Debian Project Secretary, Debian Webmaster * * [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] * * [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] * = pgpuX9mm4rgcg.pgp Description: PGP signature