Re: Need of non-germany-tree in Debian?
Hi, * Michelle Konzack [EMAIL PROTECTED] [2007-07-13 17:08]: Am 2007-07-06 19:26:44, schrieb Malte Hahlbeck: Today the upper House of the German Parliament (Bundesrat) decided to declare Security Software like nmap, nessus etc. illegal in a way that the software itself and not it's criminal use is indictable. That is no Joke. This Law will be active when it is published. That should last a few weeks. What would be the consequence? Will there be the need of a non-germany-tree in the Debian Repositories? This question is no joke. Sorry, but this is NOT REALY RIGHT! The new german LAW is talking about Software which was build to hack sites. Security Software like nmap, nessus etc. are not build to do illegal hacking. (Greetings from my Advocat from Offenburg) [...] Looks like you don't understand the law. There is no list with tools which met the criteria. But the criteria is that the tool enables or helps you to get access to private data which matches nmap no matter if you use it for personal network security or not. The law doesn't say anything about that it has to be the only purpose of the program to hack private data. Cheers Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpFLIwx6ECe8.pgp Description: PGP signature
Re: Need of non-germany-tree in Debian?
* Nico Golde ([EMAIL PROTECTED]) wrote: Looks like you don't understand the law. There is no list with tools which met the criteria. But the criteria is that the tool enables or helps you to get access to private data which matches nmap no matter if you use it for personal network security or not. Yeah, ftp helps you do that too. Thanks, Stephen signature.asc Description: Digital signature
Re: Need of non-germany-tree in Debian?
Hi, * Stephen Frost [EMAIL PROTECTED] [2007-07-13 18:16]: * Nico Golde ([EMAIL PROTECTED]) wrote: Looks like you don't understand the law. There is no list with tools which met the criteria. But the criteria is that the tool enables or helps you to get access to private data which matches nmap no matter if you use it for personal network security or not. Yeah, ftp helps you do that too. And thats not even as dangerous as telnet ;) Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpKbfw3769Tq.pgp Description: PGP signature
Re: Need of non-germany-tree in Debian?
On Fri, Jul 13, 2007 at 05:01:03PM +0200, Michelle Konzack wrote: Am 2007-07-06 19:26:44, schrieb Malte Hahlbeck: Today the upper House of the German Parliament (Bundesrat) decided to declare Security Software like nmap, nessus etc. illegal in a way that the software itself and not it's criminal use is indictable. That is no Joke. This Law will be active when it is published. That should last a few weeks. What would be the consequence? Will there be the need of a non-germany-tree in the Debian Repositories? This question is no joke. Sorry, but this is NOT REALY RIGHT! The new german LAW is talking about Software which was build to hack sites. Security Software like nmap, nessus etc. are not build to do illegal hacking. (Greetings from my Advocat from Offenburg) Interpretation of that law differs. Ask three lawyers, get five answers. Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Need of non-germany-tree in Debian?
Sorry, but this is NOT REALY RIGHT! The new german LAW is talking about Software which was build to hack sites. Security Software like nmap, nessus etc. are not build to do illegal hacking. (Greetings from my Advocat from Offenburg) Interpretation of that law differs. Ask three lawyers, get five answers. also a lot of lawyers neither know the difference between hacking and cracking nor know why you should need to use such 'evil' software for your own protection. Cheers, Bernd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Deficiencies in Debian
On Fri, 18 May 2007 22:09:56 -0700, Russ Allbery wrote: [training the next generation] I'm not following the Linux community closely; do you think there are points Debian could adopt or learn from? I try to summarize (hopefully correctly) your points: With Linux, I think it helps a lot that many of the people involved in kernel development are paid to do it and mentor others as part of their job. I do similar things for Debian, training other people in my group on how to build Debian packages and participate in the infrastructure, and hopefully over time that will bear fruit for Debian as well. - experienced people as mentors for newcomers Linux also has a good history of organized projects to help people get started, such as kernel janitors, and puts a lot of effort into collaboration infrastructure. - teamwork and collaboration, facilitated by the necessary infrastructure And one of the best things about the Linux model is that Linus regularly talks about how he wants things done and what leads him to take stuff or not take stuff in public on the lists, which leads others to do the same. And those are interactive discussions, not just writeups. I think people learn a lot from those discussions. - open discussions about future developments On Debian, the impression that I've gotten is that a lot of the real mentoring and discussion actually happens on IRC rather than on the lists. I don't know how effective that is. I don't know either; probably there's a lot to grab by just following some channels but OTOH the S/N ration is sometimes not really helpful and IRC doesn't seem to be a dedicated mentoring approach at the moment. Regarding your other points I think * there is a trend towards more teamwork and there is infrastructure available for it; * mentoring is happening by chance (in the teams, by some long-time sponsors, maybe by some AMs) but not in a planned way; * maybe some discussions are initially not led in public (but I'm not sure about that one). Hm, maybe that sounds naïve, but what about thinking about a way to adopt strategies of mentoring, development, fine graining roles (job descriptions, mutual agreements, appraisalevaluation, ...) , etc. to F/LOSS in general and Debian in particular? The main obstacle that I see is that that stuff takes a lot of time. I spend probably 5% of my work time on the coordination, record-keeping, and reporting parts of that sort of activity, which in a full-time job is quite reasonable. But it's not really a percentage; it's a quantity of time that those activities take. And I couldn't take a similar two hour per week cut out of my Debian volunteer work without a much greater impact on how much stuff I could get done. Sure, mentoring/training/staff development takes time but as you point out at the beginning it probably bear[s] fruit for Debian. Maybe Debian would be better off in the long run if some of the experienced DDs decided to drop one package or resign from one infrastructure task and to use the saved time for taking an apprentice. I don't know if there have been any organized mentoring/training programmes in Debian in the past; the only one I know at the moment is organized by the Debian Women project [0] but TTBOMK it's not very active. -- IMO it's a good idea anyway! Cheers, gregor [0] http://women.debian.org/mentoring/ -- .''`. http://info.comodo.priv.at/ | gpg key ID: 0x00F3CFE4 : :' : debian: the universal operating system - http://www.debian.org/ `. `' member of https://www.vibe.at/ | how to reply: http://got.to/quote/ `-NP: Rolling Stones: She's A Rainbow (45 version)/She's a Rainbow - 2 signature.asc Description: Digital signature
Re: Deficiencies in Debian
gregor herrmann [EMAIL PROTECTED] writes: On Fri, 18 May 2007 22:09:56 -0700, Russ Allbery wrote: And one of the best things about the Linux model is that Linus regularly talks about how he wants things done and what leads him to take stuff or not take stuff in public on the lists, which leads others to do the same. And those are interactive discussions, not just writeups. I think people learn a lot from those discussions. - open discussions about future developments Here, it wasn't as much future developments that I was thinking of as more basic issues, like style and the thought processes behind why the kernel is structured the way it is. Linus does a great job of explaining his sense of taste, which is sort of a meta-level above future development. I think the Debian Policy discussions, if we can kick up the level of activity, could partly serve a similar role within Debian. There are also some Debian developers (Steve Langasek and Manoj Srivastava come to mind) who regularly follow up to threads on debian-devel and explain both their aesthetic judgement and how they arrived at that conclusion. IMO, one of the most valuable skills for someone working in IT is to have a well-developed aesthetic sense of what a clean and supportable system looks like. Most of the day-to-day decisions that I make are based on a sense of aesthetics more than specific technical criteria. That's the form that my subconscious gestalt of systems takes. My experience is that once one has developed that sense of aesthetics and learned to look closely at anything that feels ugly, it becomes surprisingly effective at pointing directly at the weak parts of any design. The main obstacle that I see is that that stuff takes a lot of time. I spend probably 5% of my work time on the coordination, record-keeping, and reporting parts of that sort of activity, which in a full-time job is quite reasonable. But it's not really a percentage; it's a quantity of time that those activities take. And I couldn't take a similar two hour per week cut out of my Debian volunteer work without a much greater impact on how much stuff I could get done. Sure, mentoring/training/staff development takes time but as you point out at the beginning it probably bear[s] fruit for Debian. Maybe Debian would be better off in the long run if some of the experienced DDs decided to drop one package or resign from one infrastructure task and to use the saved time for taking an apprentice. Probably true. Although two hours a week is way more than just one typical package. That's probably the total time I spend on lintian, for example, or about five or ten regular packages where I'm just packaging upstream releases. (Not that I'm an experienced DD; I'm still fairly new.) -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Need of non-germany-tree in Debian?
On Fri, Jul 13, 2007 at 07:02:03PM +0200, Bernd Zeimetz wrote: Interpretation of that law differs. Ask three lawyers, get five answers. also a lot of lawyers neither know the difference between hacking and cracking nor know why you should need to use such 'evil' software for your own protection. Nor do they know about data protection at all. One lawyer once accused us of playing games with her because we refused to send sensible data in unencrypted email. And to top it all she told us her system was not compromised, so there was no need to send encrypted email. Michael -- Michael Meskes Email: Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org) ICQ: 179140304, AIM/Yahoo: michaelmeskes, Jabber: [EMAIL PROTECTED] Go SF 49ers! Go Rhein Fire! Use Debian GNU/Linux! Use PostgreSQL! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Need of non-germany-tree in Debian?
Michelle Konzack wrote: The new german LAW is talking about Software which was build to hack sites. Security Software like nmap, nessus etc. are not build to do illegal hacking. (Greetings from my Advocat from Offenburg) But they could be used to prepare an attack. It talks about the software and not the intention. That's the point. The definition of the law is vague, so that it has to be judged to get a real usable definition. Your lawyer should read the latest juritstic comments on that law. The german Justice can not do anything if I use the tools to secure my network. The text of this new law does not make this clear. Greetings MH Systemadministrator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]