Re: Updated Debian Developers Keyring

[Jonathan McDowell]

Joey Hess wrote:
> Jonathan McDowell wrote:
> > jetring has some useful and interesting ideas, but the main
> > complaint I'd have about it as a method of managing keyrings is that
> > it takes on various roles that are already provided by the
> > underlying VCS and this duplication makes it more complex than
> > necessary.
> 
> This is a complaint that I have about quilt and similar patch systems,
> but I do not call them a "mess" on #debian-devel. I accept that some
> people might have reasons to like these complications that do things
> that could be done by a VCS.

I don't frequent #debian-devel and I've never called jetring a mess; I
just wanted to point out that there may be reasonable arguments why
someone might choose not to use jetring (in the same manner people
choose not to use quilt or whatever). I think you've assumed I've been
derogatory about it in some manner that I haven't.

> Calling jetring "complex" is a bit of a mismoner, given that it
> consists of a mere 690 lines of code. That's 6x less code than ls.c;
> it's actually less code than is present in cat.c ...

I didn't call it complex either; I think the ideas in it are quite neat
and simple, I just said that /I/ think that some of its functions are
performed adequately by a VCS without the need for more help.

> > It also stores keys as their ASCII armoured versions, which I can
> > see little benefit to. If you store keys as individual binary blobs
> > then the process of assembling the complete keyring can be achieve
> > with cat.
> 
> jetring changesets include various metadata. Storing binary blobs in
> files along with textual metadata is not very appealing.

That's not what I'd suggest; I'd suggest using the ability of the VCS to
store the metadata about who made the change and why, meaning the actual
object stored in the VCS is just the key itself.
 
> The concept of a changeset that represents any possible single change
> to a keyring is rather more useful than just catting binary files
> together.  It allows for changesets that remove or modify keys, not
> just the addition of new keys. It allows workflows where changesets
> are created by third parties and mailed in for review.

If you have each key stored as a separate binary blob then you can use
the VCS to track changes, additions and deletions. cat is only used to
assemble a complete keyring for distribution, where gpg is used in
jetring (there's no reason you couldn't use gpg to assemble the binary
blobs except for the fact it doesn't buy you a whole lot and is slower).

> > jetring obviously works for the people managing the Debian
> > Maintainer's keyring, but that doesn't mean that it'll work for
> > everyone.
> That could be said about any tool ever developed. However, jetring was
> developed explicitly based on the ideas that James described for a
> tool to help manage the Debian keyring, and was initially tested using
> the Debian keyring, so I certianly believe it would be effective
> there.  Unfortunatly, James has never replied to any of my mails about
> it.

I can't and don't speak for James (though I don't believe I've ever
heard him be negative about jetring). I really didn't intend to cause
offence in my suggestion that jetring might not be the answer, in the
same manner as I don't intend to cause offence because I use Debian
instead of Redhat.

J.

-- 
I like my copyright infringements to be patent free.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Updated Debian Developers Keyring

[Joey Hess]

Jonathan McDowell wrote:
> jetring has some useful and interesting ideas, but the main complaint
> I'd have about it as a method of managing keyrings is that it takes on
> various roles that are already provided by the underlying VCS and this
> duplication makes it more complex than necessary.

This is a complaint that I have about quilt and similar patch systems,
but I do not call them a "mess" on #debian-devel. I accept that some
people might have reasons to like these complications that do things
that could be done by a VCS.

Calling jetring "complex" is a bit of a mismoner, given that it consists
of a mere 690 lines of code. That's 6x less code than ls.c; it's
actually less code than is present in cat.c ...

> It also stores keys as their ASCII armoured versions, which I can see
> little benefit to. If you store keys as individual binary blobs then
> the process of assembling the complete keyring can be achieve with cat.

jetring changesets include various metadata. Storing binary blobs in
files along with textual metadata is not very appealing.

The concept of a changeset that represents any possible single change to
a keyring is rather more useful than just catting binary files together.
It allows for changesets that remove or modify keys, not just the
addition of new keys. It allows workflows where changesets are created
by third parties and mailed in for review.

> jetring obviously works for the people managing the Debian Maintainer's
> keyring, but that doesn't mean that it'll work for everyone.

That could be said about any tool ever developed. However, jetring was
developed explicitly based on the ideas that James described for a tool
to help manage the Debian keyring, and was initially tested using the
Debian keyring, so I certianly believe it would be effective there.
Unfortunatly, James has never replied to any of my mails about it.

-- 
see shy jo


signature.asc
Description: Digital signature

Re: Updated Debian Developers Keyring

[Joey Hess]

Lucas Nussbaum wrote:
> The keyring part isn't as easy. The problem is that the keyring isn't
> maintained collaboratively. jetring has been developed for exactly this
> use case, but I've heard (discussion on #debian-devel) that some people
> considered jetring "a mess" (I don't have details about specific
> problems though).

So, it's real simple. jetring is a package. The debian BTS collects bug
reports for packages. It currently contains 1 unfixed bug report.
Reporting new bugs in the bts about jetring == good. Spreading rumors
that it is a mess on #debian-devel == WTF. HTH. HAND.

-- 
see shy jo


signature.asc
Description: Digital signature

Re: Updated Debian Developers Keyring

[Jonathan McDowell]

> The keyring part isn't as easy. The problem is that the keyring isn't
> maintained collaboratively. jetring has been developed for exactly
> this use case, but I've heard (discussion on #debian-devel) that some
> people considered jetring "a mess" (I don't have details about
> specific problems though).

jetring has some useful and interesting ideas, but the main complaint
I'd have about it as a method of managing keyrings is that it takes on
various roles that are already provided by the underlying VCS and this
duplication makes it more complex than necessary.

It also stores keys as their ASCII armoured versions, which I can see
little benefit to. If you store keys as individual binary blobs then
the process of assembling the complete keyring can be achieve with cat.

jetring obviously works for the people managing the Debian Maintainer's
keyring, but that doesn't mean that it'll work for everyone.

J.

-- 
Web [ Sorry for the inconvenience. ]
site: http:// [  ]   Made by
www.earth.li/~noodles/  [  ] HuggieTag 0.0.23


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Updated Debian Developers Keyring

[Andreas Tille]

On Fri, 18 Apr 2008, Stefano Zacchiroli wrote:


It does not (well, AFAIK it does not).  According to my reading, the
delegations were not related to keyring management.


Ahhh, you are completely right!  In my happyness I thought all our
problems were solved.  Perhaps they are in a way that if some other
work is split up between more persons there will be some more
time left for keyring maintenance - so we will hopefully see also
an increase here indirectly ...

Thanks for the clarification

  Andreas.

--
http://fam-tille.de


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Updated Debian Developers Keyring

[Stefano Zacchiroli]

On Fri, Apr 18, 2008 at 11:00:33AM +0200, Andreas Tille wrote:
> So I fail to see how the current setup enables joerg to change
> the keyring which means things are not fully implemented - in whatever

It does not (well, AFAIK it does not).  According to my reading, the
delegations were not related to keyring management.

-- 
Stefano Zacchiroli -*- PhD in Computer Science ... now what?
[EMAIL PROTECTED],cs.unibo.it,debian.org}  -<%>-  http://upsilon.cc/zack/
(15:56:48)  Zack: e la demo dema ?/\All one has to do is hit the
(15:57:15)  Bac: no, la demo scema\/right keys at the right time


signature.asc
Description: Digital signature

Re: infrastructure team procedures (fifth edit)

[Josip Rodin]

On Fri, Apr 18, 2008 at 01:46:16AM +0200, Thomas Viehmann wrote:
> The Debian Prject clarifies that all privileged roles held on debian.org 
> machines are to be considered delegations by the DPL according to the 
> constitution, §
> 
> as long as we trust ourselves not to elect DPLs going nuts with delegations.
> Not to spoil the fun of seeing how far Josip can count by avoiding the 
> simple solution without extra safety nets (in addition to override by GR) 
> at all cost.

I (obviously) don't like that option because it's simplistic, but I will
second it if you propose it, because anything would be better than
the status quo.

-- 
 2. That which causes joy or happiness.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

COMPUTEX TAIPEI e-Newsletter

[COMPUTEX TAIPEI]

  

*Registration News*  Buyer
Pre-Registration
 Press
Pre-Registration
*Visitor Information*  Showground
Map
 Exhibitor/product
Search    TWTC
Nangang Exhibition Hall
Introduction
 How
to get to TWTC Nangang Exhibition
Hall?
 Floor
Plan   MRT
Map
 Fact
Sheet
*2007 Show Review*  Show
Report
 Official
Show Preview   Official
Show Daily• Day
1
   • Day 
2
   • Day 
3
   • Day 
4
 Official
Show 
Guide
 Official
Show Review 2007  Official Publication
Media 
Kits
 April
20 2008
 
* COMPUTEX TAIPEI FORUM
beyond your expectation!
*

*The Most Expected Forum during COMPUTEX TAIPEI is coming!
e21FORUM 2008 Leads You to a Bright Future with Technology*


As the largest technology forum during COMPUTEX TAIPEI for years, e21FORUM
has established its reputation and recognition as the most influential
interactive platform for experts in IT industry.

e21FORUM will be delivered on the first day of COMPUTEX TAIPEI , the top 2
IT exhibition worldwide. It provides international visitors, buyers, and
general public with diverse information and visionary thinking of the
up-to-date IT trends in the coming year. Meanwhile, well-known IT leading
companies also participate in e21FORUM as the best opportunity to announce
its latest products and technology.

Join e21FORUM now for the latest technical insights and business
perspectives. It's your best chance to comprehend your industrial know-how
of high tech and help you to keep up with the IT roadmaps with global
giants, also your best platform to showcase your brand and solutions to the
world.


e21FORUM 2008, a tremendous technology forum that you shouldn't miss this
summer!


Date:June 3rd 2008 (Tuesday) 13:20 - 17:00
Venue:
3F, Plenary Hall, Taipei International Convention Center (TICC)
No.1, Hsin-Yi Rd., Sec. 5, Taipei, Taiwan ROC
Website:http://www.e21forum.com.tw
Organizers:
Taiwan External Trade Development Council (TAITRA)
Taipei Computer Association (TCA)

*Information is subject to change without notice

   *Softex Taipei 2008 Shows Boom in Consumption
* **

Softex Taipei is one of Taiwan's biggest information exhibitions, and is
seen as the purchase indicator for IT.  This year's exhibition came after
the Taiwanese Presidential Election, with consumer confidence rising indices
reflecting new consumption capabilities.  Many operators are therefore also
optimistic about consumption capabilities and are actively promoting their
new launches for the second quarter

Updated Debian Maintainers Keyring

[Anibal Monsalve Salazar]

With the upload of debian-maintainers version 1.28, the following
changes to the keyring have been made:

dm:[EMAIL PROTECTED]
Full name: Stephane Glondu
Added key: 467FC0C018311E9479465FC7060F2876FCE03DAA

A summary of all the changes in this upload follows.

Debian distribution maintenance software,
on behalf of,
Anibal Monsalve Salazar <[EMAIL PROTECTED]>

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Fri, 18 Apr 2008 18:33:44 +1000
Source: debian-maintainers
Binary: debian-maintainers
Architecture: source all
Version: 1.28
Distribution: unstable
Urgency: medium
Maintainer: Debian Maintainer Keyring Team <[EMAIL PROTECTED]>
Changed-By: Anibal Monsalve Salazar <[EMAIL PROTECTED]>
Description: 
 debian-maintainers - GPG keys of Debian maintainers
Closes: 475898
Changes: 
 debian-maintainers (1.28) unstable; urgency=medium
 .
   [ Anibal Monsalve Salazar ]
   * Added Debian maintainer Stephane Glondu. Closes: #475898
 .
   [ Joey Hess ]
   * Remove Aurélien GÉRÔME, Cameron Dale, Charles Plessy, Filipe Lautert,
 Martín Ferrari, Miriam Ruiz, Simon McVittie, Tobias Toedter, and
 Vincent Bernat, all of whom are now debian developers.
Files: 
 41dea3eca2faef74666ad911c6bb411b 1091 misc extra debian-maintainers_1.28.dsc
 70dea2703b03cef8586895ab84f751a0 2733053 misc extra 
debian-maintainers_1.28.tar.gz
 98d132f90f2b89d0db79fdc65b7f5f0d 355346 misc extra 
debian-maintainers_1.28_all.deb
 b44034d7aeee54771867b203b913bc0c 432035 raw-keyring - 
debian-maintainers_1.28_all.gpg

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFICF20gY5NIXPNpFURAk+vAKCtigAho5Lkr4XX12HunKwZEz2AjgCg2AvH
ZALbUXsoKKNndPMsgWp7UpY=
=SXa2
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Updated Debian Developers Keyring

[Andreas Tille]

On Fri, 18 Apr 2008, Stefano Zacchiroli wrote:


On Fri, Apr 18, 2008 at 09:58:37AM +0200, Andreas Tille wrote:

H, what really concerns me is that I do not even see evidence
that the fact stated in [1] is even implemented.


Here is the evidence:

 [EMAIL PROTECTED]:~$ groups joerg | grep -q debadmin && echo '\o/'
 \o/

( though it has nothing to do with keyring )


But you was asking yourself:

  what's the purpose of "keyring" group if files are "troup:root" ?

So I fail to see how the current setup enables joerg to change
the keyring which means things are not fully implemented - in whatever
group different from root he is, right?

Kind regards

  Andreas.

--
http://fam-tille.de


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Updated Debian Developers Keyring

[Lucas Nussbaum]

On 18/04/08 at 09:58 +0200, Andreas Tille wrote:
> On Fri, 18 Apr 2008, Anthony Towns wrote:
>
>> I don't see any evidence of it:
>>
>> [EMAIL PROTECTED]:~$ ls -l /srv/keyring.debian.org/pub/keyrings/
>> total 28056
>> -rw-r--r-- 1 troup root 25393210 Apr 17 19:13 debian-keyring.gpg
>> -rw-r--r-- 1 troup root   949211 Apr 17 19:13 debian-keyring.pgp
>> -rw-r--r-- 1 troup root 4924 Apr 17 19:13 debian-role-keys.gpg
>> -rw-r--r-- 1 troup root   583785 Apr 17 19:13 emeritus-keyring.gpg
>> -rw-r--r-- 1 troup root   104871 Apr 17 19:13 emeritus-keyring.pgp
>> -rw-r--r-- 1 troup root26468 Apr 17 19:13 extra-keys.pgp
>> -rw-r--r-- 1 troup root  1232873 Apr 17 19:13 removed-keys.gpg
>> -rw-r--r-- 1 troup root   366193 Apr 17 19:13 removed-keys.pgp
>>
>> [EMAIL PROTECTED]:~$ groups joerg noodles
>> joerg : Debian webwml nm newmaint qa debadmin planet ftpteam
>> noodles : Debian keyring
>
> H, what really concerns me is that I do not even see evidence
> that the fact stated in [1] is even implemented.

There's no such thing as a "full Debian Account Manager" group.
Currently, to create accounts, Joerg would basically need full DSA
(adm group) and keyring maintainers (keyring group) powers.

Regarding the adm group, I'm not sure it is necessary, since asking DSA
to create accounts once the keys have been added to the keyring seems to
work well (RT#628, which resulted in those accounts creations).

The keyring part isn't as easy. The problem is that the keyring isn't
maintained collaboratively. jetring has been developed for exactly this
use case, but I've heard (discussion on #debian-devel) that some people
considered jetring "a mess" (I don't have details about specific
problems though).

(all of the above is based on my understanding of the situation, but I
might be wrong. please correct me :-)
-- 
| Lucas Nussbaum
| [EMAIL PROTECTED]   http://www.lucas-nussbaum.net/ |
| jabber: [EMAIL PROTECTED] GPG: 1024D/023B3F4F |


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Updated Debian Developers Keyring

[Stefano Zacchiroli]

On Fri, Apr 18, 2008 at 09:58:37AM +0200, Andreas Tille wrote:
> H, what really concerns me is that I do not even see evidence
> that the fact stated in [1] is even implemented.

Here is the evidence:

  [EMAIL PROTECTED]:~$ groups joerg | grep -q debadmin && echo '\o/'
  \o/

( though it has nothing to do with keyring )

-- 
Stefano Zacchiroli -*- PhD in Computer Science ... now what?
[EMAIL PROTECTED],cs.unibo.it,debian.org}  -<%>-  http://upsilon.cc/zack/
(15:56:48)  Zack: e la demo dema ?/\All one has to do is hit the
(15:57:15)  Bac: no, la demo scema\/right keys at the right time


signature.asc
Description: Digital signature

Re: Updated Debian Developers Keyring

[Andreas Tille]

On Fri, 18 Apr 2008, Anthony Towns wrote:


I don't see any evidence of it:

[EMAIL PROTECTED]:~$ ls -l /srv/keyring.debian.org/pub/keyrings/
total 28056
-rw-r--r-- 1 troup root 25393210 Apr 17 19:13 debian-keyring.gpg
-rw-r--r-- 1 troup root   949211 Apr 17 19:13 debian-keyring.pgp
-rw-r--r-- 1 troup root 4924 Apr 17 19:13 debian-role-keys.gpg
-rw-r--r-- 1 troup root   583785 Apr 17 19:13 emeritus-keyring.gpg
-rw-r--r-- 1 troup root   104871 Apr 17 19:13 emeritus-keyring.pgp
-rw-r--r-- 1 troup root26468 Apr 17 19:13 extra-keys.pgp
-rw-r--r-- 1 troup root  1232873 Apr 17 19:13 removed-keys.gpg
-rw-r--r-- 1 troup root   366193 Apr 17 19:13 removed-keys.pgp

[EMAIL PROTECTED]:~$ groups joerg noodles
joerg : Debian webwml nm newmaint qa debadmin planet ftpteam
noodles : Debian keyring


H, what really concerns me is that I do not even see evidence
that the fact stated in [1] is even implemented.


Over the past few years (2005, 2006 and 2007 at least), there's been a
keyring update during the DPL election period; this one's not long after
that. It might likewise be correlated with the Ubuntu .04 releases.


This might be a nice way how Ubuntu gives back to Debian: Enable Ubuntu
employees to do some volunteer work in Debian after having done the really
important stuff. 

Kind regards

   Andreas.

[1] http://lists.debian.org/debian-devel-announce/2008/04/msg7.html

--
http://fam-tille.de


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Updated Debian Developers Keyring

[Stefano Zacchiroli]

On Fri, Apr 18, 2008 at 05:31:01PM +1000, Anthony Towns wrote:
> [EMAIL PROTECTED]:~$ ls -l /srv/keyring.debian.org/pub/keyrings/
> total 28056
> -rw-r--r-- 1 troup root 25393210 Apr 17 19:13 debian-keyring.gpg
> -rw-r--r-- 1 troup root   949211 Apr 17 19:13 debian-keyring.pgp
> -rw-r--r-- 1 troup root 4924 Apr 17 19:13 debian-role-keys.gpg
> -rw-r--r-- 1 troup root   583785 Apr 17 19:13 emeritus-keyring.gpg
> -rw-r--r-- 1 troup root   104871 Apr 17 19:13 emeritus-keyring.pgp
> -rw-r--r-- 1 troup root26468 Apr 17 19:13 extra-keys.pgp
> -rw-r--r-- 1 troup root  1232873 Apr 17 19:13 removed-keys.gpg
> -rw-r--r-- 1 troup root   366193 Apr 17 19:13 removed-keys.pgp
> 
> [EMAIL PROTECTED]:~$ groups joerg noodles
> joerg : Debian webwml nm newmaint qa debadmin planet ftpteam
> noodles : Debian keyring

.oO( what's the purpose of "keyring" group if files are "troup:root" ? )

SCNR

-- 
Stefano Zacchiroli -*- PhD in Computer Science ... now what?
[EMAIL PROTECTED],cs.unibo.it,debian.org}  -<%>-  http://upsilon.cc/zack/
(15:56:48)  Zack: e la demo dema ?/\All one has to do is hit the
(15:57:15)  Bac: no, la demo scema\/right keys at the right time


signature.asc
Description: Digital signature

Re: Updated Debian Developers Keyring

[Marc Haber]

On Fri, Apr 18, 2008 at 05:31:01PM +1000, Anthony Towns wrote:
> Over the past few years (2005, 2006 and 2007 at least), there's been a
> keyring update during the DPL election period; this one's not long after
> that. It might likewise be correlated with the Ubuntu .04 releases.

A German would be inclined to say "Das hat ein Geschmäckle". I tend to
question what the DPL election and an Ubuntu release has to do with
creating new DDs.

The former may be interpreted as "they keyring manager doesn't want
the new DDs to vote in the DPL election", the latter as "the keyring
manager is too busy with his paid work to do his Debian duties", both
of which I'd see as a reason to fire the keyring manager.

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Updated Debian Developers Keyring

[Anthony Towns]

On Fri, Apr 18, 2008 at 07:53:15AM +0200, Andreas Tille wrote:
> On Fri, 18 Apr 2008, Anthony Towns wrote:
>> The following changes to the Debian keyring have been made:
> May I guess that this good news is somehow connected to [1]?
> If yes, thanks once more to our former DPL!

I don't see any evidence of it:

[EMAIL PROTECTED]:~$ ls -l /srv/keyring.debian.org/pub/keyrings/
total 28056
-rw-r--r-- 1 troup root 25393210 Apr 17 19:13 debian-keyring.gpg
-rw-r--r-- 1 troup root   949211 Apr 17 19:13 debian-keyring.pgp
-rw-r--r-- 1 troup root 4924 Apr 17 19:13 debian-role-keys.gpg
-rw-r--r-- 1 troup root   583785 Apr 17 19:13 emeritus-keyring.gpg
-rw-r--r-- 1 troup root   104871 Apr 17 19:13 emeritus-keyring.pgp
-rw-r--r-- 1 troup root26468 Apr 17 19:13 extra-keys.pgp
-rw-r--r-- 1 troup root  1232873 Apr 17 19:13 removed-keys.gpg
-rw-r--r-- 1 troup root   366193 Apr 17 19:13 removed-keys.pgp

[EMAIL PROTECTED]:~$ groups joerg noodles
joerg : Debian webwml nm newmaint qa debadmin planet ftpteam
noodles : Debian keyring

Over the past few years (2005, 2006 and 2007 at least), there's been a
keyring update during the DPL election period; this one's not long after
that. It might likewise be correlated with the Ubuntu .04 releases.

Cheers,
aj



signature.asc
Description: Digital signature