Re: Are users of Debian software members of the Debian community?
On Sat, Sep 17, 2022 at 11:12:54AM +0800, Paul Wise wrote: On Fri, 2022-09-16 at 10:13 -0400, Michael Stone wrote: Most people running interactive VMs (e.g., on a desktop with a graphical console) aren't using Xen, they're using kvm or virtualbox or just about anything else. While the number is probably less, some people (including Debian contributors) are using Qubes (which is based on Xen) on desktops: https://www.qubes-os.org/ *I* use qubes, as well as xen on its own, which is why I'm fairly comfortable asserting that bullseye works just fine for typical use cases on both platforms. I haven't taken any particular measures to work around the bug under discussion--it's just never come up. In qubes you aren't generally working with a virtualized bare metal system (i.e., watching a bios boot screen come up on a virtual monitor after booting from an iso), you're interacting with a templated thin vm via qubes-specific I/O channels. The underlying tech may be xen, but the way it is used is different. (Conversely, when I do want that "boot a virtual bare metal system from an ISO" experience I do so on a different computer, currently via KVM and previously via virtualbox or vmware.)
Re: Are users of Debian software members of the Debian community?
On Fri, Sep 16, 2022 at 01:54:09PM -0400, Chuck Zmudzinski wrote: On 9/16/22 10:13 AM, Michael Stone wrote: You have now sent a message about a particular udev issue to debian-user and I replied with one immediate thought. Some more thoughts: you're using a fairly obscure configuration. I thought Debian was free and I can use it that way if I want to, and that is how I understand Debian's philosophy of free software. Do you understand it differently? unbelievable
Re: Are users of Debian software members of the Debian community?
On Thu, Sep 15, 2022 at 06:37:03AM -0400, Chuck Zmudzinski wrote: The difficult cost of trying to have a voice as a Debian user is *not* the commitment, it is enduring the ad hominem attacks when I express my opinion. Of course if I cannot overcome the stigma of the ad hominem attacks, my voice is completely nullified by those ad hominem attacks. And they continue. Michael Stone followed me to this list and condemned for me asking questions here on this list. There is no way *he* considers me a member of the Debian community who has a formal voice as a Debian user. Since you've been complaining about how people react to your messages for quite some time, perhaps you might change the way you write your messages? https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994899#5 When people give you negative feedback, you announce that they are "attacking" or "defaming" you. https://lists.debian.org/debian-user/2021/09/msg00785.html And the pattern continues with new messages periodically complaining about debian, followed by "oh, I understand now" type messages, then the same complaints get recycled again later. https://lists.debian.org/debian-user/2022/08/msg00370.html https://lists.debian.org/debian-user/2022/09/msg00267.html There are a lot of walls of text that just don't seem to ever lead anywhere. In the message I'm replying to you wrote 90+ lines, took the time to call me out for "attacking" you, asked some rhetorical questions, but never explained a particular problem that debian might be able to address. You want other people to read volumes but show no sign of changing based on the feedback you get, repeatedly complaining about 'bugs not being fixed' without mentioning what bugs so people could actually engage with you on why a particular bug might not have been fixed. (You did it yet again in the message I'm replying to--after specifically stating at the start of this thread that your last thread on the topic degenerated so you were going to switch lists and focus on something different!) I can't see how we can possibly improve your experience with debian until you stop the long meta-discussions about vague concerns and find a way to clearly communicate what problems we might help you to fix. If you want better results, keep your communications direct and actionable. In fact, this is basically what you were told a year ago in one of the threads where you complained that you were being attacked: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994899#10 "You've filed a new bug so make the exact problem the primary part of this bug. Don't ask of others to read a '50 page document' and expect them to distill YOUR problem themselves. Doing a copy+paste of the *relevant* part is absolutely fine." You have now sent a message about a particular udev issue to debian-user and I replied with one immediate thought. Some more thoughts: you're using a fairly obscure configuration. Most people running interactive VMs (e.g., on a desktop with a graphical console) aren't using Xen, they're using kvm or virtualbox or just about anything else. People running Xen are much more likely to use something like debootstrap rather than going through an installer. So the number of people who 1) can duplicate the problem and 2) are likely to do so, is pretty small. The reality is that this will affect how much attention the problem gets. As mentioned several times, by several people, you have a tendancy to write enormous volumes of text. Just reading the logs of the bugs associated with your issue was exhausting. There are no concise summaries, there are no small patches to help identify/isolate an issue. (There is, for example, a 1700 line patch in 994899 which basically reverts an entire set of functionality; maintainers generally prefer minimal and well understood changes. The eventual fix from upstream corrected several issues but didn't rip out all the associated functionality to do so.) It's not enough to say that something like that fixes a problem for you, unless it's clear what the effect would be on the set of people whose systems are currently working but who might be negatively affected by the change. For your udev problem I would probably focus on why the runtime behavior is different than the installer behavior, and try to make the installer behave like the runtime. (Runtime doesn't require kernel patches, etc., so it seems unlikely those are necessary to fix the problem.) If you can isolate that to something you can express clearly and produce a patch to correct you'll probably get a positive response. If you continue to send massive volumes of roundabout reports, then complain that you aren't getting enough attention, it's much less likely that anyone will choose to spend time working with you on this.
Re: Are users of Debian software members of the Debian community?
On Wed, Sep 14, 2022 at 03:17:03PM -0400, Chuck Zmudzinski wrote: Thanks for this, Andy, I admit I did get caught up in behavior that appears as trolling. As you point out, the aforementioned thread only slightly has degenerated and I think there are some useful discussions in it despite the problems. One legitimate topic for discussion that arose in that thread is: Are only Debian Developers with voting rights (DDs) considered to be members of the Debian community, or are the users also members of the Debian community? You were asked to stop, and you haven't stopped--you just moved to another mailing list. You've been behaving the same way for quite some time, raising "questions" that repeat regardless of the answers you get, and there doesn't seem to be any real possibility that additional engagement will change that rather than encouraging more of the same.
Re: Tone policing by a member of the community team [Was, Re: Statement regarding Richard Stallman's readmission to the FSF board]
On Mon, Apr 12, 2021 at 04:55:28PM +0200, Jonathan Carter wrote: On 2021/04/12 15:37, Michael Stone wrote: Not true, if someone identifies with fascist doctrine, even if they keep those views off of the project channels, then they are not welcome here, no matter where they engaged in those kind of activities. Does that go for all extremist ideologies or just the one? Probably all of them. I don't have anything specific in mind, but my guess is that there would be some edge cases where we disagree on what would constitute an extremist ideology, I've thought that we should probably amend our CoC at some point to explain what kind of people are /not/ welcome in Debian, but that's a matter for another GR :) Marxists? Maoists? Stalinists? Anarchists? Zionists? Anti-zionists? Militant Quebec nationalists? Royalists? Imperialists? Indigenous resistance groups? Ecoterrorists? Anyone that someone calls a terrorist? Speciesists? Anti-speciesists? Eugenicists? Any government that comes to power via a coup? Any government that maintains power while suppressing popular revolt? Anyone who participated in genocide? Anyone descended from someone who participated in a genocide? Anyone who denies a genocide? Anyone repeating a false genocide narrative? (By the way, you had better be very, very careful about creating the appearance that debian (via the DPL) is taking a position on some of those, because you could get debian banned in various places if you say the wrong thing.) The idea that "nazis" or "fascists" represent the full spectrum of what can go wrong in human systems, or that understanding complex and emotional conflicts is as simple as "blame the nazis" is simply wrong. I'd go so far as to posit that the only common element in extremist ideologies is the certainty that their own beliefs and tactics are both superior to their opponents', and unimpeachable. I'd further posit that it's possible to have extremist positions on any side of any issue humans can argue about, and also that it's generally impossible to identify a specific point on a continuum of beliefs at which a position changes from "reasonable disagreement" to "extremism". The idea that debian should or even could create a list of acceptable and unacceptable beliefs in all facets of any participant's life is preposterous. All we can reasonably do is require certain standards of behavior within forums we control or which are immediately adjacent. Even from people who have declared that their opponent is a "nazi".
Re: Tone policing by a member of the community team [Was, Re: Statement regarding Richard Stallman's readmission to the FSF board]
On Mon, Apr 12, 2021 at 02:56:34PM +0200, Jonathan Carter wrote: On 2021/04/11 01:28, Bernd Zeimetz wrote: Although I really prefer not to have them in the project, its is not the Debian project's task to rule about political believs, opinions, religions, fetishes and whatever else. But I expect that people keep these things out of Debian and especially the public discussion as far as possble. So long as Debian is not getting involved, it absolutely does not matter to us what people do outside of Debian. Let's focus on creating the best distribution instead. Not true, if someone identifies with fascist doctrine, even if they keep those views off of the project channels, then they are not welcome here, no matter where they engaged in those kind of activities. Does that go for all extremist ideologies or just the one?
Re: One-Time Pad Encryption Software to Debian Repository
On Tue, Oct 15, 2019 at 05:07:33PM +0200, Ondřej Surý wrote: First of all, all software in Debian must adhere to Debian Free Software Guidelines. And I can’t find the source code anywhere on your website. That said - who you seem to use a lot of buzz words and bold claims, but I would recommend the old wisdom: “don’t ever roll your own crypto”. I would recommend you to speak to an actual cryptographer before you do more harm to your users. I hope a cryptographic software based on hand-waving and no crypto audit would never be uploaded in Debian. Source code seems to be at http://www.finalcrypt.org/downloads/other/finalcrypt_sourcecode.zip but otherwise I agree that using this versus a recognized encryption tools is a bad idea. The general mechanism seems to to generate a random string equal to the size of the input data, then perform some operation (presumably xor?) to generate ciphertext. The usual weak link from a theoretical standpoint is the strength of the pseudo random number generator. In this case it's using the java SecureRandom function, so it's as strong or weak as that. If you don't trust complicated mathematical functions to secure your data, I don't know why you'd trust SHA-256. The weak link from a practical standpoint is the need to securely store random pads equal in size to the data encrypted--if you can secure the one time pad, you could just as easily secure the data and not need the one time pad. Disclaimer: I only gave the source code a cursory glance so there may be additional elements of this implementation that I overlooked either for better or for worse.
Re: anti-tarball clause and GPL
On Thu, Jul 25, 2019 at 09:56:49AM -0700, Russ Allbery wrote: The payoff needs to be correspondingly large to be worth the effort, and I'm just not seeing it. +1
Re: Planet Debian revisions
On Thu, Jan 03, 2019 at 03:25:07PM +, Sean Whitton wrote: On Thu 03 Jan 2019 at 02:47pm GMT, Ulrike Uhlig wrote: Looks good! I like it. One tiny thingy based on a remark: I've looked up 'slur' in the dictionary and 'slander' and 'libel' seem to be synonyms that might be more widely known. Maybe a native speaker could confirm this. 'slander' seems fine but 'libel' implies you are doing something illegal. 'slander' and 'slurs' need not be illegal. Slander and libel are equally "illegal" under common law: the former is spoken while the latter is written, and both are civil rather than criminal matters. This varies by jurisdiction, as does protection of true statements, so it's important to be clear about the "where". (And historically, slander was punishable by the removal of the tongue--so it hardly seems a lesser matter!) Mike Stone
Re: Conflict escalation and discipline
On Wed, Apr 18, 2018 at 03:51:48PM +0100, Ian Jackson wrote: Lars Wirzenius writes ("Re: Conflict escalation and discipline"): Most of the problems being discussed right now, and in general, seem to be of the sort where feelings are hurt, but harassment isn't happening. The situations seem to be "A did something, and B was offended, how do we get A and B to understand each other, and resolve any conflict, and get A and B to collaborate in the future?". This implies to me that, at the least, "anti-harassment" is the wrong name for a team that deals with this. That's certainly true. I thought of these ideas: all @debian.org trouble too vague, also negative behaviour seems somehow hostile, also vague conduct seems somehow hostile, also vague appeals too strongly advertises judicial function arbitration too strongly advertises judicial function upset can minimise and subjectify bad actions conflictvery negative resolution too vague but at least positive reconciliation not attractive to complaints who want action dispute[s] maybe? mediation?
Re: Automatic downloading of non-free software by stuff in main
On Thu, Dec 07, 2017 at 12:09:22AM +, Ben Hutchings wrote: That's only because it lives in mm/shmem.c, not under fs/. It does support xattrs. Have you tried it? Mike Stone
Re: Emeritus status, and email forwarding
On Wed, Nov 15, 2017 at 11:53:18AM +, Ian Jackson wrote: Unfortunately it would mean that such people would still need some kind of login on Debian systems, so that they could update the email forwarding. But it wouldn't have to have the wide powers of an active DD/DM account. Unless this turns into a extremely popular option it seems like updating could be done manually, with no need for a complicated technical solution. Mike Stone
Re: Debian Hardened project status.
On Sun, Sep 26, 2004 at 10:02:03PM +1000, Russell Coker wrote: On Sun, 26 Sep 2004 07:22, Lorenzo Hernandez Garcia-Hierro [EMAIL PROTECTED] wrote: - openssh (i'm working on the patches that bring SecurID Token use features, and others from independent hackers) Most of the features you list are things that are difficult to get into Debian/main. But token based security for openssh is something that seems like it could go in without too much pain. Have you talked to Matthew Vernon about this? This is something that should be handled at the pam level and shouldn't require special handling from ssh. (Assuming a good ssh pam implementation.) The last time I looked at the securid pam module from rsa it didn't work with our ssh, but that's because they made it dependent on bugs in ssh pam handling from older versions of ssh. shrug Mike Stone
Re: Debian Hardened project status.
On Sun, Sep 26, 2004 at 11:45:23AM -0400, Stephen Frost wrote: That's unfortunate. Do you know of any workarounds? Haven't looked into it lately. We're seriously considering using RSA secureid with ssh (and quite possibly other things via pam...). Has RSA acknowledged this or said anything about correcting it? When I was looking at it they were very careful to state that the pam module worked only with one specific version of ssh. I assume that when redhat uses a newer version in their enterprise edition rsa will suddenly make it all work. :) That may have already happened, as I said it's been a little while since I looked at it. Mike Stone
Re: Debian machine usage policy
Please use ssh/scp if at all possible (check the copyright, it is not free software, and there is no free replacement) rather than less secure alternatives (rsh, telnet or FTP). You apparantly missed the great ssh rename... Mike Stone (not subscribed to -project) pgpF8Tj0w1g89.pgp Description: PGP signature