Re: [External] Re: ThinkPad laptops preinstalled Linux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, 2020-06-12 at 17:12 -0400, Mark Pearson wrote: > On 6/10/2020 2:59 PM, Yves-Alexis Perez wrote: > - Audio is a constant headache (instead of earache). > - Graphics is frequently fun. Nvidia cards definitely add a challenge > but I think that's improved a lot. OLED panels are throwing up some issues. > - Power management - suspend and resume, energy certification. Hibernate > right now seems broken/not supported well which I suspect is going to be > an irritant to a lot of users. Hibernation doesn't work with Secure Boot at the moment (there's no infrastructure in the Linux kernel to verify that you're not resuming to an “unsigned” memory image). Not sure how much people hibernate these days anyway (I did that a lot on workstations but quite never on laptops) > But ethernet, wifi, bluetooth, touchpad, thunderbolt, USB, touchscreen, > card readers, thermal, secure boot, apps, firmware, fingerprint, > camera...the amount of stuff packed into these devices still amazes me - > and there is always something that crops up. Indeed but I have the feeling, again, that most stuff is needed in the kernel, and most of the stuff are required upstream first. For the current generation, are those fixes already in upstream projects and we're talking about how to include them in Debian (preferably stable). Or does the work need to be done upstream? > > If you have experience on what was really needed in recent ThinkPads > > it might be useful to reach out to relevant teams. I only have > > hands-on experience with X250 (documented in the link I gave on my > > first mail), which is a bit old now I guess (I have hands-on > > experience on an X280 but it was maybe 18months after it was released > > so basically everything was already working just fine) > We're going though this on our 2020 platforms right now so it's an > interesting point. I think I can safely say that it is constantly varied > :) The impression I get though is this year things are going more > smoothly than last year - I'd like to claim that this is because we are > more experienced.I might be kidding myself. > > I should document it though - right now my gut feeling is I can't point > to one or two candidates and go "they always cause trouble". It's truly > varied > > An interesting question. I'd actually like to bounce that back at the > community. After all - if the aim is to have platforms that work with > Debian the people who are going to want these are likely to be Debian > folk (you're not the first choice for Linux noobs ;)) > > I have some ideas but is there a 'wishlist' or guidance on which > platforms are the most popular? Either Lenovo specifics (makes my life > easier) or general "it should have at least ". My gut feeling is that the X and T series are the most popular. I'm myself was quite fond of the X series because of the small form factor, but I've not yet touched a 13.3" version (X390/X13). And indeed the X1C seems popular as well. I'd say Debian folks also are a bit traditionalist and didn't appreciate some of the changes (like lowering the number of USB ports, moving to a dongle for Ethernet, stuff like that) so maybe people have moved from X to T for that. > > Anybody want to setup a Debian survey? :) Same as Paul, it might make sense to setup one on survey.debian.net > > - - making sure “current” generations products work fine on Debian > > stable/Buster, so they could be “qualified” to ship with Buster > > preinstalled (I'm unsure how realistic it for current products, but > > making sure *they* work is a first start I guess) - - making sure > > “next” generation products work fine on Debian stable/Buster so they > > could be qualified to ship with Buster preinstalled (maybe a little > > more realistic but I guess it also depends on the timescale) - - > > making sure “future” products work fine in Debian testing (Bullseye) > > so once it's released the products can be qualified on it and > > hopefully ship with Bullseye preinstalled > This makes sense but I'll be honest - I haven't run Buster on anything > in a long time. For me too much doesn't work (touchpad, graphics, audio, > networking usually). I go straight for Bullseye and then to unstable and > sometimes to experimental. As a (Debian) developer I run sid on my machines because I need and want to be aware of what's currently changing, but I'd say the target should still be the current stable versions, and if some stuff need backporting which should try to do it. In some cases it's not that problematic to include support for new hardware to a stable/LTS Linux kernel, but someone has to test and propose it. In other cases indeed it's definitely not p
Re: [External] Re: ThinkPad laptops preinstalled Linux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, 2020-06-10 at 08:43 -0400, Mark Pearson wrote: > Hi Yves-Alexis > > > What can be done in the Debian community to help you do that *before* > > the hardware are in the hand of volunteers, because as you already > > said that means the laptops work perfectly 6-8 months after the > > release which is too late. > > > That's a really good question. I was thinking about it over the weekend > and I'm not sure what the right answer is here. If Lenovo were able to > make systems available earlier who would they go to? How does that work > with a community like Debian? If NDAs are involved (which would depend > on how early in the process you get HW) is that a problem? I'm not really sure if Debian as an entity can sign NDA, but individual developers sure can. That beeing said, I'm unsure how early access is really needed. > > My plan before this conversation came up was to keep an eye on what > fixes were needed to get things working on the Ubuntu/Fedora/RHEL front > and then once those were upstream work on getting those pulled into Debian. I really think most of the work should be done in upstream projects (so with upstream contributors), then making sure those changes are included in the relevant Debian version. That also means really early hardware shouldn't be needed since most of the *porting* work should have been done (and actually mostly by Intel and maybe AMD engineers, these days). I'd say this is mostly about having the correct fixes in the Linux kernel, but maybe there are other parts which need fixes (maybe Xorg, pulseaudio, stuff like that?). If you have experience on what was really needed in recent ThinkPads it might be useful to reach out to relevant teams. I only have hands-on experience with X250 (documented in the link I gave on my first mail), which is a bit old now I guess (I have hands-on experience on an X280 but it was maybe 18months after it was released so basically everything was already working just fine) > > Obviously having more competent people than myself do that process and > be able to test it directly would speed things up (a lot :)) but that's > potentially a bunch of work to place on a few people (due to limited > HW). On the plus side - my understanding is that whoever worked on it > would get to keep the HW...don't know if that is tempting or not :) I don't think people will really do *specifically for that reason* anyway :) That can help, but once you did that twice or thrice, I guess you begin to have way too much hardware at home :) Also an option would be for Lenovo to actually hire people to do the technical work and submit it, but as you said below it might need a mentor or something to start stuff. > > I think it's very important for Lenovo to become active and competent > contributors to the community. I don't think it is healthy for us to > just dump HW and say "please fix" - we really should be contributing to > the community for our HW. Maybe a hybrid model where some Debian folk > with some time and interest get HW and are willing to mentor/support? > I'm guessing the first couple of platforms would be more challenging but > in theory it would get easier and less demanding (hopefully :))? If the work is already done upstream, I think it boils down to getting maintainer teams aware of the upstream fixes/commits they'd need to pull, and if there are large and/or complicated, maybe help a bit on the porting. And yes maybe at that point if you don't feel skilled enough it might help to have “mentors” which could do a bit of technical work (backporting, testing etc.) > > Anyway - if there was interest we could explore what was involved with > choosing a couple of platforms, getting them to a Debian developer or > two and going from there. I don't know how early in the process we'd be > able to make HW available - it is *really* hard to get hold of these > early systems (based on personal experience). That's a challenge I'm > willing to take on if it's something that there is interest in. So right now what would be the target hardware / timescale we'd be talking about? There's definitely no reason that Lenovo product(s) roadmap(s) and Debian stable roadmap should be aligned, so there are few interesting things: - - making sure “current” generations products work fine on Debian stable/Buster, so they could be “qualified” to ship with Buster preinstalled (I'm unsure how realistic it for current products, but making sure *they* work is a first start I guess) - - making sure “next” generation products work fine on Debian stable/Buster so they could be qualified to ship with Buster preinstalled (maybe a little more realistic but I guess it also depends on the timescale) - - making sure “future” products work fine in Debian testing (Bullseye) so once it's released the products can be qualified on it and hopefully ship with Bullseye preinstalled For “current” products I guess we
Re: [External] Re: ThinkPad laptops preinstalled Linux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, 2020-06-05 at 11:58 -0400, Mark Pearson wrote: > That's where doing a Debian pre-load would be challenging (which is > really where this conversation started). If support for a platform isn't > there until 6 to 8 months after it's shipped (or more) then really it's > not worth doing a preload (note - I'm not saying it's not worth > supporting the platform - that is still important0. Fedora have this > somewhat solved by being on the latest of everything, Ubuntu solve it by > having their oem image model. Hi Mark and thanks for the nice thread. I have the feeling that support comes late to Lenovo machines because porting efforts start when the machine are actually available and in the hands of willing developpers. That was my experience when I bought my trusty X250 back in 2015. I've documented part of the process (https://www.corsac.net/X250/): because I bought the machine early in its life, support was not perfect (although honestly it was really good) and I had to do some backporting myself, poke some Debian or upstream maintainers here and there. For quite some years now volunteer do that for IBM then Lenovo hardware (and others as well), but obviously they can only do it once they bought it, received it and started playing with it. Lenovo obviously has access to the hardware way earlier, and could thus start the porting effort (which is mostly shared between distributions anyway because work has to be done upstream) and then make sure it propagates to the various supported distro in time for the release. What can be done in the Debian community to help you do that *before* the hardware are in the hand of volunteers, because as you already said that means the laptops work perfectly 6-8 months after the release which is too late. Regards, - -- Yves-Alexis -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAl7bq54ACgkQ3rYcyPpX RFuEVAgA5wqtUvqlGN09wr5UR4Bf+sUldUwFjxF/3/LhJGYQgXXkyMWlhwdiFSl4 MO86xmX+2Pag0ZxdKmwkEtswH/Zr4tBHfAFUI2rnKfSqNq47qF1w9NXjFWMOjTB5 QpXrGdtHn3o9gpb0qAGCHQpdl74gkH+bqO4Gieb8NelIDej9xgNookyJDkK/ADJq i0JLst5GUHVJSFoLTIW0S3Odl4+rr80xvn8rumKTXj8AaarO7TVzE1nM5uG+xQb3 tTJ3tX5UhBAMezlR23lLNPQKtqJ2PKxjq9OEi5hFKzagersqqRIOb3AEXlvjFf/A k6/QjCbm6CECcuypI3L6pCsL/yldRQ== =KjIh -END PGP SIGNATURE-
Re: Security advisory for YubiKey 4: RSA generation broken
On Mon, 2017-10-16 at 21:06 +0200, Christian Seiler wrote: > Unfortunately, as far as I understand it, there's no easy method for > detecting these kinds of broken keys without actually attempting to > factorize them - and while that's feasible (hence the vulnerability) > it is still quite expensive - so there is currently no easy method of > scanning through the Debian keyring for affected keys. Actually that's wrong, the generation process leaves “fingerprints” which can be used to identify keys. See for example: https://keychest.net/roca https://github.com/crocs-muni/roca These tools have been used to identify three vulnerable (sub)keys in the Debian keyring (this is already been taken care of). Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Re: does Debian help detect gravitational waves?
On ven., 2016-02-12 at 09:21 +0100, Daniel Pocock wrote: > https://www.lsc-group.phys.uwm.edu/lscdatagrid/doc/reference-platform.html > > The Ganglia graph (top right corner of the page) appears to be generated > on a Debian host using the official packages (it has ganglia-webfrontend > in the URL) On that page: Reference Operating Systems Scientific Linux 6.1 Debian 6.0 Squeeze CentOS 5.3 (to be deprecated) Debian 5.0, Lenny (to be deprecated) -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Re: Regarding the recent update on the xfce packages
On mar., 2015-03-17 at 09:42 +0800, Paul Wise wrote: On Tue, Mar 17, 2015 at 4:29 AM, Dark Serph wrote: Please, think fondly in updating the xfce packages on JESSIE, before launching it! Your suggestion would probably have best been sent to the maintainers of the Xfce packages in Debian rather than debian-project. Indeed (and I didn't even receive the initial mail, maybe it went to a spam folder). Unfortunately since we are in the pre-release freeze, updating Xfce in jessie to a new upstream version isn't going to happen. I can confirm that. Once the jessie release is out and the Xfce team have uploaded a new version of Xfce to stretch, it could be added to the list of jessie backports if the team have the time to do that. You might want to join the team to help them out with that. https://pkg-xfce.alioth.debian.org/ http://backports.debian.org/Contribute/ Xfce 4.12 is already in experimental. The current roadmap for the team is: - fix remaining RCs bugs affecting Jessie (not in Xfce per se, but that's a priority anyway) - release Jessie; - triage/fix bugs affecting Xfce (4.10) in stretch; - test Xfce 4.12 in experimental to check there's no RC bug in it; Then, we'll be able to upload Xfce 4.12 in unstable (when we have release team approval, since that involves a transition), then it should migrate to stretch. At that point, we might consider backporting it to Jessie. So if you want to help make that happens, then please help fixing RC bugs in Jessie, and non-RC bugs affecting Xfce in Jessie/sid. Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Re: Systemd
On lun., 2015-01-19 at 09:13 -0500, The Wanderer wrote: The solution here would be either to convince upstreams not to depend on policykit, or to provide (restore?) and package a sufficiently functional implementation of policykit which does not depend on libpam-systemd. Some people are trying to revive Consolekit [1], you might want to get in touch with them and provide support. Regards, -- Yves-Alexis [1] https://github.com/ConsoleKit2/ConsoleKit2 signature.asc Description: This is a digitally signed message part
Re: [Pkg-xfce-devel] Reverting to GNOME for jessie's default desktop
On ven., 2014-08-08 at 18:38 -0700, Paul C. Bryan wrote: With all due respect to XFCE, I'd hate the interpretation to be along the lines of, Oh, Debian state of the art desktop environment feels something like Windows, circa 2000. But, XFCE's lightweight. It's meant to lack such fancy features. I'm unsure what you mean by that. We don't do specific efforts to tune Xfce appearance (that's not really our priority indeed), but you might want to take a look at Xubuntu customization if eye candy is what interest you. Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Re: [Pkg-xfce-devel] Reverting to GNOME for jessie's default desktop
On jeu., 2014-08-07 at 23:57 +0200, Jordi Mallach wrote: Hi Debian, About the decision itself, as Debian Xfce main maintainer, I honestly don't really care. I don't think the default desktop matters that much on Debian (while I guess it means a lot for Ubuntu, for example). I actually think having no default desktop would be just fine, instead having the current 3-4 desktop installation media. Then anyone can pick the DE she likes. Now, about specific items: Downstream health: The number of active members in the team taking care of GNOME in Debian is around 5-10 persons, while it is 1-2 in the case of Xfce. Being the default desktop draws a lot of attention (and bug reports) that only a bigger team might have the resources to handle. Indeed. I somehow hoped that the attention brought on the initial switch would bring more developpers to the pkg-xfce team, but that failed. But I'm unsure how much people actually saw the switch, since it's only for the current beta installers for Jessie… Upstream health: While GNOME is still committed to its time-based release schedule and ships new versions every 6 months, Xfce upstream is, unfortunately, struggling a bit more to keep up with new plumbing technology. Only very recently it has regained support to suspend/hibernate via logind, or support for Bluez 5.x, for example. Same as above. Hardware: GNOME 3.12 will be one of the few desktop environments to support HiDPI displays, now very common on some laptop models. Lack of support for HiDPI means non-technical users will get an unreadable desktop by default, and no hints on how to fix that. Well, considering Xorg harcodes DPI to 96, what's the problem anyway? Also, with DPI correctly set to 140 on my Thinkpad (not really HiDPI but still more than 96), the only problems I've seen is chromium since it dropped GTK (#749239 where the URL bar font is oversized and the menu fonts are unreadable). Security: GNOME is more secure. There are no processes launched with root permissions on the user’s session. All everyday operations (package management, disk partitioning and formatting, date/time configuration…) are accomplished through PolicyKit wrappers. That doesn't make much sense to me. It seems you're considering GNOME as a distribution more than a desktop environment. That's not how Xfce sees it. It relies on stuff like PolicyKit for interactions with hardware, for example, but it doesn't really ship anything which should be run as root. The user is free to do anything she wants, though. Privacy: One of the latest focuses of GNOME development is improving privacy, and work is being done to make it easy to run GNOME applications in isolated containers, integrate Tor seamlessly in the desktop experience, better disk encryption support and other features that should make GNOME a more secure desktop environment for end users. Again, for me that's somehow unrelated to the DE, but my vision is less about having a DE which does everything and more about having it only handle things like session, window management, file management (each component appart). It's perfectly possible to use GNOME components in Xfce, and actually a lot of people do that. systemd embracing: One of the reasons to switch to Xfce was that it didn’t depend on systemd. But now that systemd is the default, that shouldn’t be a problem. Also given ConsoleKit is deprecated and dead upstream, KDE and Xfce are switching or are planning to switch to systemd/logind. Not really. We relie on PolicyKit and used to use ConsoleKit because that was somehow enforced on about everyone. Now ConsoleKit has been deprecated, and the same people now enforce libpam-systemd and logind. I'm fine with that, but the goal would be to support both systemd and sysvrc/systemd-shim systems. Many members of the Debian GNOME team feel shipping Xfce by default would mean regressing in a few key areas like, as mentioned before, accessibility, localisation and documentation of the default set of applications. We are wary about the state of some features of the current default with respect to power management and bluetooth, for example. These features are driven by, and working since day 1, by GNOME 3.12. Put it another way, Xfce (and other DEs) have been hurt by the various enforced transitions (ConsoleKit, hal/devicekit-power/upower/upower-0.99), yes. Combined with the lack of resources, that means it lays behind the people who decided those transitions. Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Re: State of the debian keyring
On Fri, Feb 28, 2014 at 11:52:04AM +0100, Lucas Nussbaum wrote: Not really, the listing is about keys, not uploads (only listing the last upload for a given key). The correct interpretation is: | Well, a quick grep on the result shows that of those 652 1024b keys, | only half of them were used for uploads since the beginning of 2013. It doesn't really change anything, does it? Sure, uploads are not the only way to check someone is active, but still, people with no upload since 2012 and a 1024{D,R} key is likely a candidate for direct contact. -- Yves-Alexis Perez signature.asc Description: Digital signature
Re: State of the debian keyring
On Mon, Feb 24, 2014 at 05:35:34PM +0100, Lucas Nussbaum wrote: Hi, On 22/02/14 at 20:57 -0500, Andrew Starr-Bochicchio wrote: Has there been any analysis of how active the developers are? I'd hazard to guess that a good number should be moved to emeritus status. Perhaps we should do a ping of developers with 1024 bit keys? I've done a quick hack using UDD: http://udd.debian.org/cgi-bin/gpg1024.cgi Nice public shaming :) A large number of people still using 1024 bit keys are very active DDs. Well, a quick grep on the result shows that of those 652 uploads done using 1024b keys, only half of them were made since the beginning of 2013. 327 have been done *before* 2013. I guess those can't really be treated as “active” and are candidate for emeritus or disable after a wat run. Regards, -- Yves-Alexis Perez signature.asc Description: Digital signature
Re: State of the debian keyring
On Tue, Feb 25, 2014 at 02:34:01AM +, Marco d'Itri wrote: enr...@enricozini.org wrote: It also took me a long while to switch because I didn't understand that it was already this urgent, Because unless you are paranoid, then it is not. If anybody disagrees then please describe a credible threat model in which: - an entity would want to have access to the key of a DD, and - would find brute forcing a 1024 bit key more practical than stealing it or coercing a developer to disclose it. There's also the hash algorithm issue, which could lead to signature collision attacks (wether in data signing or in key signing). Regards, -- Yves-Alexis Perez signature.asc Description: Digital signature
Re: State of the debian keyring
On Thu, Feb 27, 2014 at 01:18:58PM +, Ian Jackson wrote: Jonathan McDowell writes (Re: State of the debian keyring): On Mon, Feb 24, 2014 at 05:53:58PM +, Ian Jackson wrote: Are we now at the stage where it is more important to retire these shortish keys, than to insist on this cross-signatures ? ... I'd rather avoid this if possible, but it's something I'd be prepared to consider for those who really can't manage to any another signature. So you have answered my question with no. Actually, that's not what he replied. You asked wether to chose between Scylla and Charybdis, and Jonathan just replied that Charybdis wasn't a really good option but would there be no other choice, in specific situation, he'd be prepared to do that. That's very different than “no”. In conclude that this weak keys problem is not all that urgent, in your opinion. I'll stop worrying about it too much. *sighs* Considering you already have a 2048R master key, sure, you can stop worrying for now (I'm unsure why you chose not to directly have a 4096R one, but eh). That won't actually stop me worrying for the rest of the Debian keyring, because only one compromised key is enough, and cryptography is really a field where you prefer to be safe than sorry. Regards, -- Yves-Alexis Perez signature.asc Description: Digital signature
Re: State of the debian keyring
On Thu, Feb 27, 2014 at 11:08:43AM +, Sune Vuorela wrote: On 2014-02-27, Yves-Alexis Perez cor...@debian.org wrote: Well, a quick grep on the result shows that of those 652 uploads done using 1024b keys, only half of them were made since the beginning of 2013. 327 have been done *before* 2013. I guess those can't really be I'm unsure when I did my last upload, but I definitely consider myself active. 2013-07-14T19:00:07+00:00 5CE8ADFA1FDD9DEA6E21DCE19CCBDA1601FA8B4A Sune Vuorela (kdevplatform) But maybe I should figure out how to move to the 4096 key that I actually have collected a set of signatures on. Sure, please go ahead :) -- Yves-Alexis Perez signature.asc Description: Digital signature
Re: Should mailing list bans be published?
On Sat, 2013-10-26 at 20:24 +, Bart Martens wrote: Cover up ? I did suggest approaches with full transparency among DDs. I don't think that's the meaning of “public” Steve (And Lars) initially thought about… Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Re: upload processing resumed
On ven., 2012-12-07 at 22:01 +0100, Joerg Jaspert wrote: On 13053 March 1977, Arno Töll wrote: Thanks for securing it quickly :) Is there any danger of the vulnerable code being in use on other systems, e.g. as part of a dak install? Indeed, thanks for fixing the issue so fast. But full disclosure FTW. Now, that the problem is fixed please share some details about the nature of the vulnerability. All our commits are open and get to the -dak list too. The basic summary is really old code that needs to be replaced, really. In this case - a possible attack using the help of shell metacharacters by a specially prepared filename due to not checking if such characters are in the filename AND using perls open function in the way it lets shell help it. My quick fix only ensured we don't have meta characters, Ansgar invested some more time and rewrote the code in question much more. And fixed a number of other issues too. For details there: read the commits. :) Is dak is present in a “released” state somewhere? Do other people use those releases? Meaning, should we ask for a CVE for this? Regards, -- Yves-Alexis -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1354954858.12107.8.camel@scapa
Re: Presentation of iso downloads - simpler like Fedora?
On ven., 2012-08-10 at 14:01 +0200, Steffen Möller wrote: some binary software forced me into downloading a RedHat flavour, so I went for Fedora. I found it very easy to get an ISO. I mean - very very very easy. My suggestion is to copy that for our now pending release or to make it even easier - not that I would know how to do that. They even auto-picked a good mirror for me. http://fedoraproject.org What about the direct link on top right of http://www.debian.org ? -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Re: Report from DSA Team Sprint in Oslo
On sam., 2012-03-31 at 15:54 -0700, Russ Allbery wrote: That way, US Debian Developers could ignore the whole export control issue because they were uploading it to a host still in the US and the project handled the notification automatically on their behalf when the packages went to our world-wide mirrors. By the way, what about people outside of US with their respective export control issues? Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Re: revenue sharing agreement with DuckDuckGo
On mar., 2012-03-27 at 15:56 +0200, Stefano Zacchiroli wrote: The second option (i.e. the 50% cut) is *not* currently on the table, simply because DDG is not the default search engine in web browsers shipped by Debian at present. What I'm proposing is to accept the 25% cut that will originate from browsers we ship that have DDG as a search engine option. I'm not sure if that counts, but midori uses DDG by default (and upstream gets some revenue from it). Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Re: ECCN
On lun., 2011-05-09 at 16:21 -0400, Guzzi, Greg (GE Aviation, US) wrote: To obtain a ECCN for Debian 5.0 will I need to request this from BIS? http://lmgtfy.com/?q=debian+eccn returns http://wiki.debian.org/USExportControl as first answer. Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Re: Debian Linux OS /// Urgent
On mar., 2011-01-11 at 15:58 +0100, Yves-Alexis Perez wrote: (with my ANSSI hat on) On mar., 2011-01-11 at 10:32 +0100, Treuil, Malvina (GE Healthcare, consultant) wrote: Dear Madam, Dear Sir, The company I work for GEHC buys the software containing the following encryption mean : Debian Linux. I would like to check with you if this encryption mean have already been declared to the French authorities (ANSSI). If yes, could you please provide me with the ANSSI declaration file number and copy? As we need to have them in case of an audit in France. Debian Project didn't made any declaration for crypto stuff to the French authorities. For reference, crypto supply and import are free (but subject to declaration), while export (from France) can be subject to authorization *if it's easy for an end user to change the embedded crypto*, else it's only declaration. More info can be found at http://www.ssi.gouv.fr/site_rubrique58.html (in French) I (with my Debian hat) did the declaration for supply/import/export (on the basis that changing the crypto usually needs a recompilation, which is not immediate for an end user, so it's not “easy” in the original sense). The official declaration should be available soon, I'll keep you posted. Sorry it took so long. The declaration file number is 1101027. Scans of the various documents are available at http://people.debian.org/~corsac/anssi/ (in French). It might be a good idea to put those somewhere on the website (not sure if we have a place for that though) in case other people will need it. Obviously, the timing is not perfect, as I'll have to make another declaration for Squeeze when it's out, but I though it was a good idea to have it first for Lenny, since the requester needed it right now and people will still use Lenny for some time. If you have any question, please ask. -- Yves-Alexis -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1295618655.11245.28.camel@oban
Re: Debian Linux OS /// Urgent
(with my ANSSI hat on) On mar., 2011-01-11 at 10:32 +0100, Treuil, Malvina (GE Healthcare, consultant) wrote: Dear Madam, Dear Sir, The company I work for GEHC buys the software containing the following encryption mean : Debian Linux. I would like to check with you if this encryption mean have already been declared to the French authorities (ANSSI). If yes, could you please provide me with the ANSSI declaration file number and copy? As we need to have them in case of an audit in France. Debian Project didn't made any declaration for crypto stuff to the French authorities. For reference, crypto supply and import are free (but subject to declaration), while export (from France) can be subject to authorization *if it's easy for an end user to change the embedded crypto*, else it's only declaration. More info can be found at http://www.ssi.gouv.fr/site_rubrique58.html (in French) I (with my Debian hat) did the declaration for supply/import/export (on the basis that changing the crypto usually needs a recompilation, which is not immediate for an end user, so it's not “easy” in the original sense). The official declaration should be available soon, I'll keep you posted. Regards, -- Yves-Alexis Perez ANSSI/ACE/LAM signature.asc Description: This is a digitally signed message part
Re: Debian logo used for commercial purposes
On sam., 2010-08-28 at 11:50 +0200, emanuele carrea wrote: Here it is http://www.zazzle.com/great_pacific_garbage_patch_sticker-217837941260564597 didn't know where to write it, but I think it's worth saying it. Note that it's the swirl without Debian which is the “openuse” logo. See http://www.debian.org/logos/ From http://gyresticker.org Algalita Foundation, Oceana, 1% For The Planet and Debian, whose open source logo is used for the project to represent the Gyre itself, in turn, each receive checks accounting for 50% of revenues generated ($50.00 each). (it seems that the swirl represents pretty nicely the “gyre” concept leading to the “great pacific garbage patch so they took the liberty to use the debian logo, donating some money. -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Re: DEP-5 meta: New co-driver; current issues
On 12/08/2010 14:59, Bernd Zeimetz wrote: - Instead of writing such files (and keeping them updated), we should put more energy into doing this task automatically. There are various tools to analyze licenses automatically, for example from OpenLogic (commercial unfortunately) or http://fossology.org/ - tasks which could be handled automatically should be done automatically, even if it means that we need to spend time to write tools to do so (yes, I know this is not an easy task). Yes but to do that automagically, you need a format the tools will generate the doc in. So DEP-5 still has a point here. Cheers, -- Yves-Alexis -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c641d9d@debian.org
Re: Support timeframe
On 25/06/2010 10:52, Bernd Zeimetz wrote: As usual in Debian - which is a community effort mostly - you can get a release quicker or longer security support for a release, if you pay somebody to do so. There are several companies and consultants who employ/are Debian developers and would be willing to do such a job. And if in the end that means there are more people working on security updates for (old)stable release, that means it benefits every user. Sure, the support might be on very specific packages, not all the distribution, meaning the security team can't extend the supported time, but it's still better than nothing :) Cheers, -- Yves-Alexis -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c2473d8.1050...@debian.org
Re: re-organizing dvd
On mar., 2010-06-01 at 23:27 +0530, V.Krishn wrote: DVD 4 and 5 might be possible to club in on. Hi, The packages on the CD and DVD sets are currently organised automatically to optimise the layout in terms of dependencies and popularity. That can be reasonably easily worked out automatically. Popularity could make the content of cd/dvd very different from previous versions. The scheme you're suggesting would take a lot more manual effort, leaving it more prone to mistakes. It also doesn't scale for the next release - weekly squeeze builds are already up to 7 DVDs for i386 and not very far off spreading on to number 8. I was unaware of No. of dvds in coming release would be 7 or 8. Speaking of which, this makes even more wanting to have them organised in example the I gave. Extending the example; Think is terms of users wanting to install. Scenarios with needed DVDs: Home desktop users/base installs - DVD 1 Developers - DVDs 1 + 2 + 3 Education/Scientific - DVDs 1 + 4 Games - DVDs 1 + 5 Other desktops(xfce..etc) - DVDs 1 + 6 Libs - this dvd(7) could be used by above Less used apps/beta apps..etc for advanced or try it our users) - in DVD 8 Based on this users could decides what DVDs to download. There might be issues to overlapping dependencies for apps, but then there are some apps like Developers, scientific, education, games that can be packed separately without problems, even other desktops. Another benefit is stability of dvd content in said numbered DVD over period of time, unlike popularity method. And another problem is that you need more DVDs to put every packages, since the granularity is much larger. First DVD already fit in quite some stuff, and is usually what's needed for most people, and it's quite stable. What you might want, though, is the information of what is on what DVD at a scale larger than the package (maybe the tasks, for example). I'm not sure if that exists somewhere already (well, it does exist for dvd generation, but not sure if it's published somewhere) Cheers, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Re: Squeeze, firmware and installation
On jeu., 2010-05-06 at 21:16 -0500, Raphael Geissert wrote: Josselin Mouette wrote: If there really was a need for it, such images would already exist. They do already exist and are labelled *Ubuntu. That's what people end up trying and installing after they waste their time installing Debian just to see that their wireless and/or ethernet card doesn't work (because most people don't know or care why it doesn't. It just doesn't.) Trying to tell people that they need to download something extra to make their networking devices work is not fun when they just wiped off the only thing that was working: Windows. And for those suggesting one should modify the installation media: good luck saying that to newcomers. That's why we have an installation manual, too. Maybe we don't advertise it enough, maybe we should add a large enough RTFM somewhere on download pages. I don't think we want to go back on the yes/no about firmwares, there was already too much noise about that. Situation is, no non-free firmware in main, what can we do to improve the installer. I can buy the argument about remote servers, although if they boot the installer, they should be able to get some files too, whether from a device if they boot from usb or cd, or from the tftp server if they netboot. For local, personal boxes, I really think plugging an usb key is not really that hard. Maybe we need to advertise the firmware.tar.gz more, even in d-i itself (like “that module requires a non free firmware, which you might find at http://cdimage.debian.org/cdimage/unofficial/non-free/firmware/lenny/current/firmware.tar.gz” (or a shorter url if needed)) Cheers, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Re: Squeeze, firmware and installation
On jeu., 2010-05-06 at 09:15 +0800, Paul Wise wrote: I recently had to install Debian lenny on a HP ProLiant machine, which required bnx2 firmware for the network controller. Just downloaded the firmware .deb from packages.d.o, stuck it on a FAT32 formatted USB stick and everything worked fine. The only thing which would be needed, imho, is a central point to easily download firmwares you need. Some place which would be advertised in the documentation. Uh, but, wait. Isn't that the point of: http://www.debian.org/releases/stable/amd64/ch06s04.html “Loading firmwares”, which points to: http://cdimage.debian.org/cdimage/unofficial/non-free/firmware/lenny/current/firmware.tar.gz Wow, nice. -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Re: Kde 3.5 ...
On jeu., 2010-05-06 at 03:17 -0300, Jorge Gonçalves wrote: First, thank you for the great distro that is Debian, one of the best. I would like to suggest you some way so that the users keep on using the good old KDE 3.5 when they migrate to the upcoming Lenny. Maybe use dummy packages, or rename the packages so that KDE 3.5 could remain installed, and not be forced to upgrade to Kde4. I really feel sorry that KDE 3 series is no more being developed, and when the day cames that I no longer will be able to use KDE 3, I will switch to Apple or even Windows, but NEVER to kde4 or Gnome! (and I feel many users out there think like me!!!) I don't really know the KDE team answer to that (even if it might be obvious). But, is this a stepping up to maintain and take care of those packages? Cheers, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Re: Squeeze, firmware and installation
On 06/05/2010 11:59, Tapio Lehtonen wrote: How does the user know, which firmware he/she is going to need? It is doable to have the files on usb-stick or some such, if it is known which files need to be there. Note that firwmare.tar.gz contains quite a lot of firmwares. And, afair, the installer will tell you the firmware or the module name. And, if the point is to not waste time each time you reinstall the same hardware, you usually end up knowing which firmware you need. And there are the DebianOn wiki pages which might help you on that too. Cheers, -- Yves-Alexis -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4be2da13.4000...@debian.org
Re: CentOS using swirl-ish logo.
On sam., 2009-10-24 at 18:36 +0200, Frank Lin PIAT wrote: I believe that confusion isn't good for any of the projects. What do you think about?. I don't really think anybody would confuse CentOS and Debian because of that theme. -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Re: One more upload queue
On jeu, 2009-05-14 at 21:44 +0200, Joerg Jaspert wrote: Hi we got a request to have an upload queue somewhere in the european area, as uploading to the us might be slow and lead to warning mails from the queued on ries. So well, here it is: ftp.eu.upload.debian.org Use it as you use ftp.upload.debian.org, its the same software in the background, thus supporting all the commands files too. It seems that there is a problem with that queue: On ven, 2009-05-15 at 06:32 +, Archive Administrator wrote: GnuPG signature check failed on epdfview_0.1.7-2_amd64.changes gpg: Signature made Fri May 15 06:32:06 2009 UTC using DSA key ID C5C05BAE gpg: fatal: /home/dak/.gnupg: directory does not exist! secmem usage: 1408/1408 bytes in 2/2 blocks of pool 1408/32768 (Exit status 2) /epdfview_0.1.7-2_amd64.changes has bad PGP/GnuPG signature! Removing /epdfview_0.1.7-2_amd64.changes, but keeping its associated files for now. cor...@hidalgo: gpg --verify epdfview_0.1.7-2_amd64.changes gpg: Signature made ven 15 mai 2009 08:32:06 CEST using DSA key ID C5C05BAE gpg: Good signature from Yves-Alexis Perez (Corsac) cor...@corsac.net gpg: aka Yves-Alexis Perez (REZEL) cor...@rezel.net gpg: aka Yves-Alexis Perez (debian) cor...@debian.org gpg: aka Yves-Alexis Perez (ENST) yves-alexis.pe...@enst.fr cor...@hidalgo: sha256sum epdfview_0.1.7-2_amd64.changes 28dac9892f0f3d19815dfa03eca21318ddb9edc95fc83d2d29d77f3a5c27cade epdfview_0.1.7-2_amd64.changes Cheers, -- Yves-Alexis -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: One more upload queue
On ven, 2009-05-15 at 10:15 +0200, Joerg Jaspert wrote: Upload the .changes again, the rest of the files are still there. This time it should actually work. :) Worked fine, thanks. Cheers, -- Yves-Alexis -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Twittering on planet.d.o?
On mer, 2009-04-08 at 11:11 +0200, gregor herrmann wrote: I think it would be nice to have because - the !debian group on identi.ca is IMO pretty useless since everybody who turns on their computer and knows how to spell d-e-b-i-a-n seems to !need !to !tell !the !world !about !it /rant (for reference: http://identi.ca/group/debian) - we could make the new feed especially for _contributors_, like Planet That could be a job for debian-community.org I guess? -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Re: Question about the amount of security updates available
On lun, 2009-02-16 at 12:02 +, Thomas Nguyen Van wrote: My questions are: 1. Do you confirm the amount of new security updates? If yes, what is the link? 2. Did you change the public key available for security updates? http://www.debian.org/News/2009/20090214 -- Yves-Alexis -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: FOSDEM videos released
On dim, 2009-02-15 at 17:33 +, James Bromberger wrote: Perhaps we could encourage people unable to physically attend to still watch and be on IRC for QA? I know that last year (or the year before) people in the Debian devroom used gobby to comment and add stuff about the talk. With live stream and IRC people could do the same (or join the gobby session?) which could be really helpful in some ways. Ok there's no beer involved, but it's way better than nothing, imho. Cheers, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Re: Developer Status
On Sun, Oct 26, 2008 at 12:30:02PM -0300, Felipe Sateler wrote: The Debian Contributor class is a class of people that can't do anything. Sure, it really sounds good… -- Yves-Alexis -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian Logo Use
On mar, 2008-04-15 at 20:48 +0300, Mario Spinthiras wrote: Debian on the desktop? It's called Ubuntu! plonk. -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Re: Debian Logo Use
On lun, 2008-04-14 at 21:44 -0700, Will Kaiser wrote: Yeah, I had actually already looked into the Debian Live CD project. Unfortunately there is no product available for download at this time that I can line up with my images for comparison. So, we really have no idea what's included on those images. They only have Etch images available (at least last I checked) and we're working with Lenny and Sid. The debian-live goal is not to have already-generated images, but to give people (including you and your project) a way to generate custom images really fast. I'm also pretty sure our goals are aligned a bit differently. The marketing on the Debian Live CD website doesn't spell out that they are targeting Desktop Linux or use as an alternative to derivatives such as Ubuntu and friends. We also use a cool but non-standard apt configuration. Mainly though, it's the marketing on the live cd project that won't work with our primary goal. To appeal to (non-techie) Ubuntu users, you pretty much need to use puppets and pictures to explain what your distro can do. Yeah but in your case, debian-live would (have) help(ed) you to build your project by not taking care of how the cd should boot, in various environment, how to build the cd itself, etc. Take a look at the project, it can be really helpful. I already used a debian-live with the 3 main desktop environments on a demo box without hard drive, for Solutions Linux 2008. Cheers, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Re: Bits from the DPL: FTP assistants, marketing team, init scripts, elections
On lun, 2008-02-25 at 23:53 +, MJ Ray wrote: Many countries still sometimes have heads of state and government from opposing political views (French cohabitation) and it puts the brakes on the more radical reforms, but the fifth republic (for example) hasn't fallen yet. President and congressman are now elected the same year, for 5 years. So cohabitation is not really possible anymore. (but as french people is kind of funny, other elections (the locals ones) may have funny results just a year after president/congress elections). Cheers, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Re: Debian Maintainers
On jeu, 2007-05-31 at 17:19 +0100, Matthew Johnson wrote: How about improving the NM application process so that people don't have to spend 4 months waiting for an AM[1,2,3,4], or to have their accounts created [5,6,7,8], or to be approved by FD[6,7]. Is it really in the NM application process where improvements are needed, in these cases? Regards, -- Yves-Alexis -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Change of the debian code-name base?
On lun, 2007-05-28 at 22:37 +0200, Daniel Baumann wrote: that the first seasons of simpsons were created on a proprietary operating system (irix) with proprietary software. And what does the common knowledge says about the OS used to create toy story characters? -- Yves-Alexis -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Developers vs Uploaders
On mer, 2007-03-14 at 20:50 +0100, Bastian Venthur wrote: My first thought: do we really need this new class of contributors? I mean how many people do you currently know fitting in this category (don't like to become DD just maintainers). I guess there will be some, but I think the amount of people should be high enough to legitimate such a big change in our infrastructure. Maybe people in the NM queue? I don't want to be all personal, but I'm getting tired of being stuck there, where I can't be fully efficient on my work as a maintainer. My second thought: Should we really allow anonymous people to upload packages? Shouldn't they at least prove that they are who they claim to be (via gpg-key singed by an existing DD)? I second that, but I guess it's easily doable. What is our current NM-process for? Especially all those tests you have to go through. Is it just for the right to vote and the access to our machines? Maybe linking those two classes ? Authorizing people which are currently at TS or something like that ? Regards, -- Yves-Alexis -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Developers vs Uploaders
On jeu, 2007-03-15 at 01:41 -0400, Kevin Mark wrote: If person X is a DD and maintaining 2 packages and has never sponsored anything, then (I dont like 'demoting' as it is an insult to their contribution) they would not notice a change in their status if it still allows them to contribute in the same way they did before. And for DPL election? :) -- Yves-Alexis -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: irc.debian.org
On Sat, 2006-05-13 at 14:58 -0700, Paul Johnson wrote: Most Jabber servers... topic is -irc-.debian.org, iirc -- Yves-Alexis Perez -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: irc.debian.org
On Tue, 2006-05-02 at 15:52 -0700, Paul Johnson wrote: By design, IRC encourages people to do truly obnoxious things, like spamming the channel to announce they're going away, or indicating their status with nicknames (which also spams the channel). If *users* announce they're away, it'll be spam no matter if it's in an IRC channel or on Jabber. And I've seen a lot more people announcing their status in their IM-nickname than is their IRC-nickname (9 chars for nick pwnz) You also get spammed on IRC whenever someone joins or leaves a channel. Jabber prevents this by providing a real presence system. you can ignore this in IRC too. Jabber provides all the same modes IRC does in group chat, except bans actually work because they're not stupidly tied to some arbitrary netmask. yeah. ban is tied to user account ? who prevents an annoying user to creates a lot of annoying accounts ? Nicknames changes, joins and parts aren't spammed to the channel unless your client adds them in for you (but changes are still reflected in the listing of who is in the chat). you mean, like on irc ? Jabber networks don't go on begging sprees for funding. OFTC will invariably spam you like every other IRC network since the dawn of time the first moment they get more than a few users. i'm sure there are jabber network which do that. but you can use a gateway which doesnt. like using an irc network which doesnt do that. Ok, so it's a flameware irc vs jabber ? On -project ? Duh. I'm not really used to thoses flames, but I thought they were taking place on -devel. The initial post was about moving *irc*.debian.org from an irc network to another. If you don't want to use irc, nobody forces you. But why posting here a mail that has nothing to do with the initial message ? -- Yves-Alexis Perez -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]