[gentoo-dev] Last rites: www-apps/blohg
# Arthur Zamarin (2022-09-07) # Python 3.8 only package, no maintainer left. # Removal: 2022-10-07. Bug #869107 www-apps/blohg OpenPGP_signature Description: OpenPGP digital signature
[gentoo-dev] Last rites: app-backup/attic
# Arthur Zamarin (2022-09-07) # Python 3.8 only package, 2 open bugs. Recommended to migrate to borg. # No upstream activity since 2015. # Bugs #674822, #830291, #832240 # Removal: 2022-10-07. Bug #869101 app-backup/attic OpenPGP_signature Description: OpenPGP digital signature
[gentoo-dev] Re: RFC: virtual/dbus
On Wed, Sep 07, 2022 at 04:56:37PM +0100, Marek Szuba wrote: > Dear everyone, > > I wonder if we should create a virtual package to allow our users - or > at least those who run systemd anyway - to choose between sys-apps/dbus > and sys-apps/dbus-broken as D-Bus implementation for their systems. The > usual "Gentoo is about choice" thing aside, there is now at least one, > security-related, problem with the former which can be worked around by > switching to the latter: https://github.com/systemd/systemd/issues/22737 If you find a security issue, please file a security bug. I'm not really sure what the security impact of this is, though. > WDYT? > > PS. Cc'ing maintainers of both packages to see what they might have got > to say about this. > > -- > Marecki signature.asc Description: PGP signature
[gentoo-dev] Re: RFC: virtual/dbus
On Wed, Sep 7, 2022 at 11:56 AM Marek Szuba wrote: > > Dear everyone, > > I wonder if we should create a virtual package to allow our users - or > at least those who run systemd anyway - to choose between sys-apps/dbus > and sys-apps/dbus-broken as D-Bus implementation for their systems. The > usual "Gentoo is about choice" thing aside, there is now at least one, > security-related, problem with the former which can be worked around by > switching to the latter: https://github.com/systemd/systemd/issues/22737 > > WDYT? A virtual seems a bit pointless for the following reasons: 1. dbus and dbus-broker can be (and usually are) installed simultaneously. 2. dbus-broker[launcher] utilizes config files installed by dbus, and actually RDEPENDs on sys-apps/dbus for that reason. 3. Many client applications depend on sys-apps/dbus for libdbus. If you can think of some way to encourage users to install/enable dbus-broker, that seems like a good idea to me.
[gentoo-dev] RFC: virtual/dbus
Dear everyone, I wonder if we should create a virtual package to allow our users - or at least those who run systemd anyway - to choose between sys-apps/dbus and sys-apps/dbus-broken as D-Bus implementation for their systems. The usual "Gentoo is about choice" thing aside, there is now at least one, security-related, problem with the former which can be worked around by switching to the latter: https://github.com/systemd/systemd/issues/22737 WDYT? PS. Cc'ing maintainers of both packages to see what they might have got to say about this. -- Marecki OpenPGP_signature Description: OpenPGP digital signature
[gentoo-dev] Initial review: registration for text/vnd.gentoo.manifest media type
Hi, I'd like to give it a shot and try to register a media type for GLEP 74 Manifest files. I've specifically chosen this type because it's relatively simple and well-specified. I'd like to request your feedback on the registration form, then ask Council for approving it and then send it to IANA media-types ml for feedback. ``` Type name: text Subtype name: vnd.gentoo.manifest Required parameters: charset - always "UTF-8" Optional parameters: none Encoding considerations: 8-bit text always encoded as UTF-8, the format technically permits encoding all Unicode characters as 7-bit escape codes Security considerations: The Manifest files are text files that are transmitted as part of larger file sets in order to provide integrity and authenticity verification for other files. They are primarily intended to be processed locally to verify transferred files. The format does not provide support for executable content. It does provide support for specifying arbitrary filenames to verify. Symbolic links are followed when opening files. The tools are explicitly required to be secured against attempting to read non-regular files. No other dangers were identified from the ability to verify arbitrary file checksums locally (GLEP 74 § 3.3). The initial Manifest file to be processed must not be compressed. It can contain an inline OpenPGP signature to provide authenticity verification. Every Manifest file can reference subsequent Manifest files to be processed. Subsequent Manifest files can be compressed. The tools are required to verify the integrity (and authenticity, if provided) of subsequent Manifest files prior to decompressing them (GLEP 74 § 3.2 / 3.12). The Manifest files have no special privacy considerations. The same privacy considerations as for the files covered by the Manifest apply. Interoperability considerations: The format is using UTF-8 encoding for best interoperability. Platforms using non-UTF-8 filesystem encoding need to be able to recode filenames to UTF-8. The format does not provide support for using raw filenames with unknown encoding. The format does not specify newline encoding. The implementations need to be able to support different platform newline conventions for portability. The format specifies the use of forward slash as a directory separator. Platforms using a different character need to convert paths appropriately. Published specification: GLEP 74: Full-tree verification using Manifest files https://www.gentoo.org/glep/glep-0074.html Applications that use this media type: The reference implementation for the format is provided by the gemato tool [1]. A subset of the format is also directly supported by Gentoo package managers, e.g. Portage [2] and pkgcore [3]. This list is not exhaustive. [1] https://github.com/projg2/gemato [2] https://wiki.gentoo.org/wiki/Project:Portage [3] https://github.com/pkgcore/pkgcore Fragment identifier considerations: None. Additional information: Deprecated alias names for this type: none Magic number(s): none File extension(s): none, the file is commonly named "Manifest" Macintosh file type code(s): none Person & email address to contact for further information: Michał Górny Intended usage: COMMON Restrictions on usage: None. Author: Michał Górny Change controller: Gentoo Council Provisional registration? (standards tree only): no ``` -- Best regards, Michał Górny