Non-working GNOME SSH keys
Read this if you have a GNOME (ssh) account and it isn’t working and you want to know why. Due to Debian security issue we’ve locked down the machines for public key authentication. See the announcement by Guilherme de S. Pastore to devel-announce-list below. Please ensure you’re subscribed to that list (as we expect people to be)! Generally announcements are spread via Planet GNOME as well, but that is more of an extra service. Please contact [EMAIL PROTECTED] if you have either: * Used a DSA key on a Debian/Ubuntu machine affected by the security * issue * Generated a DSA/RSA key on an affected Debian/Ubuntu machine Note: If you have a DSA key generated on a non-Debianb/Ubuntu (e.g. Red Hat) distribution (or whatever) and used it on a affected Debian/Ubuntu machine (meaning: ssh’ed from that machine, not to such a machine), you are affected as well. So please replace your key in such cases as well. Current plan: We’ll (well, Owen) remove all blacklisted SSH keys that we can find and inform affected people. This to avoid greatest security issues. Not sure yet what we’ll do about the DSA keys (they could be compromised now or in future whenever they’re used on an affected Debian/Ubuntu machine). Closing: I’m unfortunately way too busy to really help the sysadmins working on this.. plus the accounts people replacing the SSH keys. Thanks to everyone who’s helping. On Wed, May 14, 2008 at 10:52:29PM -0500, Guilherme de S. Pastore wrote: As some of you have probably been made aware of somehow by now, the Debian openssl package introduced an incorrect change in version 0.9.8c-1, available since September 2007 and distributed with the current stable release etch, which resulted in the output of the random number generator being predictable, as per CVE-2008-0166. That directly affects openssh, and any key generated on Debian or Debian-derived systems from then until the recent security updates (on Debian, versions 0.9.8c-4etch3 or 0.9.8g-9) is deemed potentially compromised. It should be obvious from the start that we are exposed to risk by the number of developers we have that use Debian or Ubuntu systems, and we have run individual tests to reach the conclusion that we do, indeed, have this kind of key installed on the GNOME servers. Hence, I regret to inform that key authentication to GNOME machines has been disabled some minutes ago for safety. We will be working into putting mechanisms into place that allow for blacklisting upon authentication, so that the insecure keys are selectively disabled and we can resume normal operation as soon as possible. It is worth noting, however, that, for all we currently know, not all cases can be detected by the algorithms we have, which would make it insufficient to just remove the keys we know to be broken or blacklist them. Therefore, it is EXTREMELY important that, if you think your key has been generated in a system affected by this bug at the time, you have your system updated, regenerate your SSH keys and get them replaced by mailing [EMAIL PROTECTED] The Infrastructure Team may see a need to go a bit further than I have described in due course, but new announcements will be sent out if that is the case. We are sorry for the inconvenience, and hope not to have to disturb development for long or delay the next tarballs due date. Yours, -- Guilherme de S. Pastore The GNOME Sysadmin Team ___ gnome-hackers mailing list [EMAIL PROTECTED] http://mail.gnome.org/mailman/listinfo/gnome-hackers -- Regards, Olav ___ gnome-i18n mailing list gnome-i18n@gnome.org http://mail.gnome.org/mailman/listinfo/gnome-i18n
Re: Non-working GNOME SSH keys
Olav Vitters skreiv: Due to Debian security issue we’ve locked down the machines for public key authentication. See the announcement by Guilherme de S. Pastore to devel-announce-list below. Please ensure you’re subscribed to that list (as we expect people to be)! Translators, too? -- Åsmund Skjæveland ___ gnome-i18n mailing list gnome-i18n@gnome.org http://mail.gnome.org/mailman/listinfo/gnome-i18n
Re: Non-working GNOME SSH keys
Hi I had my keys revoked and I replaced them through accounts gnome org , but the new ones are still not working. Is there anything I'm not aware of before contacting accounts again? Djihed في ج، 16-05-2008 عند 09:46 +0200 ، كتب Olav Vitters: Read this if you have a GNOME (ssh) account and it isn’t working and you want to know why. Due to Debian security issue we’ve locked down the machines for public key authentication. See the announcement by Guilherme de S. Pastore to devel-announce-list below. Please ensure you’re subscribed to that list (as we expect people to be)! Generally announcements are spread via Planet GNOME as well, but that is more of an extra service. Please contact [EMAIL PROTECTED] if you have either: * Used a DSA key on a Debian/Ubuntu machine affected by the security * issue * Generated a DSA/RSA key on an affected Debian/Ubuntu machine Note: If you have a DSA key generated on a non-Debianb/Ubuntu (e.g. Red Hat) distribution (or whatever) and used it on a affected Debian/Ubuntu machine (meaning: ssh’ed from that machine, not to such a machine), you are affected as well. So please replace your key in such cases as well. Current plan: We’ll (well, Owen) remove all blacklisted SSH keys that we can find and inform affected people. This to avoid greatest security issues. Not sure yet what we’ll do about the DSA keys (they could be compromised now or in future whenever they’re used on an affected Debian/Ubuntu machine). Closing: I’m unfortunately way too busy to really help the sysadmins working on this.. plus the accounts people replacing the SSH keys. Thanks to everyone who’s helping. On Wed, May 14, 2008 at 10:52:29PM -0500, Guilherme de S. Pastore wrote: As some of you have probably been made aware of somehow by now, the Debian openssl package introduced an incorrect change in version 0.9.8c-1, available since September 2007 and distributed with the current stable release etch, which resulted in the output of the random number generator being predictable, as per CVE-2008-0166. That directly affects openssh, and any key generated on Debian or Debian-derived systems from then until the recent security updates (on Debian, versions 0.9.8c-4etch3 or 0.9.8g-9) is deemed potentially compromised. It should be obvious from the start that we are exposed to risk by the number of developers we have that use Debian or Ubuntu systems, and we have run individual tests to reach the conclusion that we do, indeed, have this kind of key installed on the GNOME servers. Hence, I regret to inform that key authentication to GNOME machines has been disabled some minutes ago for safety. We will be working into putting mechanisms into place that allow for blacklisting upon authentication, so that the insecure keys are selectively disabled and we can resume normal operation as soon as possible. It is worth noting, however, that, for all we currently know, not all cases can be detected by the algorithms we have, which would make it insufficient to just remove the keys we know to be broken or blacklist them. Therefore, it is EXTREMELY important that, if you think your key has been generated in a system affected by this bug at the time, you have your system updated, regenerate your SSH keys and get them replaced by mailing [EMAIL PROTECTED] The Infrastructure Team may see a need to go a bit further than I have described in due course, but new announcements will be sent out if that is the case. We are sorry for the inconvenience, and hope not to have to disturb development for long or delay the next tarballs due date. Yours, -- Guilherme de S. Pastore The GNOME Sysadmin Team ___ gnome-hackers mailing list [EMAIL PROTECTED] http://mail.gnome.org/mailman/listinfo/gnome-hackers -- Have a project you would like to be translated to Arabic? Let us know: http://wiki.arabeyes.org/Translation_requests Blog: http://djihed.com ___ gnome-i18n mailing list gnome-i18n@gnome.org http://mail.gnome.org/mailman/listinfo/gnome-i18n
Re: Non-working GNOME SSH keys
On Fri, May 16, 2008 at 10:41:39AM +0100, Djihed Afifi wrote: I had my keys revoked and I replaced them through accounts gnome org , but the new ones are still not working. Is there anything I'm not aware of before contacting accounts again? Currently access is still locked down due to amount of non-secure SSH keys. Owen is planning to remove those asap so we can open it up again. -- Regards, Olav ___ gnome-i18n mailing list gnome-i18n@gnome.org http://mail.gnome.org/mailman/listinfo/gnome-i18n
Re: Non-working GNOME SSH keys
On Fri, May 16, 2008 at 10:51:09AM +0200, Åsmund Skjæveland wrote: Olav Vitters skreiv: Due to Debian security issue we’ve locked down the machines for public key authentication. See the announcement by Guilherme de S. Pastore to devel-announce-list below. Please ensure you’re subscribed to that list (as we expect people to be)! Translators, too? Those with an SSH account + coordinators, yes. Otherwise, no. -- Regards, Olav ___ gnome-i18n mailing list gnome-i18n@gnome.org http://mail.gnome.org/mailman/listinfo/gnome-i18n
ssh to svn.gnome.org/master.gnome.org back
NOTE: still can't log in? you'll get mail shortly On Fri, May 16, 2008 at 09:46:08AM +0200, Olav Vitters wrote: Read this if you have a GNOME (ssh) account and it isn’t working and you want to know why. Due to Debian security issue we’ve locked down the machines for public key authentication. See the announcement by Guilherme de S. Pastore to devel-announce-list below. Please ensure you’re subscribed to that list (as we expect people to be)! Generally announcements are spread via Planet GNOME as well, but that is more of an extra service. Please contact [EMAIL PROTECTED] if you have either: * Used a DSA key on a Debian/Ubuntu machine affected by the security * issue * Generated a DSA/RSA key on an affected Debian/Ubuntu machine Note: If you have a DSA key generated on a non-Debianb/Ubuntu (e.g. Red Hat) distribution (or whatever) and used it on a affected Debian/Ubuntu machine (meaning: ssh’ed from that machine, not to such a machine), you are affected as well. So please replace your key in such cases as well. Current plan: We’ll (well, Owen) remove all blacklisted SSH keys that we can find and inform affected people. This to avoid greatest security issues. Not sure yet what we’ll do about the DSA keys (they could be compromised now or in future whenever they’re used on an affected Debian/Ubuntu machine). Closing: I’m unfortunately way too busy to really help the sysadmins working on this.. plus the accounts people replacing the SSH keys. Thanks to everyone who’s helping. On Wed, May 14, 2008 at 10:52:29PM -0500, Guilherme de S. Pastore wrote: As some of you have probably been made aware of somehow by now, the Debian openssl package introduced an incorrect change in version 0.9.8c-1, available since September 2007 and distributed with the current stable release etch, which resulted in the output of the random number generator being predictable, as per CVE-2008-0166. That directly affects openssh, and any key generated on Debian or Debian-derived systems from then until the recent security updates (on Debian, versions 0.9.8c-4etch3 or 0.9.8g-9) is deemed potentially compromised. It should be obvious from the start that we are exposed to risk by the number of developers we have that use Debian or Ubuntu systems, and we have run individual tests to reach the conclusion that we do, indeed, have this kind of key installed on the GNOME servers. Hence, I regret to inform that key authentication to GNOME machines has been disabled some minutes ago for safety. We will be working into putting mechanisms into place that allow for blacklisting upon authentication, so that the insecure keys are selectively disabled and we can resume normal operation as soon as possible. It is worth noting, however, that, for all we currently know, not all cases can be detected by the algorithms we have, which would make it insufficient to just remove the keys we know to be broken or blacklist them. Therefore, it is EXTREMELY important that, if you think your key has been generated in a system affected by this bug at the time, you have your system updated, regenerate your SSH keys and get them replaced by mailing [EMAIL PROTECTED] The Infrastructure Team may see a need to go a bit further than I have described in due course, but new announcements will be sent out if that is the case. We are sorry for the inconvenience, and hope not to have to disturb development for long or delay the next tarballs due date. Yours, -- Guilherme de S. Pastore The GNOME Sysadmin Team ___ gnome-hackers mailing list [EMAIL PROTECTED] http://mail.gnome.org/mailman/listinfo/gnome-hackers -- Regards, Olav ___ gnome-hackers mailing list [EMAIL PROTECTED] http://mail.gnome.org/mailman/listinfo/gnome-hackers -- Regards, Olav ___ gnome-i18n mailing list gnome-i18n@gnome.org http://mail.gnome.org/mailman/listinfo/gnome-i18n
gbrainy 0.7 string freeze
Hello, We are getting near the release of gbrainy 0.7. It is currently in string freeze for a stable 0.7 series. You have translation status at: http://l10n.gnome.org/module/gbrainy I please ask you to update your translations before the 26th of May midnight. I just want to remark that to have updated translations is very important to make gbrainy available to more people in more cultures. Thanks a lot for your effort -- Jordi Mas i Hernàndez, HomePage http://www.softcatala.org/~jmas/ Bloc personal http://www.softcatala.org/~jmas/bloc/ Planeta Softcatalà: http://www.softcatala.org/planet/ ___ gnome-i18n mailing list gnome-i18n@gnome.org http://mail.gnome.org/mailman/listinfo/gnome-i18n
damned lies, anjuta documentation and encoding bug
Hi All, When viewing the status pages such as http://l10n.gnome.org/languages/zh_HK/gnome-2-24 one can see the error: Download po file http://l10n.gnome.org/POT/anjuta.HEAD/docs/help.HEAD.pot anjuta http://l10n.gnome.org/module/anjuta [Error regenerating POT file for document help.HEAD: precd ] doSerialize(doc) File /usr/bin/xml2po, line 602, in doSerialize outtxt += doSerialize(child) File /usr/bin/xml2po, line 596, in doSerialize (starttag, content, endtag, translation) = processElementTag(node, repl, 1) File /usr/bin/xml2po, line 496, in processElementTag myrepl.append(processElementTag(child, myrepl, 1)) File /usr/bin/xml2po, line 496, in processElementTag myrepl.append(processElementTag(child, myrepl, 1)) File /usr/bin/xml2po, line 496, in processElementTag myrepl.append(processElementTag(child, myrepl, 1)) File /usr/bin/xml2po, line 496, in processElementTag myrepl.append(processElementTag(child, myrepl, 1)) File /usr/bin/xml2po, line 534, in processElementTag translation = translation.replace(u'' % (i), replacement) UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 95: ordinal not in range(128) / Source file: http://l10n.gnome.org/POT/anjuta.HEAD/docs/help.HEAD.pot It appears that the mere fact the POT file has a non-ascii character causes damned-lies to break. The offending character apparently is … (ellipsis character), due to the 0xe2 hint. It is strange because other POT/PO files have non-ASCII characters as well, such as evince and epiphany. If someone can figure out what's wrong, it would be great. Talking about encodings in POT files, here is a recent discussion going on, http://blogs.gnome.org/simos/2008/05/14/should-ui-strings-in-source-code-have-non-ascii-characters/ Simos ___ gnome-i18n mailing list gnome-i18n@gnome.org http://mail.gnome.org/mailman/listinfo/gnome-i18n
Re: A coordinator with very long response time
On Fri, 2008-05-16 at 00:03 +0100, Simos Xenitellis wrote: This guy, Mohammad, is such a negative force that We are civilized persons and civilized persons do not scurrile, they provide reason. I would hate to have on my team. Me, Mr. Poornader, Mr. Esfahbod, and all other iranians are related to Persian translation. But I can not see any relation between Greek and Persian teams. Also I am not interested in Greek translation, or joining your translation team. I would refuse to accept translations, or worse, direct him to KDE I18n. Simos With the best respects, Mohammad Foroughi. ___ gnome-i18n mailing list gnome-i18n@gnome.org http://mail.gnome.org/mailman/listinfo/gnome-i18n
