Re: [Savannah-hackers-public] cannot do git checkout of gawk from savannah

2012-12-24 Thread Ineiev 

Hi,

On 12/24/2012 12:28 PM, arn...@skeeve.com wrote:

$ git clone git://git.savannah.gnu.org/gawk.git


Works for me.

Re: [Savannah-hackers-public] cannot do git checkout of gawk from savannah

2012-12-24 Thread Ineiev 

On 12/24/2012 12:46 PM, arn...@skeeve.com wrote:


Still fails for me.  Perhaps there are some connectivity problems. I'm
getting this from a machine in Boston and also from Israel.


Now I can reproduce it, with a different error message:
fatal: The remote end hung up unexpectedly

Re: [Savannah-hackers-public] VM vcs upgraded (mostly)

2013-04-29 Thread Ineiev 

On 04/29/2013 11:58 AM, Bob Proulx wrote:

I spot checked cvs, hg, git, and mercurial using their various web
interfaces.  All appeared to be working.  Please report any problems
if something is not working.


I can't update anonymous checkout of web pages for
`www' and `gnun'; cvs update says:

cvs [update aborted]: unrecognized auth response from cvs.sv.gnu.org: cvs: 
unrecognized option '--allow-root-regexp=^/srv/cvs/sources/.*$'

For the reference, cvs --version outputs

Concurrent Versions System (CVS) 1.12.13 (client/server)

Copyright (C) 2005 Free Software Foundation, Inc.
...

I'm not sure how it relates to the upgrade; update
of a non-anonymous working copy works just fine.

Re: [Savannah-hackers-public] VM vcs upgraded (mostly)

2013-04-29 Thread Ineiev 

Another issue: in `www' web pages,  cvs commit says:

Failed to exec cvs: No such file or directory at /usr/local/bin/sv_membersh 
line 110.

Re: [Savannah-hackers-public] [Savannah-hackers-private] [gnu.org #830937] Correction Request gnu.org (savannah)

2013-05-20 Thread Ineiev 

On 05/21/2013 03:06 AM, Karl Berry wrote:

 It's absurd that the web interface won't take a
"superuser"'s update as definitive, and need multiple people to flag it,


IFAICT it does take an update by group's admin as definitive, though.

Re: [Savannah-hackers-public] GPL and “All rights reserved”

2013-06-01 Thread Ineiev 

On 06/01/2013 01:58 PM, Aljosha Papsch wrote:

[0] https://savannah.gnu.org/task/index.php?12640


 says:

> ASIC/FPGA mining (primary use) has no such limitations.

Out of curiosity: I wonder whether anything that depends
on FPGA may qualify as free software system.

Re: [Savannah-hackers-public] GPL and “All rights reserved”

2013-06-02 Thread Ineiev 

On 06/02/2013 04:36 PM, James Cloos wrote:

Out of curiosity: I wonder whether anything that depends
on FPGA may qualify as free software system.


KB> If the programmed chips, or instructions for the programming,
KB> are available, why not?  I'm sure I don't get it ...

Most (all?) FPGA chips have undisclosed bitstream formats.  One
typically (always?) has to use closed-source-ware for the final
stage of compilation.  I presume that is what he referred to.


Yes, this is what I mean. I believe I've heard about a programmable
logic chip family (I'm not sure whether they were FPGA or PLD) whose
bitstream specificatons are not secret, but I don't recall ever
hearing of a full free software toolchain for FPGA
(not that I'm following news about it very closely, though)..
and then I imagined: if it is FPGA-based mining, then it is its
programmable logic that does most of the work.

Re: [Savannah-hackers-public] Reviewing of project: Named Constant Generator (GenNC)

2013-08-16 Thread Ineiev 

On 08/15/2013 08:19 PM, Joan Lledó wrote:

README.txt


I wonder whether it is really crucial for files like
README,  AUTHORS, THANKS, ABOUT-NLS to carry copyright
notices.

Re: [Savannah-hackers-public] Reviewing of project: Named Constant Generator (GenNC)

2013-08-16 Thread Ineiev 

On 08/16/2013 10:23 PM, Karl Berry wrote:

ineiev> I wonder whether it is really crucial for files like
> README,  AUTHORS, THANKS, ABOUT-NLS to carry copyright notices.

They are files like any others that will need to be modified as time
goes by.  I personally see no reason why they should be an exception to
needing a license, presuming they are long enough to meet the "dozen or
so lines" criterion.

...

So if you think there is a case for such ancillary files to not require
a license notice in principle, I suggest writing to rms or perhaps
licens...@gnu.org and see if they agree.  Or you can make the case to me
first if you want :).


I see no actual reasons; I just checked the files in the GNU package
I maintain (and it wasn't me who wrote those files originally, it were
more knowledgeable people) and noticed that README and THANKS lack copyright
notices; then I unpacked a GCC distribution tarball and found no copyright
notices in AUTHORS and ABOUT-NLS. probably it's a bug.

Re: [Savannah-hackers-public] Reviewing of project: Named Constant Generator (GenNC)

2013-08-17 Thread Ineiev 

On 08/17/2013 07:09 AM, Eli Zaretskii wrote:

I unpacked a GCC distribution tarball and found no copyright notices
in AUTHORS and ABOUT-NLS. probably it's a bug.


Unless these are generated files.


"When a file is automatically generated from some other file in the
distribution, it is useful for the automatic procedure to copy
the copyright notice and permission notice of the file it is
generated from, if possible. Alternatively, put a notice at
the beginning saying which file it is generated from."

I.e. some kinds of generated files should have a notice.

Re: [Savannah-hackers-public] Reviewing of project: Named Constant Generator (GenNC)

2013-08-17 Thread Ineiev 

On 08/17/2013 08:50 AM, Eli Zaretskii wrote:

I.e. some kinds of generated files should have a notice.


Or just a pointer to the source, as the alternative above suggests.


Yes; the point is that those files include nothing like that.

Re: [Savannah-hackers-public] savane git cannot be committed

2013-10-05 Thread Ineiev 

On 10/05/2013 11:40 AM, Tomasz Konojacki wrote:

Additionally, I'm not sure why, but origin was set to
git://git.sv.gnu.org/administration/savane.git which doesn't seem to be right,
see [1]. So I changed it to 
r...@git.sv.gnu.org:/srv/git/administration/savane.git
and now everything works as expected.


I wonder whether it is actually useful to push from root@frontend.

Re: [Savannah-hackers-public] savane git cannot be committed

2013-10-06 Thread Ineiev 

On 10/05/2013 08:51 PM, Karl Berry wrote:

I wonder whether it is actually useful to push from root@frontend.

Yes, at least to me it is.  Whenever I push from other places I end up
in some kind of git hell.

Beyond that, it is the only safe thing I've found to do.  Like I asked
before, how you can tell what git pull will bring in?


I believe, git fetch origin && git diff origin. (I'm sorry for having
missed your question.)

Re: [Savannah-hackers-public] savane git cannot be committed

2013-10-08 Thread Ineiev 

On 10/07/2013 11:34 PM, Karl Berry wrote:

git fetch origin && git diff origin

Thanks very much.  Unfortunately, the results are disturbing.

The git fetch origin went without incident, ending with:
..

From git://127.0.0.1/savane-cleanup

   91a0400..8ce63e8  master -> origin/master

And I hope the git fetch didn't actually change anything live, because
the git diff origin showed massive diffs.


No; git fetch doesn't change the working copy.


If I'm reading the a/b right,
apparently all the changes over the last several years would be lost,
including changed mysql passwords, spam handling, and tons more.  Here
is how it starts:

vcs(41)#$ pwd


Err.. I thought we were speaking about frontend rather than vcs :)


/usr/src/savane
vcs(42)#$ git diff origin

...

 ---
- Nowadays, 2004-2011
+ Nowadays, 2004-2006
 ---


I.e. "origin" is of 2011, and the working copy is of 2006.


.. followed by some 14,000 additional lines of diffs ...


Maybe it is based on savane-cleanup (the repository in the project of
that name) instead of savane.git (the repository inside administration)?


Yes, savane-cleanup is a wrong repository these days.


At any rate, I guess git pull should not be done under any circumstances
until this is straightened out :).


What I see on vcs is:
- - -
vcs:/usr/src/savane# git status
On branch master
# Your branch is behind 'origin/master' by 25 commits, and can be 
fast-forwarded.
#
# Untracked files:
#   (use "git add ..." to include in what will be committed)
#
#   lib/MANIFEST
#   lib/Makefile.perl.old
nothing added to commit but untracked files present (use "git add" to track)
- - -

In other words, there are essentially no local changes, no local commits
("can be fast-forwarded"), and the working copy is outdated by 25 commits
(WRT savane-cleanup, which is obsolete itself).

Re: [Savannah-hackers-public] gnu.org portions

2013-11-08 Thread Ineiev 

On 11/08/2013 03:10 PM, Joan Lledó wrote:
there's a pending submission whose type is "http://www.gnu.org portions 
". It's this one: https://savannah.gnu.org/task/?12858


This is a mistake. I guess "non-GNU software" was intended.

Re: [Savannah-hackers-public] gnu.org portions

2013-11-09 Thread Ineiev 

On 11/10/2013 12:42 AM, Joan Lledó wrote:

You think so? I've seen other projects that are hosted in Savannah that
are typed as "www.gnu.org portions" and they seem to be just webpages or
translations, e.g. https://savannah.gnu.org/projects/bravegw.


bravegw also includes original (English) pages.


The content of the package of this submission seems to be the same, a
set of translations.


No: I can see a binary (ELF?), ttatcc, a script, install; and those
translations are not translations of web pages.

Re: [Savannah-hackers-public] requirements of a new project in GNU Savannah

2014-08-13 Thread Ineiev 

Hello, Assaf;

On 08/12/2014 10:08 PM, Assaf Gordon wrote:
While reviewing a recent project submission, I commented that I couldn't 
get the project to build because I'm not sure what are the required 
packages.


Karl commented:
On 08/12/2014 05:22 PM, Karl Berry wrote:

In general, it's not necessary that a package compile, let alone
work, to be enabled on savannah.

The crucial thing is, as I guess you know, that the dependencies all
be free software.



To which I replied:
<... snip... >

As a general policy, with so many other possibilities for the
general public to host their software elsewhere, wouldn't GNU
Savannah prefer to raise the bar and hosts projects that at least
preset some level of useability?

With the administration resources already [spread] so thin, adding a
new 'ghost' project that doesn't work or compile doesn't really "add
value" to free software...
 Wouldn't you want to encourage good projects and discourage bad ones?
let other services host those  projects...


Just a datapoint:

I think freedom is the most important quality; if a package is free,
it's generally good [0].

In particular, my only real package submission [1] may have been (barely)
functional, but it wasn't very simple to build (it needed a cross-compiler),
and even harder to test (it run on a custom board). I'm not sure whether
it would pass the prospective criterion, but there is no doubt it was
very important for me, personally.

[0] 
https://www.gnu.org/philosophy/when_free_software_isnt_practically_better.html
[1] https://savannah.gnu.org/task/index.php?5161

Re: [Savannah-hackers-public] requirements of a new project in GNU Savannah

2014-08-14 Thread Ineiev 

On 08/14/2014 12:14 AM, Assaf Gordon wrote:
> The thread at [1] was informative and helpful for the project I'm
> reviewing now.
...
> But if I look at the state of things today,
> for barely functional or non-functional projects, there are many other
> hosting services out there.

There were enough hosting services out there when I filed that
submission. I don't think the situation is crucially different
in this respect today.

> Also, I think it is reasonable today to expect/require certain minimum
> useability from new projects.

Only if that minimum is virtually zero.

> GNU Savannah's resources are scarce - why burden it with projects that
> haven't exhibited even the minimal amount of functionality?

But they don't ask for food, do they?

> There are many stale CVS projects on Savannah (I'd guess more than a
> thousand).
> They no longer contribute anything to GNU Savannah as a concept or a
> community.

This doesn't seem quite correct to me.  I still use uisp; many
www.gnu.org translation teams are "stale", but it doesn't mean
they no longer contribute anything.

> What I'd like to require from new projects, and I (humbly) think it is
> very reasonable these days,
> is that a new project must be able to be build and work on one of the
> "sanctioned" GNU systems (Trisquel/gNewSense),
> and part of the submission form is to put the exact packages and
> commands required to build the project.

Let me see what this means... on my working machine, I usually
either install the packages when needed and forget about them,
or build them from their sources (and in many cases forget about them,
too).

It looks like I'd need a fresh installation (which may have multiple
options); probably it's too much.

> I think this will lead to several things:
> 1. It will "raise the bar" on submitted projects. Not that they are
> necessarily "better" (for what ever definition of "better),
> but it will force the developers to go through several verification
> steps, especially verifying (actually, almost proving) that the project
> can be built using Free Software.

I'm not sure it will; I can understand that it would raise it for
complicated projects, but when the submission is little bigger than
a "hello, world" in Python, the additional effort is infinitesimal.

> 2. It will make evaluation easier.
> If I can follow the build instructions on gNewSense and build the
> project, then by definition, the project's requirements are clear, and
> are Free-Software.

I don't think so: the evaluator would have to get the specific endorsed
distro, and the instructions may be complicated.

Currently, all this is unnecessary.

> 3. It will filter out "one shot" projects.
> There are several projects on GNU Savannah that have just one or two
> commits, then never been touched again.
> It's easy to submit a project when the only requirement is a proper
> copyright statement in a CPP file.
> If a developer is willing to invest time to properly package it and
> ensure it builds on Free-Software system, that it hints (but not
> guarantees, of course) that the developer is more serious about his
> project.

Again, if it's a "hello, world" CPP file, this would hardly filter
it out. usually the developers are really motivated when they
submit the package, and writing two more lines won't stop them,
even in case when their motivation will completely and irreversibly
evaporate the next day after the approval.

> 4. It will allow improving the "How To Get Your Project Approved
> Quickly" wiki page.
> Instead of general verbose instructions "Make sure your project runs
> primarily on a completely free OS" and " to make the approval process
> quicker, give us URLs to your dependencies, ideally with direct links to
> their licenses",
> we could write: "list the commands required to build to project on
> gNewSense or Trisquel".

Err.. this would discriminate against the users of Dynebolic and Dragora.

> No more need for a list of URLs for the evaluator to visit and verify.
...
> The submitter would list them list this:
># Standard gNewSense packages
>sudo apt-get install sqlite3-dev qt4-dev
># Non-standard package PVBROWSER, GPL License:
># http://pvbrowser.de/pvbrowser/index.php?lang=en&menu=5
>wget
> 
http://download.opensuse.org/repositories/home:/pvbrowser/xUbuntu_13.04/amd64/pvbrowser-devel_4.7.6-4.1_amd64.deb
>
>sudo dpkg -i pvbrowser-devel_4.7.6-4.1_amd64.deb
>
> Then evaluating it would be much faster.

I can't see how it would help the evaluator (though it would
certainly make more work for the submitter): it's still
necessary to check whether the dependency is free.
and what if the instructions automatically install additional
software with dependencies?

I don't think Savannah evaluators should run so strict
checks for the dependencies; I believe they can typically rely
on what the developers say.

Re: [Savannah-hackers-public] Running GNU Savannah (frontend) locally

2014-09-02 Thread Ineiev 
Hello,

Just two minor points:

On Mon, Sep 01, 2014 at 08:26:06PM -0400, Assaf Gordon wrote:
> But I think most of the information is *already* public.

In rare cases it may be publicly provided now, but not
in the future; of course, somebody may archive it,
but Savannah does hide or even completely remove it.

> Examples, all as "not logged-in user":
...
> And all the tasks/bugs/patches/etcs with:
>   
> https://savannah.nongnu.org/support/index.php?group=gnewsense&status_id=0&chunksz=100

The private ones aren't public,..

> But I don't even need that, because one can simply iterate all 
> bugs/tasks/patches, by sequential ID:
>   https://savannah.gnu.org/support/index.php?100666

e.g. https://savannah.gnu.org/bugs/index.php?32265

Re: [Savannah-hackers-public] Porting savane from PHP to Perl on version 3.1-cleanup

2014-09-15 Thread Ineiev 

Hello,

On 09/15/2014 06:21 AM, socketpro wrote:
> The bad thing here is that git has trouble moving things
> (file and project history) from project to project.
> It's possible--just extremely cumbersome.

Out of curiosity: why do you need to move it to a separate
repository at all? why just a separate directory won't do?
won't having two repositories make it harder to install
the package?

Re: [Savannah-hackers-public] Include the FSF fundraising banner in GNU Savannah!.

2014-12-14 Thread Ineiev 
On Sat, Dec 13, 2014 at 10:06:39PM -0500, Assaf Gordon wrote:
> However it's important to remember that GNU Savannah is maintained
> by volunteers, and not too many of them.
> The FSF (and the "http://www.gnu.org";) is maintained by the FSF,
> which has a dedicated full-time web developer and several interns.
> GNU Savannah does not have these resources.

A minor correction from a GNU webmaster: www.gnu.org is mostly
maintained by volunteers (Apache configuration is still FSF staff's
responsibility).

What's correct is that Savannah would need a specific solution,
and that Savannah admins' resources are scarce (no, I'm not going
to volunteer implementing it for Savannah).

[Savannah-hackers-public] broken mirrors

2015-11-18 Thread Ineiev 
Hello,

Mirmon [0] suggests three mirrors [1] have been MIA for more than
a year, and one [2] for more than two months.

The records on fencepost suggest that the GNU mirror
on mirror.weathercity.com has been removed in May, 2014;
I found no data for the rest.

How do we maintain Savannah mirror list?

[0] http://download.savannah.gnu.org/mirmon/savannah/
[1] http://mirror.weathercity.com/nongnu/
http://mirrors.openfountain.cl/savannah/
http://savannah.alebcay.tk/
[2] ftp://mirror2.klaus-uwe.me/nongnu/
http://mirror2.klaus-uwe.me/nongnu/


signature.asc
Description: Digital signature

[Savannah-hackers-public] I can't edit my Savannah SSH keys

2016-05-12 Thread Ineiev 
Hello,

Just another data point: when I insert a new key or replace an
existing one or remove it and push "Update" (logged in as ineiev),
it thinks for a while, then shows an empty page at
https://savannah.gnu.org/my/admin/editsshkeys.php

After that, my keys don't change.


signature.asc
Description: Digital signature

[Savannah-hackers-public] Web pages in www don't update

2016-06-16 Thread Ineiev 
Hello,

Recent commits (e.g. the fix on /graphics/graphics.html,
http://web.cvs.savannah.gnu.org/viewvc/www/graphics/graphics.html?root=www&r1=1.166&r2=1.167)
don't show up on www.gnu.org.


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] Web pages in www don't update

2016-06-20 Thread Ineiev 
On Mon, Jun 20, 2016 at 06:12:31PM -0600, Bob Proulx wrote:
> Bob Proulx wrote:
> > Ineiev wrote:
> 
> I see this status update:
> 
>   https://pumprock.net/fsfstatus/note/0GYsAV8mQhO6nYE2aigNDQ
> 
> I assume that web pages are updating now?

Yes, thank you!

Re: [Savannah-hackers-public] [gnu.org #1162706] Website DOWN

2016-11-07 Thread Ineiev 
On Mon, Nov 07, 2016 at 10:29:11AM -0700, Bob Proulx wrote:
> 
> Not I.  The planet.gnu.org web site isn't related to anything
> Savannah.  Your best source of information will be the FSF admins.

Thérèse asked them, they pointed at chapters.gnu.org admins.

As far as I understand, Apache configuration broke there.

Re: [Savannah-hackers-public] cvs migration status

2016-12-15 Thread Ineiev 
Hello,

On Thu, Dec 15, 2016 at 10:40:37PM -0500, Assaf Gordon wrote:
> 
> If you encounter any cvs related issues with savannah,
> or with web pages not being updated - please email us at 
> savannah-hackers-public@gnu.org .

It looks like commit notifications don't come to www-comm...@gnu.org.

Re: [Savannah-hackers-public] cvs migration status

2016-12-16 Thread Ineiev 
On Fri, Dec 16, 2016 at 03:18:16AM -0700, Bob Proulx wrote:
> Ineiev wrote:
> > It looks like commit notifications don't come to www-comm...@gnu.org.
> 
> I saw many messages from new senders to www-commits this night that
> were in the hold queue.  I approved them and sent them on.

I see; now they look like from acco...@savannah.gnu.org, they used
to be from the registered email (ine...@gnu.org in my case).


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] cvs migration status

2016-12-16 Thread Ineiev 
On Fri, Dec 16, 2016 at 08:11:52AM -0500, Ineiev wrote:
> 
> I see; now they look like from acco...@savannah.gnu.org, they used
> to be from the registered email (ine...@gnu.org in my case).

On the other hand, acco...@savannah.gnu.org seems to redirect to
the registered email; not sure what version we really want.


signature.asc
Description: Digital signature

[Savannah-hackers-public] On resetting passwords

2017-02-10 Thread Ineiev 
Hello,

I've just thought that we could use registered GPG keys
to send the links encrypted.

What do people think?
From 77ebda6eb54b1d6e6b4e1428bcc3ef7807995d37 Mon Sep 17 00:00:00 2001
From: Ineiev 
Date: Fri, 10 Feb 2017 12:10:55 +
Subject: [PATCH] Encrypt message to GPG key when available.

---
 frontend/php/account/lostpw-confirm.php |   54 +++
 1 file changed, 54 insertions(+)

diff --git a/frontend/php/account/lostpw-confirm.php b/frontend/php/account/lostpw-confirm.php
index a4dc5cd..96a90c3 100644
--- a/frontend/php/account/lostpw-confirm.php
+++ b/frontend/php/account/lostpw-confirm.php
@@ -4,6 +4,7 @@
 # Copyright 1999-2000 (c) The SourceForge Crew
 # Copyright 2004-2005 (c) Mathieu Roy 
 #  Joxean Koret 
+# Copyright 2017 (c) Ineiev 
 #
 # This file is part of Savane.
 # 
@@ -140,6 +141,55 @@ $message_for_admin =
 . gmdate('D, d M Y H:i:s \G\M\T')
  . "\n";
 
+$message_enc = "";
+$temp_dir = shell_exec('echo -n `mktemp --tmpdir -d lostpw.`');
+if($temp_dir != "")
+  {
+# Import registered GPG key to temporary directory.
+$temp_dir = "'".$temp_dir."'";
+$res_gpg = db_execute("SELECT gpg_key FROM user WHERE user_id=?",
+  array($row_user['user_id']));
+$row_gpg = db_fetch_array($res_gpg);
+
+$gpg_process = popen('gpg --homedir '.$temp_dir.' --import 2>/dev/null >/dev/null',
+ 'w');
+fwrite($gpg_process, $row_gpg['gpg_key']);
+pclose($gpg_process);
+
+# Find first key with encryption capability; get its ID.
+$gpg_command = 'gpg --homedir '.$temp_dir.' --list-keys --with-colons 2>/dev/null';
+$gpg_command = $gpg_command." | awk -F ':' '";
+$gpg_command = $gpg_command.'$1 == "pub" { if($12 !~ /[eE]/) next; ';
+$gpg_command = $gpg_command.'if($5 == "") next; printf("%s", $5); exit(0); }';
+$gpg_command = $gpg_command."'";
+$key_id = shell_exec($gpg_command);
+
+if($key_id != "")
+  {
+$temp_file = shell_exec('echo -n `mktemp --tmpdir lostpw.`');
+if($temp_file != "")
+  {
+# Encrypt message.
+$temp_file = "'".$temp_file."'";
+$gpg_command = 'gpg --homedir '.$temp_dir.' --batch -a --encrypt ';
+$gpg_command = $gpg_command.'--trust-model always -r '.$key_id;
+$gpg_command = $gpg_command." > ".$temp_file;
+$gpg_process = popen($gpg_command, 'w');
+fwrite($gpg_process, $message);
+pclose($gpg_process);
+$message_enc = shell_exec("cat ".$temp_file);
+shell_exec('rm -f '.$temp_file);
+  }
+  }
+
+shell_exec('rm -fr '.$temp_dir);
+
+if($message_enc != "")
+  {
+$message = $message_enc;
+  }
+  }
+
 sendmail_mail($GLOBALS['sys_mail_replyto']."@".$GLOBALS['sys_mail_domain'],
 	  $row_user['email'],
 	  $GLOBALS['sys_default_domain']." Verification",
@@ -159,6 +209,10 @@ $HTML->header(array('title'=>_("Lost Password Confirmation")));
 
 print ''._("An email has been sent to the address you have on file.").'';
 print ''._("Follow the instructions in the email to change your account password.").'';
+if($message_enc != "")
+  {
+print ''._("Note that it was encrypted with your registered GPG key.").'';
+  }
 ;
 
 $HTML->footer(array());
-- 
1.7.9.5



signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] On resetting passwords

2017-02-14 Thread Ineiev 
Hi, Bob;

On Mon, Feb 13, 2017 at 06:03:10PM -0700, Bob Proulx wrote:
>
... 
> I think it would need to be a persistent
> user preference option saved in the database.  One could set it as a
> preference for their account.

Agreed.

> As to implementation I would prefer if this were implemented in two
> parts with a second part being an external standalone helper.  This is
> just my preference and philosophy and others might disagree but
> approaching Savannah's web code from the outside it is best for me if
> I can operate components in isolation.  So that it can be tested
> standalone.  This touches upon several different components and when
> things change, such as GnuPG version, then how will we unit test the
> feature?  Therefore my preference would be to have the encrypted email
> feature be implemented with a standalone helper that could operate
> independently of the web server.  Your prototype already makes use of
> external processes so this would be no different.  It would just
> locate more of the work in a helper script.  But then the helper
> script would be run standalone for unit testing and verifying the
> interface to gpg and the system.

I think I come up with something like this, but the arguments
for mysql are far from intuitive, I wonder how robust this part is.
From d8a34a47c1ab14ee22d1c75a385bab1c25f56786 Mon Sep 17 00:00:00 2001
From: Ineiev 
Date: Fri, 10 Feb 2017 15:10:55 +0300
Subject: [PATCH] Encrypt message to GPG key when available.

---
 frontend/perl/encrypt-to-user/index.pl  | 134 
 frontend/php/account/lostpw-confirm.php |  34 
 frontend/php/my/admin/index.php |  13 +++-
 3 files changed, 180 insertions(+), 1 deletion(-)
 create mode 100644 frontend/perl/encrypt-to-user/index.pl

diff --git a/frontend/perl/encrypt-to-user/index.pl b/frontend/perl/encrypt-to-user/index.pl
new file mode 100644
index 000..be1345d
--- /dev/null
+++ b/frontend/perl/encrypt-to-user/index.pl
@@ -0,0 +1,134 @@
+#! /usr/bin/perl
+# Encrypt a message to specified savane user
+#
+# Copyright 2017 (c) Ineiev 
+#
+# This file is part of Savane.
+#
+# Savane is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# Savane is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+use strict;
+use DBI;
+use File::Temp qw(tempdir tempfile);
+use Getopt::Long;
+my $getopt;
+my $help;
+my $user;
+my $sys_dbname;
+my $sys_dbhost;
+my $sys_dbuser;
+my $sys_dbparams;
+my $sys_dbpasswd;
+
+eval {
+$getopt = GetOptions("help" => \$help,
+ "user=s" => \$user,
+ "dbname=s" => \$sys_dbname,
+ "dbhost:s" => \$sys_dbhost,
+ "dbuser=s" => \$sys_dbuser,
+ "dbparams:s" => \$sys_dbparams,
+ "dbpasswd:s" => \$sys_dbpasswd);
+};
+
+sub print_help {
+print STDERR <connect('DBI:mysql:database='.$sys_dbname
+		   .':host='.$sys_dbhost
+		   .':'.$sys_dbparams,
+   $sys_dbuser, $sys_dbpasswd,
+   { RaiseError => 1, AutoCommit => 1});
+
+## Encrypt to user GPG key if available
+# arg1 : user id
+# arg2 : message
+# return encrypted message when encryption succeeded,
+#empty string encryption failed.
+sub UserEncrypt {
+my ($user, $message) = @_;
+my $key = $dbd->selectrow_array("SELECT gpg_key FROM user WHERE user_id=".$user);
+
+return "" unless $key ne "";
+
+my ($mh, $mname) = tempfile(UNLINK => 1);
+my $temp_dir = tempdir(CLEANUP => 1);
+my $input;
+my $key_id = "";
+my $msg = "";
+
+print $mh $message;
+
+open($input, '|-', 'gpg --homedir='.$temp_dir.' -q --import');
+print $input $key;
+close($input);
+
+# Get the first ID of a public key with encryption capability.
+open($input, '-|', 'gpg --homedir='.$temp_dir.
+   ' --list-keys --with-colons 2> /dev/null');
+while(<$input>)
+  {
+if(!/^pub/)
+  {
+next;
+  }
+my @fields = split /:/;
+if(@fields[11] !~ /[eE]/)
+  {
+next;
+

[Savannah-hackers-public] can't edit mirror list

2017-02-25 Thread Ineiev 
Hello,

When logging in r...@download0.sv.gnu.org, I can't edit
/srv/download/00_MIRRORS.html, it says 'permission denied';
how is Savannah mirror list supposed to be edited?


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] can't edit mirror list

2017-02-25 Thread Ineiev 
On Sat, Feb 25, 2017 at 12:37:49PM -0500, Assaf Gordon wrote:
> 
> I assumed you logged in as "root".
> Due to the way the new server is setup, the files are actually on the
> old servers and are NFS-mounted from the previous server
> 'olddownload.sv.gnu.org' (with "root_squash" I believe).
> 
> As a temporary work-around,
> can you try to login to olddownload.sv.gnu.org ,
> and edit the file directly ?
> That should work, but if not - please let us know.

Thank you, I was able to edit that file.


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] On resetting passwords

2017-03-05 Thread Ineiev 
On Tue, Feb 14, 2017 at 11:13:38AM -0500, Ineiev wrote:
> 
> > As to implementation I would prefer if this were implemented in two
> > parts with a second part being an external standalone helper.  This is
> > just my preference and philosophy and others might disagree but
> > approaching Savannah's web code from the outside it is best for me if
> > I can operate components in isolation.  So that it can be tested
> > standalone.  This touches upon several different components and when
> > things change, such as GnuPG version, then how will we unit test the
> > feature?  Therefore my preference would be to have the encrypted email
> > feature be implemented with a standalone helper that could operate
> > independently of the web server.  Your prototype already makes use of
> > external processes so this would be no different.  It would just
> > locate more of the work in a helper script.  But then the helper
> > script would be run standalone for unit testing and verifying the
> > interface to gpg and the system.
> 
> I think I come up with something like this, but the arguments
> for mysql are far from intuitive, I wonder how robust this part is.

Perhaps the appached diff is better.
From e4aaaf56ea53a10c893f5d73c17103c9b12c8c7e Mon Sep 17 00:00:00 2001
From: Ineiev 
Date: Fri, 10 Feb 2017 15:10:55 +0300
Subject: [PATCH] Encrypt message with GPG key when available.

---
 frontend/perl/encrypt-to-user/index.pl  | 134 
 frontend/php/account/lostpw-confirm.php |  34 
 frontend/php/my/admin/index.php |  18 -
 3 files changed, 185 insertions(+), 1 deletion(-)
 create mode 100644 frontend/perl/encrypt-to-user/index.pl

diff --git a/frontend/perl/encrypt-to-user/index.pl b/frontend/perl/encrypt-to-user/index.pl
new file mode 100644
index 000..13e4dd9
--- /dev/null
+++ b/frontend/perl/encrypt-to-user/index.pl
@@ -0,0 +1,134 @@
+#! /usr/bin/perl
+# Encrypt a message to specified savane user.
+#
+# Copyright 2017 (c) Ineiev 
+#
+# This file is part of Savane.
+#
+# Savane is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# Savane is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+use strict;
+use DBI;
+use File::Temp qw(tempdir tempfile);
+use Getopt::Long;
+my $getopt;
+my $help;
+my $user;
+my $sys_dbname;
+my $sys_dbhost;
+my $sys_dbuser;
+my $sys_dbparams;
+my $sys_dbpasswd;
+
+eval {
+$getopt = GetOptions("help" => \$help,
+ "user=s" => \$user,
+ "dbname=s" => \$sys_dbname,
+ "dbhost:s" => \$sys_dbhost,
+ "dbuser=s" => \$sys_dbuser,
+ "dbparams:s" => \$sys_dbparams,
+ "dbpasswd:s" => \$sys_dbpasswd);
+};
+
+sub print_help {
+print STDERR <connect('DBI:mysql:database='.$sys_dbname
+		   .':host='.$sys_dbhost
+		   .$sys_dbparams,
+   $sys_dbuser, $sys_dbpasswd,
+   { RaiseError => 1, AutoCommit => 1});
+
+## Encrypt to user GPG key if available
+# arg1 : user id
+# arg2 : message
+# return encrypted message when encryption succeeded,
+#empty string encryption failed.
+sub UserEncrypt {
+my ($user, $message) = @_;
+my $key = $dbd->selectrow_array("SELECT gpg_key FROM user WHERE user_id=".$user);
+
+return "" unless $key ne "";
+
+my ($mh, $mname) = tempfile(UNLINK => 1);
+my $temp_dir = tempdir(CLEANUP => 1);
+my $input;
+my $key_id = "";
+my $msg = "";
+
+print $mh $message;
+
+open($input, '|-', 'gpg --homedir='.$temp_dir.' -q --import');
+print $input $key;
+close($input);
+
+# Get the first ID of a public key with encryption capability.
+open($input, '-|', 'gpg --homedir='.$temp_dir.
+   ' --list-keys --with-colons 2> /dev/null');
+while(<$input>)
+  {
+if(!/^pub/)
+  {
+next;
+  }
+my @fields = split /:/;
+if(@fields[11] !~ /[eE]/)
+  {
+next;
+  }
+$key_id = @fields[4];
+last unless $key_id eq "

Re: [Savannah-hackers-public] On resetting passwords

2017-03-09 Thread Ineiev 
On Sun, Mar 05, 2017 at 04:51:42AM -0500, Ineiev wrote:
> 
> Perhaps the appached diff is better.

Shall I install it?


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] On resetting passwords

2017-03-11 Thread Ineiev 
Hello, Assaf!

On Fri, Mar 10, 2017 at 03:59:40PM +, Assaf Gordon wrote:
> 1.
> not passing user/pw for database from the PHP to the PERL script
> as command-line arguments.

Do you think it would be better if I passed them in the first lines
of the input?

> Bob re-wrote 'sv_get_authorized_keys' in Perl
> with example of how to access the config file with the DB passwords,
> see vcs0:/root/bin/sv_get_authorized_keys .

It uses hard-coded paths in the Perl code; these paths don't work
on my local Savane installation.

> 2.
> not including hard-coded paths in the PHP code.
> Based on our recent migration efforts, this is bound to cause troubles
> later.

I can only see "/usr/bin/perl". do you think "perl" would be better?

> 3.
> It would be good to add a lot more input validation and error checking
> in the perl script.
> Again based on our recent efforts, chasing obscure errors
> in nginx's log from scripts executed by the PHP frontend is not fun.
>
> 4.
> I'm a bit wary of executing gpg in this way based on un-sanitized user
> input. Basically, the script takes whatever the user uploaded as his
> GPG key and pipes it into GPG.
> This sounds like inviting problems.

Savane already uses it this way; if we would like to sanitize
the input, we should do it when the user submits the key. and to tell
the truth, I'm not sure how to sanitize it otherwise than
to actually submit it to GPG.

> 5.
> The 'open' command should escape/sanitize the parameters before
> executing them as shell commands (e.g. the "$key_id" which is
> set by the user who uploads the GPG key, but could be others
> that I've missed).

$key_id is set by GPG after parsing user's certificate. I can't
think of a way to usefully sanitize it.

> 6.
> There seems to be an implicit requirement that the uploaded
> key be able to encrypt (based on the comment "Get the first ID of a
> public key with encryption capability.").
> To be user-friendly, this requires proper error checking and
> reporting if no such key is found.
> Otherwise we're just inviting lots of support calls from confused users.

I agree that more detailed reporting wouldn't hurt.

> Lastly,
> If you'd like to have a dedicated development environment for you
> (e.g. 'https://ineiev.frontend0.sv.gnu.org') where you can
> experiment with new features, let me know and I'll be happy to
> set it up.

Sincerely speaking, I'd prefer if you improved the instructions
on how to run Savane locally without having to ask for such
an environment: the previous version worked better for me,
because the current one required a PHP version I don't
always have (instead of Apache), and I had some issues
with database initialization.

Thank you!


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] On resetting passwords

2017-03-19 Thread Ineiev 
I think the attached revision addresses points 1. (the parameters
are passed through the input stream), 2. (it doesn't use absolute path
to the Perl executable), 6. (the errors are shown to the user).

I'll need more hints to address points 3. (what more validation
and error checking could be used in the Perl script), 4. (I don't know
how we could usefully sanitize GPG input), 5. (how the 'open'
command should escape parameters before executing them as shell
commands).
From af37cf2575b395af0c4ba30cf04e58a42eb482f5 Mon Sep 17 00:00:00 2001
From: Ineiev 
Date: Fri, 10 Feb 2017 15:10:55 +0300
Subject: [PATCH] Encrypt message with GPG key when available.

---
 frontend/perl/encrypt-to-user/index.pl  | 146 
 frontend/php/account/lostpw-confirm.php |  50 ++-
 frontend/php/my/admin/index.php |  18 +++-
 3 files changed, 212 insertions(+), 2 deletions(-)
 create mode 100644 frontend/perl/encrypt-to-user/index.pl

diff --git a/frontend/perl/encrypt-to-user/index.pl b/frontend/perl/encrypt-to-user/index.pl
new file mode 100644
index 000..395e3be
--- /dev/null
+++ b/frontend/perl/encrypt-to-user/index.pl
@@ -0,0 +1,146 @@
+#! /usr/bin/perl
+# Encrypt a message to specified savane user.
+#
+# Copyright 2017 (c) Ineiev 
+#
+# This file is part of Savane.
+#
+# Savane is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# Savane is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+use strict;
+use DBI;
+use File::Temp qw(tempdir tempfile);
+use Getopt::Long;
+my $getopt;
+my $help;
+my $user;
+my $sys_dbname;
+my $sys_dbhost;
+my $sys_dbuser;
+my $sys_dbparams;
+my $sys_dbpasswd;
+my $exit_code = 0;
+
+eval {
+$getopt = GetOptions("help" => \$help,
+ "user=s" => \$user,
+ "dbname=s" => \$sys_dbname,
+ "dbhost:s" => \$sys_dbhost,
+ "dbparams:s" => \$sys_dbparams);
+};
+
+sub print_help {
+print STDERR < or die "No database user is supplied.";
+$sys_dbpasswd = <> or die "No database password is supplied.";
+
+$sys_dbuser =~ s/\n$//;
+$sys_dbpasswd =~ s/\n$//;
+
+our $dbd = DBI->connect('DBI:mysql:database='.$sys_dbname
+		   .':host='.$sys_dbhost
+		   .$sys_dbparams,
+   $sys_dbuser, $sys_dbpasswd,
+   { RaiseError => 1, AutoCommit => 1});
+
+## Encrypt to user GPG key if available
+# arg1: user id
+# arg2: message
+# return encrypted message when encryption succeeded,
+#empty string encryption failed.
+# Exit codes:
+#   0 when encryption succeeded,
+#   1 when it failed,
+#   2 when no suitable key was found.
+sub UserEncrypt {
+my ($user, $message) = @_;
+my $key = $dbd->selectrow_array("SELECT gpg_key FROM user WHERE user_id=".$user);
+
+return "" unless $key ne "";
+
+my ($mh, $mname) = tempfile(UNLINK => 1);
+my $temp_dir = tempdir(CLEANUP => 1);
+my $input;
+my $key_id = "";
+my $msg = "";
+
+print $mh $message;
+
+$exit_code = 2;
+open($input, '|-', 'gpg --homedir='.$temp_dir.' -q --import');
+print $input $key;
+close($input) or return "";
+
+# Get the first ID of a public key with encryption capability.
+open($input, '-|', 'gpg --homedir='.$temp_dir.
+   ' --list-keys --with-colons 2> /dev/null');
+while(<$input>)
+  {
+if(!/^pub/)
+  {
+next;
+  }
+my @fields = split /:/;
+if(@fields[11] !~ /[eE]/)
+  {
+next;
+  }
+$key_id = @fields[4];
+last unless $key_id eq "";
+  }
+close($input) or return "";
+return "" unless $key_id ne "";
+$exit_code = 1;
+open($input, '-|', 'gpg --homedir='.$temp_dir.
+   ' --trust-model always --batch -a --encrypt -r '
+   .$key_id." -o - ".$mname);
+while(<$input>)
+  {
+$msg = $msg.$_;
+  }
+close $input and $exit_code = 0;
+return "" unless $msg ne "";
+return $msg;
+}
+
+my $msg = "&q

Re: [Savannah-hackers-public] On resetting passwords

2017-04-08 Thread Ineiev 
On Sun, Mar 19, 2017 at 01:19:05PM -0400, Ineiev wrote:
>
> I'll need more hints to address points 3. (what more validation
> and error checking could be used in the Perl script), 4. (I don't know
> how we could usefully sanitize GPG input), 5. (how the 'open'
> command should escape parameters before executing them as shell
> commands).

This is to address points 3. (more checking is added to the Perl
script) and 5. (a check is added to make sure that key_id is
a hexadecimal number). I still doubt we really need to run any
checks on the provided GPG key: typical gpg usage includes
importing keys from untrusted key servers.
From 3546b4b74719f74f8af7cafc10e23439553a001a Mon Sep 17 00:00:00 2001
From: Ineiev 
Date: Fri, 10 Feb 2017 15:10:55 +0300
Subject: [PATCH] Encrypt message with GPG key when available.

---
 frontend/perl/encrypt-to-user/index.pl  | 157 
 frontend/php/account/lostpw-confirm.php |  56 +++-
 frontend/php/my/admin/index.php |  18 +++-
 3 files changed, 229 insertions(+), 2 deletions(-)
 create mode 100644 frontend/perl/encrypt-to-user/index.pl

diff --git a/frontend/perl/encrypt-to-user/index.pl b/frontend/perl/encrypt-to-user/index.pl
new file mode 100644
index 000..8729b5b
--- /dev/null
+++ b/frontend/perl/encrypt-to-user/index.pl
@@ -0,0 +1,157 @@
+#! /usr/bin/perl
+# Encrypt a message to specified savane user.
+#
+# Copyright 2017 (c) Ineiev 
+#
+# This file is part of Savane.
+#
+# Savane is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# Savane is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+use strict;
+use DBI;
+use File::Temp qw(tempdir tempfile);
+use Getopt::Long;
+my $getopt;
+my $help;
+my $user;
+my $sys_dbname;
+my $sys_dbhost;
+my $sys_dbuser;
+my $sys_dbparams;
+my $sys_dbpasswd;
+my $exit_code = 0;
+
+eval {
+$getopt = GetOptions("help" => \$help,
+ "user=s" => \$user,
+ "dbname=s" => \$sys_dbname,
+ "dbhost:s" => \$sys_dbhost,
+ "dbparams:s" => \$sys_dbparams);
+};
+
+sub print_help {
+print STDERR < or die "No database user is supplied.";
+$sys_dbpasswd = <> or die "No database password is supplied.";
+
+$sys_dbuser =~ s/\n$//;
+$sys_dbpasswd =~ s/\n$//;
+
+our $dbd = DBI->connect('DBI:mysql:database='.$sys_dbname
+		   .':host='.$sys_dbhost
+		   .$sys_dbparams,
+   $sys_dbuser, $sys_dbpasswd,
+   { RaiseError => 1, AutoCommit => 1});
+
+## Encrypt to user GPG key if available
+# arg1: user id
+# arg2: message
+# return encrypted message when encryption succeeded,
+#empty string encryption failed.
+# Exit codes:
+#   0 when encryption succeeded,
+#   1 when it failed,
+#   2 when no suitable key was found,
+#   3 when key selection error occurred,
+#   4 when creating temporary files failed,
+#   5 when extracted key_id is invalid.
+sub UserEncrypt {
+my ($user, $message) = @_;
+my $key = $dbd->selectrow_array("SELECT gpg_key FROM user WHERE user_id=".$user);
+
+$exit_code = 3;
+return "" unless $key ne "";
+
+$exit_code = 4;
+
+my ($mh, $mname) = tempfile(UNLINK => 1);
+return "" if $mname eq "";
+
+my $temp_dir = tempdir(CLEANUP => 1);
+return "" if $temp_dir eq "";
+
+my $input;
+my $key_id = "";
+my $msg = "";
+
+print $mh $message;
+
+$exit_code = 2;
+open($input, '|-', 'gpg --homedir='.$temp_dir.' -q --import');
+print $input $key;
+close($input) or return "";
+
+# Get the first ID of a public key with encryption capability.
+open($input, '-|', 'gpg --homedir='.$temp_dir.
+   ' --list-keys --with-colons 2> /dev/null');
+while(<$input>)
+  {
+if(!/^pub/)
+  {
+next;
+  }
+my @fields = split /:/;
+if(@fields[11] !~ /[eE]/)
+  {
+next;
+  }
+$key_id = @fields[4];
+last unless $key_id eq "";
+  }
+close($input) or return "";
+return "" unless $key_i

Re: [Savannah-hackers-public] On resetting passwords

2017-04-22 Thread Ineiev 
On Sat, Apr 08, 2017 at 08:20:45AM -0400, Ineiev wrote:
> On Sun, Mar 19, 2017 at 01:19:05PM -0400, Ineiev wrote:
> >
> > I'll need more hints to address points 3. (what more validation
> > and error checking could be used in the Perl script), 4. (I don't know
> > how we could usefully sanitize GPG input), 5. (how the 'open'
> > command should escape parameters before executing them as shell
> > commands).
> 
> This is to address points 3. (more checking is added to the Perl
> script) and 5. (a check is added to make sure that key_id is
> a hexadecimal number). I still doubt we really need to run any
> checks on the provided GPG key: typical gpg usage includes
> importing keys from untrusted key servers.

I have no more amendments; if there are no further comments,
I'll push it.


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] On resetting passwords

2017-04-30 Thread Ineiev 
On Sun, Apr 23, 2017 at 02:21:56AM -0400, Ineiev wrote:
> 
> I have no more amendments; if there are no further comments,
> I'll push it.

Pushed and installed.


signature.asc
Description: Digital signature

[Savannah-hackers-public] Apache 2.0 license is missing

2017-05-08 Thread Ineiev 
Hello,

It looks like Apache 2.0 license is missing from the list suggested
in group registration form. perhaps we could add it.


signature.asc
Description: Digital signature

[Savannah-hackers-public] Savane i18n

2017-05-16 Thread Ineiev 
Hello,

I'd like to work on enabling i18n support of Savannah.
I think in the short run it will amount in committing
some updates like pulling a newer po.m4 from gettext,
extracting new messages, registering it on TranslationProject.

Any stoppers?


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] Typos in Savane strings

2017-06-11 Thread Ineiev 
Hello, Anders!

On Sun, Jun 11, 2017 at 12:01:57AM +0200, Anders Jonsson wrote:
> when looking to update the translation of Savane at
> Translationproject, I found some typos in the strings of Savane.
> 
> Below are the misspelled words along with suggested spellings.
> 
> 
> >attachement
> "attachment"
...
> >substrigs
> "substrings"

Thank you, fixed in Git.


signature.asc
Description: Digital signature

[Savannah-hackers-public] Savane i18n (step 2)

2017-06-20 Thread Ineiev 
Hello,

Savane has been registered on the TranslationProject; now missing
parts of its user interface should be made localizable.

I'd like to start with what currently is maintained
as 'administration' 'web pages'. in theory, people can add
localized versions of those files right to that CVS repository,
but that doesn't integrate with the TP and offers no automatic means
to track the changes in the original files, so in practice only
some French translations have ever been added.

I suggest maintaining those files in Savane Git repository
(under frontend/site-specific/); they would be linked
as 'php' subdirectories to current working copy of
'administration' 'web pages', and Savane would check if a file
exists in php/ first, and fallback to the old path if it doesn't.

Then, in order to be localizable, files in frontend/site-specific/
would be converted to PHP and marked for i18n.

I attach a tentative patch against current HEAD for the reference.

Thank you!


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] Savane i18n (step 2)

2017-06-20 Thread Ineiev 
On Tue, Jun 20, 2017 at 03:03:19AM -0400, Ineiev wrote:
> 
> I attach a tentative patch against current HEAD for the reference.

Actually attaching.


0001-import-webpages.patch.gz
Description: Binary data


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] Helping in translation

2017-06-26 Thread Ineiev 
Hello, Vinicius!

On Mon, Jun 26, 2017 at 11:46:55PM -0300, Vinicius Melo wrote:
> 
> I can help you on translating the web interface! How can I start?

Savane translations are managed via the Translation Project.
Please join the pt_BR team,
https://translationproject.org/team/pt_BR.html

Thank you!


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] switched off site-specific register/index

2017-06-26 Thread Ineiev 
Hi, Assaf;

On Mon, Jun 26, 2017 at 07:09:58PM +, Assaf Gordon wrote:
> 
> So every modified line looks like I modified it (with 'git blame'),
> but in fact that line was commented out before (in
> ./frontend/php/register2/index.php).
> 
> A simple way to examine this is to checkout one commit before
> said commit, then do 'git blame':
> 
>$ git checkout 8984ae^1
>HEAD is now at d23caef... sv_membersh.in: improve BZR settings
> 
>$ git blame frontend/php/register2/index.php
>...
>18ddd313 (Sylvain Beucler 2008-03-30 17:47:33 +0200  58) } else {
>18ddd313 (Sylvain Beucler 2008-03-30 17:47:33 +0200  59)# get 
> site-specific content
>18ddd313 (Sylvain Beucler 2008-03-30 17:47:33 +0200  60) #  
> utils_get_content("register/index");
>18ddd313 (Sylvain Beucler 2008-03-30 17:47:33 +0200  61) }
>...
> 
> And based on that, I think the content file 
> '/etc/savane/content/gnu-content/register/index'
> has not been used for a long, long time.

I see; so it was intended, but unmotivated. I wonder if we should restore
that line.


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] Emails from savannah i18n-dev site

2017-06-26 Thread Ineiev 
On Mon, Jun 26, 2017 at 07:18:18PM +, Assaf Gordon wrote:
> 
> I noticed you (or someone working with you)

It's just me.

> is experimenting
> with the i18n-dev savannah website - that's awesome!

...
> But if you wanted to receive them for debugging, you can
> change the following file:
>   frontend0:/home/i18n/savannah/etc/savane/.savane.conf.php
> 
> And the following line:
>   $sys_debug_email_override_address = "assafgor...@gmail.com";

Thank you, I've updated it.


signature.asc
Description: Digital signature

[Savannah-hackers-public] changing password when registering

2017-06-27 Thread Ineiev 
Hello,

In savane/frontend/php/account/register.php, I see a message
like "For better security we advise you to change your password
as soon as possible." (it's sent in the confirmation message).

I wonder why; is the procedure for changing the password
inherently more secure?


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] changing password when registering

2017-06-29 Thread Ineiev 
On Thu, Jun 29, 2017 at 06:21:22PM -0600, Bob Proulx wrote:
> Ineiev wrote:
> > In savane/frontend/php/account/register.php, I see a message
> > like "For better security we advise you to change your password
> > as soon as possible." (it's sent in the confirmation message).
>
> That is in the link sent by email to the person to confirm their email
> address, right?

Yes.

> > I wonder why; is the procedure for changing the password
> > inherently more secure?
>
> The link sent to you by email may be easedropped upon.  But when you
> connect with https then if you trust the CA (certificate authority)
> that signed the https certificate (historically there have been
> problems with that) then you can trust that your connection to the
> site is secure.  Changing your password over https should be very
> secure.  More so than if anything is sent to you by email.
>
> Also I will note that there have been some incidents at other sites
> where SMS text messages were subverted.  Therefore SMS tokens are not
> good security either.

The registration form (including the password) is sent over HTTPS,
so it should be equally secure. plain-text email isn't secure,
and I can see how it could be used to register with other person's
email account, but it isn't clear to me how one could use the hash
to compromise the password.


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] changing password when registering

2017-07-03 Thread Ineiev 
On Fri, Jun 30, 2017 at 01:54:45AM -0400, Ineiev wrote:
> On Thu, Jun 29, 2017 at 06:21:22PM -0600, Bob Proulx wrote:
> > Ineiev wrote:
> > > In savane/frontend/php/account/register.php, I see a message
> > > like "For better security we advise you to change your password
> > > as soon as possible." (it's sent in the confirmation message).
...
> > The link sent to you by email may be easedropped upon.  But when you
> > connect with https then if you trust the CA (certificate authority)
> > that signed the https certificate (historically there have been
> > problems with that) then you can trust that your connection to the
> > site is secure.  Changing your password over https should be very
> > secure.  More so than if anything is sent to you by email.
> >
> > Also I will note that there have been some incidents at other sites
> > where SMS text messages were subverted.  Therefore SMS tokens are not
> > good security either.
> 
> The registration form (including the password) is sent over HTTPS,
> so it should be equally secure. plain-text email isn't secure,
> and I can see how it could be used to register with other person's
> email account, but it isn't clear to me how one could use the hash
> to compromise the password.

If we can't find the reason, I'd suggest to replace that notice
with a recommendation to register a GPG key like "For better
security we advise you to register an encryption-capable GPG key
and enable sending password reset messages encrypted; in which
case, be sure to request a reset and check that you actually can read
those messages."


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] Savane i18n (step 2.5)

2017-07-13 Thread Ineiev 
Hello,

I haven't reviewed i18n of all frontend sources, but the branch
has grown long enough, and it contains some changes unrelated to
i18n itself (most notably, preview for tracker comments); so
I'd like to fast-forward master to i18n-2017-07-13 and install it.


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] Savane i18n (step 2.5)

2017-07-15 Thread Ineiev 
On Fri, Jul 14, 2017 at 09:50:13PM -0400, Assaf Gordon wrote:
> 
> If I may suggest/comment on few things:

Thanks!

> 1.
> This commit introduces a $GLOBAL variable:
> https://git.savannah.gnu.org/cgit/administration/savane.git/commit/?h=i18n-2017-07-13&id=ea1a4f617e8e7f30f1a693da9b4a67ef941ff312
> It is not explained (in git or code comments) what is this for.
> Is this a per-user-session variable? if so, is $GLOBAL the best place for it?
> So far, to my limited understanding, PHP $GLOBALS have been used solely for 
> configuration
> items, and then they have initialization in the "includes" PHP and the 
> "/etc/savanah/.savanh.conf.php"
> file.

Just to make it clear for me: $GLOBALS is a way to access variables
from global scope. $ffeedback is one of such variables, and it's
in fact per-request. The new variable is used instead of $ffeedback
in a similar way.

> 2.
> This is perhaps a stylistic issue, but I wouldn't remove other people's
> copyright notice from files, even if most of the code they wrote is gone.
> They did work on the file...
> https://git.savannah.gnu.org/cgit/administration/savane.git/commit/?h=i18n-2017-07-13&id=42db98526decb7e96acd35937677981efc31e8d3

From the previous revision, just one line of code remained,
it's not copyrightable.

> 3.
> What is the purpose of this commit?
> I could not figure out from the minimal code, and there are no comments:
> https://git.savannah.gnu.org/cgit/administration/savane.git/commit/?h=i18n-2017-07-13&id=4ec7cc50553196ade45947073b7b80bca1a58cc0

The target in the makefile that extracts localized strings scans
for files ending in .php and .class, but a few PHP files had
no extension. I added links to make the target work.

Probably I should write a more detailed commit log.

> 4.
> This is a very large commit:
> https://git.savannah.gnu.org/cgit/administration/savane.git/commit/?h=i18n-2017-07-13&id=dc86c0388fc8fccd19cc22a4ffb50bb8378be177
> 
> But somewhere in the middle it contains the following:
> 
> +  $job_categories_as_of_2017_06 = array(_("None"),
> +_("Developer"),
> +_("Project Manager"),
> +_("Unix Admin"),
> +_("Doc Writer"),
> +_("Tester"),
> +_("Support Manager"),
> +_("Graphic/Other Designer"),
> +_("Translator"),
> +_("Other"));
> 
> Isn't that hard-coding values that are in the database?

Not really: it exposes those values for i18n. actually, we may want
to store them in hashes.txt rather than in the database,
like our license list (but then we'll need to rework some code).

> 5.
> There are several very large commits titled "review localized strings",
> e.g.
> https://git.savannah.gnu.org/cgit/administration/savane.git/commit/?h=i18n-2017-07-13&id=dc86c0388fc8fccd19cc22a4ffb50bb8378be177
> https://git.savannah.gnu.org/cgit/administration/savane.git/commit/?h=i18n-2017-07-13&id=dc86c0388fc8fccd19cc22a4ffb50bb8378be177
> https://git.savannah.gnu.org/cgit/administration/savane.git/commit/?h=i18n-2017-07-13&id=bd382290a6a4a23afbb3e530c565cbb224ad2739
> 
> They touch thousands of lines, and most of the changed lines have
> nothing to do with localization (e.g. reformatting/breaking lines,
> changing indentation, changing upper to lower case, adding HTML tags like 
> ).
> 
> I must admit I only skimmed through them.
> It would be easier to understand if those were broken down per topic
> (i.e. if "localization" - then only touching lines that actually
> use localized text, and and having separate commits for breaking lines / 
> re-indentation / etc).

I'll try to separate them.

> 6.
> in this commit:
> https://git.savannah.gnu.org/cgit/administration/savane.git/commit/?h=i18n-2017-07-13&id=ee576350973364b3c226225ac3bccae65f7174c7
> 
> If we're touching the URL for savane's source code, perhaps consider changing 
> to HTTPS ?

I wasn't sure it worked. if it does, we could drop the protocol part instead.

> 7.
> In the following commit:
> https://git.savannah.gnu.org/cgit/administration/savane.git/commit/?h=i18n-2017-07-13&id=caeeafb6eecebee4fc3517773813d3db0d2d2148
...
> Would be nice to explain what was fixed, or (since it isn't in 'master' yet) 
> - rebase+squash.

I wanted to to avoid forced pushes in that branch.

I'll push another one.


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] Savane i18n (step 2.5)

2017-07-16 Thread Ineiev 
On Sat, Jul 15, 2017 at 07:58:54AM -0400, Ineiev wrote:
> > 5.
> > There are several very large commits titled "review localized strings",
...
> > It would be easier to understand if those were broken down per topic
> > (i.e. if "localization" - then only touching lines that actually
> > use localized text, and and having separate commits for breaking lines / 
> > re-indentation / etc).
> 
> I'll try to separate them.

Probably it would be unreasonably much work to rewrite these commits;
however, I'll try to make future commits more separated.

> ...
> > Would be nice to explain what was fixed, or (since it isn't in 'master' 
> > yet) - rebase+squash.
> 
> I wanted to to avoid forced pushes in that branch.
> 
> I'll push another one.

I've just pushed i18n-2017-07-13-bis: just merged the fixes and added
more detailed commit logs.


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] Savane i18n (step 2.5)

2017-07-17 Thread Ineiev 
On Sun, Jul 16, 2017 at 01:14:58PM -0400, Ineiev wrote:
> 
> I've just pushed i18n-2017-07-13-bis: just merged the fixes and added
> more detailed commit logs.

Pushed to master and installed; now I'm going to add README files to
'administration' web pages repository saying that they are obsolete.


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] VCS for web pages [was: [task #14586] svn import for gnustep-nonfsf]

2017-07-20 Thread Ineiev 
Hello,

On Wed, Jul 19, 2017 at 11:09:33PM -0600, Bob Proulx wrote:
> 
> The problem is that Savannah does not host the web pages.  If Savannah
> did then we would support svn and git and the others for web pages.

With current issues related to vcs load, I think CVS may have
substantial advantages over Git (not sure for Subversion).

Git is great for software where you always want to have
the full tree updated, and often dig in commit logs and diffs.
in this use case it's particularly nice to have whole repository
locally.

When you edit web pages, (0) you rarely need any history, and
(1) in many cases, it's sufficient to have just one file 
(or one directory) updated. so fetching the full history is wasting
the bandwidth and local storage (recent Git does support having less
than full history locally, but the user has to know how to specify
this in command line), and as far as I know updating a single file
or checking out a single arbitrary directory is not supported at all.


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] Tristan Miller: [Bug-tar] Wrong Git URL on website

2017-07-29 Thread Ineiev 
Hello, Sergey!

On Sat, Jul 22, 2017 at 09:25:24PM +0300, Sergey Poznyakoff wrote:
> A tar user has recently reported that:
...
> On GNU tar's Savannah website, the "Source code" page at
>  instructs users to clone the
> Git repository from .  However,
> that URL doesn't work.  The correct one appears to be
> .  Perhaps someone could
> update the website with the correct URL?

Thank you, fixed.


signature.asc
Description: Digital signature

[Savannah-hackers-public] [task #14590] When I try to create a bug, a support issue is created.

2017-07-29 Thread Ineiev 
Update of task #14590 (project administration):

Category:None => System 
  Status:None => Need Info  
 Assigned to:None => ineiev 

___

Follow-up Comment #2:

>From this report, I'm not sure what the issue is and how we could improve it.

___

Reply to this item at:

  <http://savannah.gnu.org/task/?14590>

___
  Message sent via/by Savannah
  http://savannah.gnu.org/

Re: [Savannah-hackers-public] [bug-gawk] gawk repo missing

2017-07-30 Thread Ineiev 
Hello,

On Sun, Jul 30, 2017 at 01:13:11AM -0600, arn...@skeeve.com wrote:
> 
> The correct URL is 
> 
>   git clone https://git.savannah.gnu.org/r/gawk.git
> 
> Notice the additional `/r' in the path.  The page:
...
> jungle boogie  wrote:
...
> > % git clone https://git.savannah.gnu.org/gawk.git
> > Cloning into 'gawk'...
> > fatal: repository 'https://git.savannah.gnu.org/gawk.git/' not found
> >
> > I found it under: http://savannah.gnu.org/git/?group=gawk

Thank you, I think we recently fixed this issue; currently that page
says,

git clone https://git.savannah.gnu.org/git/gawk.git

(note the additional 'git/' in the URL), and it seems to work
as well.


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] gnustep-nonfsf download Area

2017-07-31 Thread Ineiev 
On Fri, Jul 21, 2017 at 10:38:47PM +0200, Riccardo Mottola wrote:
> 
> Karl Berry wrote:
> > the gnustep-nonfsf looks unlucky in its birth!
> > When I use the "Downloads" link I get:
> >
> >I confirm that https://savannah.nongnu.org/files/?group=gnustep-nonfsf
> >yields a 404 message(*), and that
> >download0:/srv/download/gnustep-nonfsf/ contains some files.

I've just reverted Savane 26c1b0718bf8e where I broke it.


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] VCS for web pages [was: [task #14586] svn import for gnustep-nonfsf]

2017-08-01 Thread Ineiev 
On Mon, Jul 31, 2017 at 05:54:10PM -0600, Bob Proulx wrote:
> 
> I don't think any web page histories are going to be large enough to
> make the full download of the entire history to be a problem.

For a group like www, they are (at the very least, the history is
much longer than the pages themselves).


signature.asc
Description: Digital signature

[Savannah-hackers-public] [task #13281] Savannah markup does not handle [file#31824 temp1.texi] in https://savannah.gnu.org/bugs/index.php?42897#comment2

2017-08-03 Thread Ineiev 
Update of task #13281 (project administration):

Category: Approved Projects to be Reviewed => System  
  
  Status:None => Done   
 Assigned to:None => ineiev 
 Open/Closed:Open => Closed 

___

Follow-up Comment #6:

I've found two issues:


* links to artifacts were processed in "named" links
  like bug #1 <http://gna.org>, this resulted in nested
  links like http://savannah.gnu.org/task/?13281>

___
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Savannah-hackers-public] [task #13285] Italic markup is not recognized when sandwitched between nomarkup marks

2017-08-03 Thread Ineiev 
Update of task #13285 (project administration):

Category:None => System 
  Status:None => Cancelled  
 Assigned to:None => ineiev 
 Open/Closed:Open => Closed 

___

Follow-up Comment #2:

The underscored string is only included in <em>...</em> when it
starts the line or follows a space, a '>' or a '('; it isn't modified when it
follows a '-'. I don't think we should change this behavior.

___

Reply to this item at:

  <http://savannah.gnu.org/task/?13285>

___
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Savannah-hackers-public] [task #13286] Provide a markup previewer

2017-08-03 Thread Ineiev 
Update of task #13286 (project administration):

  Status:None => Done   
 Assigned to:None => ineiev 
 Open/Closed:Open => Closed 

___

Follow-up Comment #1:

Closing (task #13281).

___

Reply to this item at:

  <http://savannah.gnu.org/task/?13286>

___
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Savannah-hackers-public] [task #13284] In link markup with both url and text, text superseeds actual given url

2017-08-03 Thread Ineiev 
Update of task #13284 (project administration):

  Status:None => Done   
 Open/Closed:Open => Closed 

___

Follow-up Comment #7:

See task #13281.

___

Reply to this item at:

  

___
  Message sent via/by Savannah
  http://savannah.gnu.org/

Re: [Savannah-hackers-public] Write permission error in web CVS

2017-08-04 Thread Ineiev 
On Fri, Aug 04, 2017 at 05:49:24PM +0200, Thérèse Godefroy wrote:
>
> On July 22, I created files (gbehistun.html and .symlinks) in the web
> CVS repo of gbehistun, to avoid 404 errors when trying to access the
> package home page.
>
> Later on, I tried to do the same thing for metalogic-inference and
> oo-browser, but the commits failed:
> cvs commit: ERROR: cannot write file
> /webcvs/oo-browser/metalogic-inference/metalogic-inference.html,v:
> Permission denied
> etc.

getfacl gbehistun/gbehistun said
# file: ../oo-browser/
# owner: root
# group: oo-browser
# flags: -s-
user::rwx
group::rwx
group:www:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:www:rwx
default:mask::rwx
default:other::r-x

For metalogic-interference and oo-browser, acl wasn't set;
I've just run
getfacl gbehistun/gbehistun/ \
 | setfacl --set-file=- metalogic-inference/metalogic-inference/

getfacl gbehistun/gbehistun/ | setfacl --set-file=- oo-browser/oo-browser/

Please try again.


signature.asc
Description: Digital signature

[Savannah-hackers-public] [task #14590] When I try to create a bug, a support issue is created.

2017-08-26 Thread Ineiev 
Update of task #14590 (project administration):

  Status:   Need Info => Cancelled  
 Open/Closed:Open => Closed 

___

Follow-up Comment #4:

Thank you, closing.

___

Reply to this item at:

  

___
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Savannah-hackers-public] [task #13513] usability trouble with Savannah's "Report new" menu item

2017-08-26 Thread Ineiev 
Update of task #13513 (project administration):

  Status:None => Cancelled  
 Assigned to:None => ineiev 
 Open/Closed:Open => Closed 

___

Follow-up Comment #1:

Currently, grep Bugs tracker redirects to
http://debbugs.gnu.org/grep; grep webpage <https://www.gnu.org/software/grep>
documents the bug-grep mailing list
<https://lists.gnu.org/mailman/listinfo/bug-grep> as the channel for reporting
bugs.

Generally, such things are up to group's admins, not Savannah's ones.

Closing.

___

Reply to this item at:

  <http://savannah.gnu.org/task/?13513>

___
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Savannah-hackers-public] [task #14630] Use HTTPS instead of HTTP in included web page resources

2017-09-15 Thread Ineiev 
Update of task #14630 (project administration):

Category:None => System 
  Status:None => In Progress
 Assigned to:None => ineiev 
 Open/Closed:Open => Closed 

___

Follow-up Comment #1:

Hello, Tim!

Savannah admins don't maintain the texts of web pages of hosted groups; please
contact the admins of the respective groups.

Thank you!

___

Reply to this item at:

  <http://savannah.gnu.org/task/?14630>

___
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Savannah-hackers-public] [task #14329] Reassigned to another tracker [was: Unable to register (with certain password). "Error: Invalid password".]

2017-09-15 Thread Ineiev 
Update of task #14329 (project administration):

Category: Approved Projects to be Reviewed => System  
  


___

Reply to this item at:

  

___
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Savannah-hackers-public] [task #3492] Reassigned item: Reassigned item: [sv software] Page statistics/log files?

2017-09-15 Thread Ineiev 
Update of task #3492 (project administration):

  Status:   Postponed => Cancelled  
 Open/Closed:Open => Closed 

___

Follow-up Comment #19:

For downloads, this is impossible because people mostly download from mirrors;
for web pages, this isn't feasible for organizational reasons: web server logs
are only accessible to FSF sysadmins.

Cancelling.

___

Reply to this item at:

  

___
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Savannah-hackers-public] [task #13805] How to convert bzr single branch into multi-branch

2017-09-15 Thread Ineiev 
Update of task #13805 (project administration):

Category:None => System 
  Status:None => In Progress
 Assigned to:None => ineiev 

___

Follow-up Comment #1:

Is help still needed?

I've never done this myself, but from man bzr it looks like you need "bzr
branch".

___

Reply to this item at:

  <http://savannah.gnu.org/task/?13805>

___
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Savannah-hackers-public] [task #14630] Use HTTPS instead of HTTP in included web page resources

2017-09-15 Thread Ineiev 
Update of task #14630 (project administration):

 Open/Closed:  Closed => Open   

___

Follow-up Comment #3:

I've just fixed the URLs I've found in the includes, please check.

Generally, such requests are handled by webmasters@.

___

Reply to this item at:

  

___
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Savannah-hackers-public] [task #14630] Use HTTPS instead of HTTP in included web page resources

2017-09-15 Thread Ineiev 
Follow-up Comment #5, task #14630 (project administration):

In this header?

http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">

They are formal declarations rather than links, I strongly believe they
shouldn't be changed.

___

Reply to this item at:

  

___
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Savannah-hackers-public] [task #13172] Change email link from http to https

2017-09-16 Thread Ineiev 
Update of task #13172 (project administration):

Category: Approved Projects to be Reviewed => System  
  
  Status:None => Done   
 Open/Closed:Open => Closed 

___

Follow-up Comment #3:

I'm not sure who did it, but current master branch sends https links.

Closing.

___

Reply to this item at:

  

___
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Savannah-hackers-public] [task #14630] Use HTTPS instead of HTTP in included web page resources

2017-09-19 Thread Ineiev 
Update of task #14630 (project administration):

  Status: In Progress => Done   
 Open/Closed:Open => Closed 

___

Follow-up Comment #6:

Closing the task.

___

Reply to this item at:

  

___
  Message sent via/by Savannah
  http://savannah.gnu.org/

Re: [Savannah-hackers-public] mirmon out-of-sync with 00_MIRRORS.*

2017-12-09 Thread Ineiev 
Hi, Assaf;

Thanks for looking into the issue!

On Fri, Dec 08, 2017 at 07:30:16PM -0700, Assaf Gordon wrote:
> The last messages in that thread mention they weren't able to
> change the files on "/srv/download", and so they severed the symlink
> from download:/srv/download/00_MIRRORS.txt to
> download:/opt/savannah/mirrors/mirmon-lists/nongnu-mirror-list.txt .
> 
> Therefore, updates to "00_MIRRORS.txt" had no effect since November.

That is, they had no effect for mirmon and redirections; the mirrors
still reproduce the updates.

Re: [Savannah-hackers-public] Redirect gnutelephony.org

2018-01-20 Thread Ineiev 
Hello, Thérèse;

On Fri, Jan 19, 2018 at 01:41:51PM +0100, Thérèse Godefroy wrote:
> > The old gnutelephony.org website, which went down in August 2015, now
> > points to savannah.nongnu.org (208.218.235.79), and most of it has been
> > imported to the various projects that David Sugar maintains (bayonne,
> > ccaudio, ccrtp, ccscript, commoncpp, gnucomm, and sipwitch). The gnucomm
> > home page acts as a general index for the other 6.
> > 
> > What we would like to do now is redirect all requests for
> > http(s)://gnutelephony.org/* or http(s)://www.gnutelephony.org/* to
> > http(s)://www.gnu.org/gnucomm/gnucomm.html

whois gnutelephony.org says,

Domain Name: GNUTELEPHONY.ORG
...
Admin Name: David Sugar

Isn't it David who controls gnutelephony.org?


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] Redirect gnutelephony.org

2018-01-20 Thread Ineiev 
> > On Fri, Jan 19, 2018 at 01:41:51PM +0100, Thérèse Godefroy wrote:
> >>> The old gnutelephony.org website, which went down in August 2015, now
> >>> points to savannah.nongnu.org (208.218.235.79), and most of it has been
> >>> imported to the various projects that David Sugar maintains (bayonne,
> >>> ccaudio, ccrtp, ccscript, commoncpp, gnucomm, and sipwitch). The gnucomm
> >>> home page acts as a general index for the other 6.
> >>>
> >>> What we would like to do now is redirect all requests for
> >>> http(s)://gnutelephony.org/* or http(s)://www.gnutelephony.org/* to
> >>> http(s)://www.gnu.org/gnucomm/gnucomm.html

I guess we should add something like this to
frontend0.gnu.org:/etc/apache2/sites-available/vhosts-gnu.org:


  ServerName gnutelephony.org
  ServerAlias www.gnutelephony.org
  Redirect / http://www.gnu.org/software/gnucomm/gnucomm.html


(and then apachectl restart).

I'm not sure how to deal with HTTPS: Savannah has no certificates
for gnutelephony.org.


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] sviki patch for mirmon https changes

2018-02-27 Thread Ineiev 
Hello, Ian;

On Sat, Feb 24, 2018 at 11:02:44PM -0500, Ian Kelling wrote:
> And/or please give me r/w access since I posted this to hackers-private
> a while ago and it got forgotten a bit.

I've committed it, but it said,

"""
SendingMirroring.mdwn
Transmitting file data .
Committed revision 350.

Warning: post-commit hook failed (exit code 1) with output:
  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   SpentLeft  Speed
  0 00 00 0  0  0 --:--:-- --:--:-- --:--:-- 0
curl: (51) SSL: no alternative certificate subject name matches target host 
name 'frontend0.savannah.gnu.org'
run-parts: /srv/svn/administration/hooks/post-commit.d/sv-ikiwiki-refresh-2 
exited with return code 51
"""

The page didn't update.


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] gnu-mirmon.pl errors

2018-04-27 Thread Ineiev 
Hello, Bob!

On Thu, Apr 26, 2018 at 11:08:38PM -0600, Bob Proulx wrote:
> 
> Just recently the gnu-mirmon.pl has started to produce these errors:
> 
>   /root/bin/gnu-mirmon.pl --http-only 
> /usr/local/share/GeoIP/gnu-mirror-list.txt
> 
>   no country code for Republic of Moldova (from line: Republic of Moldova - 
> https://mirrors.mivocloud.com/gnu/, http://mirrors.mivocloud.com/gnu/, 
> rsync://mirrors.mivocloud.com/gnu/) at /root/bin/gnu-mirmon.pl line 82.
...
> What produces these files?  How did the "md" get dropped?
> 
>   /usr/local/share/GeoIP/allgnu-mirror-list.txt
>   /usr/local/share/GeoIP/gnu-mirror-list.txt

The files are generated from https://www.gnu.org/prep/FTP

This is due to different Perl versions installed on
olddownload and download.

On olddownload, this works:

Locale::Country::country2code ("Moldova");

and this doesn't:

Locale::Country::country2code ("Republic of Moldova");

On download, only this works:

Locale::Country::country2code ("Republic of Moldova");

It looks like https://download.savannah.gnu.org/mirmon/gnu/ and
https://download.savannah.gnu.org/mirmon/allgnu are generated
on download (suprisingly, the script outputs "Moldova").

Recently, Thérèse added the first Moldavian mirror (in "Moldova"),
and she noticed that Mirmon doesn't display the country correctly.
then we "moved" the mirror in /prep/FTP to "Republic of Moldova".


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] Patch for savannah frontend

2018-04-30 Thread Ineiev 
Hello,

On Thu, Apr 26, 2018 at 10:45:57PM -0600, Bob Proulx wrote:
> 
> > Regarding the patch: the search box in the left naviational menu of 
> > savannah was overflowing the menu bar on Firefox. This attached patch 
> > fixes that.
> 
> Thank you very much for seeing this problem and contributing a patch.
> I do not see this overflow in my Firefox ESR 52 or Chromium 64.  Could
> you say what version of Firefox you are using?  Or does it only
> overflow with specific viewport sizes?  How can I recreate the problem?

For me, the patch increases the field to full menu width.


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] [gnu.org #1194859] [Mirror Status] mirror.freedif.org (Vietnam)

2018-05-02 Thread Ineiev 
On Tue, May 01, 2018 at 04:18:38PM -0400, Therese Godefroy via RT wrote:
> 
> Could you kindly add this mirror to the non-GNU list?
> 
> URL: https://mirror.freedif.org/GNU-Sa/
> (the message below only lists HTTP, but HTTPS works too).
...

Thank you, added.


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] Release field on the tree column

2018-05-08 Thread Ineiev 
Hi, Luis!

On Mon, May 07, 2018 at 01:20:00PM +0100, Luis Falcon wrote:
> 
> Is it possible to show the specific version/release of the project on
> the tree / list view ?
> 
> That would be very helpful for tasks and bugs. Please note that I am not
> talking about queries. I just need to be able to set which fields will
> be on the list view.

When I add a query form, I see two columns: "Use As A Search Critria" and
"Use As An Output Column"; the latter determines whether the field is shown
when browsing the results.


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] Release field on the tree column

2018-05-10 Thread Ineiev 
On Wed, May 09, 2018 at 10:47:22AM +0100, Luis Falcon wrote:
> Ineiev  wrote:
> > 
> > When I add a query form, I see two columns: "Use As A Search Critria"
> > and "Use As An Output Column"; the latter determines whether the
> > field is shown when browsing the results.
> That works very well, thank you ! 
> 
> Is there a way to make it the default query, even for non-logged users ?

I'm afraid, no.


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] Release field on the tree column

2018-05-10 Thread Ineiev 
On Thu, May 10, 2018 at 05:29:38PM +0100, Luis Falcon wrote:
> Would the savannah hackers consider adding this feature ?

I've just submitted sr #109504.


signature.asc
Description: Digital signature

[Savannah-hackers-public] Savane i18n (step 3)

2018-05-10 Thread Ineiev 
Hello,

I've just pushed the rest of my i18n branch to master and
installed it. the next steps are going to be:

4. Add a page where users can select language (possibly overriding
their browser preferences).
5. Bump Savane version and send the new POT to TranslationProject.
6. Get updated translations from TranslationProject and actually
enable i18n.


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] Savane i18n (step 4)

2018-05-15 Thread Ineiev 
Hello,

On Thu, May 10, 2018 at 01:53:06PM -0400, Ineiev wrote:
> 
> 4. Add a page where users can select language (possibly overriding
> their browser preferences).

I've implemented this, the new page is /i18n.php; the link to it
and all translations are still disabled. the link will be located
in the "This Page" list on the sidebar, before "Clean Reload".

Please let me know if anything should be done in a different way.

Thank you!


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] Savane i18n (step 5 and 6)

2018-05-20 Thread Ineiev 
Hello,

On Thu, May 10, 2018 at 01:53:06PM -0400, Ineiev wrote:
> 5. Bump Savane version and send the new POT to TranslationProject.
> 6. Get updated translations from TranslationProject and actually
> enable i18n.

I've sent the new POT to the TP; meanwhile, I installed an updated
Russian translation, and since it's complete, I've enabled it
in the language selector.


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] [gnu.org #1194767] [Mirror Status] mirror.infotronik.hu (Hungary)

2018-07-04 Thread Ineiev 
Hello, Thérèse;

On Wed, Jul 04, 2018 at 01:13:03PM -0400, Therese Godefroy via RT wrote:
>
> To summarize, the new URLs of the former infotronik
> mirrors are:
>
> https://quantum-mirror.hu/mirrors/pub/gnusavannah/
> http://quantum-mirror.hu/mirrors/pub/gnusavannah/
> rsync://quantum-mirror.hu/gnusavannah
>
> and the contact address is:
> Peter Makk 

Thank you, updated.


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] [gnu.org #1020610] [Mirror Status] public.p-knowledge.co.jp (Asia/Japan)

2018-07-14 Thread Ineiev 
Hello, Thérèse;

On Sat, Jul 14, 2018 at 08:42:24AM -0400, Therese Godefroy via RT wrote:
> 
> They also have a non-gnu mirror which isn't listed yet:
> http://public.p-knowledge.co.jp/Savannah-nongnu-mirror/

Thank you, added.


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] Project evaluation sample and info

2018-07-22 Thread Ineiev 
Hello, Robert;

On Sat, Jul 21, 2018 at 11:24:37PM -0400, Robert Musial wrote:
> 
> For my sample evaluation I picked task #14302: Submission of ipblock
> 
> If I were responding to it I'd say...

Most important, it was submitted as GNU software; such packages
follow a different procedure, per
https://www.gnu.org/help/evaluation.html

On Savannah, we basically evaluate non-GNU submissions.

> 0. That it lacks any information on dependencies. I see they are
> bash scripts. Do they have any requirement of a certain version of
> bash? Does it require anything else? Iptables presumably, what
> version?

Bash version doesn't matter. the point of listing dependencies is
making sure that it runs on top of free system and that it's
GPL-compatible.

> 1. It lacks a clear manual or info on how to use it. The README is
> only a few lines. It doesn't explain how it works or what exactly it
> is doing. It says it doesn't work well with Network Manager or DHCP.
> What does it mean to not work well? Will it break my network config?
> And again, that goes back to dependencies.

We don't look into such technical things. the package may be
on an early stage and may not work at all. it may run on custom boards
no Savannah admin has access to.

> 2. The copyright on the scripts are muddled. It shows these scripts
> are copyright by 2 parties, nixcraft and the submitter. What did
> nixcraft contribute? What did the submitter contribute? Is there a
> changelog, diff, or patch anywhere? How much of these scripts are
> changed from upstream?

And the license notices don't follow the guidelines from
https://www.gnu.org/l/gpl-howto.html (or the GPL itself).
countries_code.txt has no notices at all.

> 3. Further copyright AND dependencies questions: For the scripts to
> work, the scripts download network information from
> http://www.ipdeny.com/ipblocks/data/aggregated/
> But in that directory there is a Copyrights.txt file that reads, in part...
> "YOU MAY NOW RE-DISTRIBUTE OUR IP ZONE FILES. BUT YOU SHOULD KEEP
> THIS COPYRIGHT.TXT FILE INTACT AND DISTRIBUTE IT WITH OUR
> ZONE FILES OR FILE ARCHIVES. WE ALSO WELCOME ANY LINKS BACK TO OUR
> SITE WWW.IPDENY.COM
> 
> YOU CANNOT USE IPDENY.COM COUNTRY IP DATA FOR SPAMMING,
> OTHER BULK ADVERTISING AND ILLEGAL ACTIVITIES.
> 
> IF YOU OFFER WEB BASED IP TO COUNTRY SERVICE USING OUR IP COUNTRY
> BLOCK FILES A LINK BACK TO IPDENY.COM IS REQUIRED."
> 
> While that allows redistribution, it does require the copyright.txt
> file be along with it. Does that mean even if you download them
> individually, you must also grab that copyright? Do the scripts need
> to contain that copyright?
> 
> Also it doesn't mention anything about being able to modify those
> zone files, and/or redistribute modified versions, which could make
> it incompatible with the GPLv2+ it is licensed under.

This is a major issue. I'd said it's a proprietary dependency.

> Finally, 4. Using the guidelines "We discourage submitting
> simplistic text-only projects"

I'm not sure it's really simplistic. I've seen submissions of
much more simple packages.


signature.asc
Description: Digital signature

[Savannah-hackers-public] insufficient permissions in web CVS

2018-07-28 Thread Ineiev 
Hello,

Jan Nieuwenhuizen, the admin of the newly created group 'mes',
couldn't commit web pages (however, the write access worked
for the members of the 'www' group). on vcs, I checked
the permissions with getfacl, and it turned out that
the 'mes' group had no write access for /webcvs/mes/mes/.
it seems to work now after I manually run
setfacl g::rwx /webcvs/mes/mes
and setfacl g::rw /webcvs/mes/CVSROOT/history,
but other new packages like chord-sequencer also must
be affected.

Does anybody know where to look for the real fix?


signature.asc
Description: Digital signature

[Savannah-hackers-public] [task #13805] How to convert bzr single branch into multi-branch

2018-09-11 Thread Ineiev 
Update of task #13805 (project administration):

  Status: In Progress => Done   
 Open/Closed:Open => Closed 


___

Reply to this item at:

  

___
  Message sent via Savannah
  https://savannah.gnu.org/

[Savannah-hackers-public] [task #13862] public keys haven't synchronized after over an hour

2018-09-18 Thread Ineiev 
Update of task #13862 (project administration):

  Status:None => Cancelled  
 Open/Closed:Open => Closed 

___

Follow-up Comment #4:

If I understand it correctly, Savannah now supports anonymous clones over
HTTPS; I assume there is little other point in using SSH for non-member
clones, so I'm closing this task.

Please feel free to re-open it if I'm wrong.

___

Reply to this item at:

  

___
  Message sent via Savannah
  https://savannah.gnu.org/

Re: [Savannah-hackers-public] Details for Contributing to Savannah - Working on the Savannah website

2018-09-26 Thread Ineiev 
Hello, Jayaprakash!

On Tue, Sep 25, 2018 at 01:53:02AM +0530, Jayaprakash Suseelam wrote:
> I would like to know more details about the 'details for Contributing to
> Savannah -  Working on the Savannah website '. I want to become a
> Contributor to the FSF as well as savannah. I am having more than 10+ years
> of experience in PHP and related technologies.

Did you manage to run the frontend from current git HEAD of Savane
locally? I think it would be nice to check whether the documentation
about that is up-to-date and adequate.


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] Completely removing project Aping from Savannah non-gnu

2018-11-08 Thread Ineiev 
Hello,

On Wed, Nov 07, 2018 at 06:58:04AM +, Kantor Zsolt wrote:
> Hello,I have searched all around the webpage but I did not found a way to
> completely delete my project. So how should I delete completely my
> project?The project name is Aping (Advanced ping program) is not maintained
> anymore and it will not be. I want to delete the file repositories, the
> hompage files . . . everything.

We normally don't delete projects from Savannah, no matter how
inactive they are.


signature.asc
Description: Digital signature

Re: [Savannah-hackers-public] [gnu.org #1194859] [Comment] [Mirror Status] mirror.freedif.org (Vietnam)

2018-11-19 Thread Ineiev 
Hello, Thérèse;

On Mon, Nov 19, 2018 at 01:07:14PM -0500, Therese Godefroy via RT wrote:
> Hello Savannah Maintainers,
>
> This is to inform you that the Vietnamese non-gnu mirror
> will be down for a week or so.
> https?://mirror.freedif.org/GNU-Sa/

Thank you, removed.

Re: [Savannah-hackers-public] Annual Fundraising Banner

2018-11-21 Thread Ineiev 
On Tue, Nov 20, 2018 at 09:57:18PM -0700, Bob Proulx wrote:
> Ineiev, I had to remove the recent CSP addition in order to get the
> banner to work.  This was more due to my lack of knowledge of the
> Content Security Policy rather than any deep problem.  If you want to
> figure out how to make that work that is fine with me.  Otherwise I
> would probably just do nothing until January 1st when the banner comes
> down.
>
> I did have the admins create a static.gnu.org version so that we could
> use SAMEDOMAIN policy.

Thank you, I've re-added CSP.

Re: [Savannah-hackers-public] documentation changes for converting from git to svn

2018-11-25 Thread Ineiev 
On Sun, Nov 25, 2018 at 10:33:51AM +, Gavin Smith wrote:
> I suggest the following tweaks to the documentation for how to convert a
> repo from SVN to Git.  The :: syntax didn't work for the URL given to
> rsync.  I also had difficulty accessing the local copy of the repository
> I had made using rsync, so I've added some advice on how to do that.

Thank you, committed.


signature.asc
Description: Digital signature

  1   2   3   >