Re: Unable to recover password for user Tobias Platen

[Ineiev]

Hello,

On Sun, Feb 11, 2024 at 08:22:18AM +0100, Tobias Alexandra Platen wrote:
> 
> I tried to recover my account using
> https://savannah.nongnu.org/account/lostpw.php
> and I did not recieve any email within 12 hours,
> on any of my accounts. Last time I used savannah
> is more than one year ago, I do not remember
> my password nor the email address I used.

The email was gnu@, our logs say,

Feb 11 ... status=bounced (host ...said: 550 5.1.1
: Recipient address rejected: User unknown
in relay recipient table (in reply to RCPT TO command))

Does that help?


signature.asc
Description: PGP signature

Re: Uploading to dl.sv.gnu.org

[Ineiev]

On Tue, Jan 30, 2024 at 09:02:57PM +0100, Dora Scilipoti wrote:
> 
> until not long ago, members of the audio-video group were able to upload
> files to that server as follows:
> 
> $ rsync -tvz --progress FILE usern...@dl.sv.gnu.org:/srv/audio-video/video/
> 
> The options -tvz don't seem to work anymore. What works for me now is
> -tvr.
> 
> Is anyone here aware of what has caused this?

Before 2023-11, the server accepted virtually any rsync options;
that allowed users to get sensitive data from the server, so we
introduced a limit on the set of permitted options.

> What should we do in order to keep informed about changes like this that
> affect our capacity to use the server?

The server informs the user about the available options whenever
it sees any command that doesn't fit them.


signature.asc
Description: PGP signature

Re: Spam message when using CVS for webpages

[Ineiev]

On Wed, Oct 18, 2023 at 02:04:11PM -0400, Ian Kelling wrote:
> 
> I definitely admire the ingenuity to offer source code in more
> places. However, I'm pretty confident Savannah webpages are a sufficient
> place to satisfy the AGPL requirement of offering source, and adding
> output like this to command line operations where the only expected
> output is information related to the operation is undesirable for
> various reasons and will very likely cause breakage for scripts and
> tools which make calls to Savannah.

I'm aware that it interfered with Karl's scripts; I'm also aware
that it works fine with GNUN scripts, the scripts updating
www.gnu.org pages and Emacs-to-CVS interface, so I wouldn't say it's
really very likely to break tools.

The modified script has been running for a month on vcs1
and for over four months on download0, it can wait for a day or two
for rms' clarifications. we seldom have such opportunities to gather
users' feedback, they occur much rarelier than, say, the fundraiser.


signature.asc
Description: PGP signature

Re: Spam message when using CVS for webpages

[Ineiev]

On Thu, Oct 19, 2023 at 11:04:42AM +, Ineiev wrote:
> I can think of adding a command like 'offer-source' to sv_membersh,
> with a message on the page where the users register their SSH keys.
> that would reasonably guarantee the awareness for the new users,
> but the existing users rarely change their SSH keys. clearing all
> SSH keys in Savannah would make Savannah admins unable to use them
> for recovering lost accounts. of course, we could save a reserved
> copy, but the need for the users to re-fill their keys would alone
> be quite annoying.

Historically, AGPLv1 (created by Affero and approved by the FSF [0])
only required ([1], Section 2d) that existing opportunities
to request transmission of the source code be preserved.  AGPLv3
Section 13 [2] removed that condition and said that any modified
version must offer the corresponding source code.

So I wonder what was AGPL author's intention:

* Is this kind of indirection acceptable at all?  I mean,
  technically, it wouldn't be the script that prominently offers all
  its users the source code, but the directions on how to get
  the source code are placed at the web page where keys needed
  to use that script are registered.

* Is it acceptable to only notify new users and those who update
  their registered keys?  if yes, we could avoid forcing all
  Savannah users re-register their keys just to make sure they saw
  the notice about how to get the source code.

[0] https://www.gnu.org/licenses/license-list.html#AGPLv1.0
[1] https://directory.fsf.org/wiki/License:AGPL-1.0-only
[2] https://www.gnu.org/l/agpl-3.0.txt


signature.asc
Description: PGP signature

Re: Spam message when using CVS for webpages

[Ineiev]

On Thu, Oct 19, 2023 at 11:21:43AM +0100, Gavin Smith wrote:
> 
> Also, if sv_membersh is copyrighted to the FSF a simple solution would
> be relicensing it to avoid this requirement.

No, it isn't.

Re: Spam message when using CVS for webpages

[Ineiev]

On Thu, Oct 19, 2023 at 11:16:06AM +0100, Gavin Smith wrote:
> 
> I proposed that the program could offer the source via some kind of
> messaging service on the Savannah web portal that users would be
> guaranteed to be aware of and have access to, in order to satisfy the
> AGPL requirements. There could be an entry in the side menu like
> "Automatic notices" along with the number of unread notices.
> 
> sv_membersh together with what helper scripts or programs are
> providing the notifications would be considered a single unit that is
> providing its notifications in accordance with the AGPL.

First, Savane has no messaging service, it relies on email;
more important, I'm not sure how to guarantee the awareness.

sv_membersh could send the offer via email, but then it would have
to depend on that additional service (if I'm not mistaken, hosts
like download0 currently don't use it); then, having emails
on every VCS network transaction wouldn't be better than what we
have now.

I can think of adding a command like 'offer-source' to sv_membersh,
with a message on the page where the users register their SSH keys.
that would reasonably guarantee the awareness for the new users,
but the existing users rarely change their SSH keys. clearing all
SSH keys in Savannah would make Savannah admins unable to use them
for recovering lost accounts. of course, we could save a reserved
copy, but the need for the users to re-fill their keys would alone
be quite annoying.


signature.asc
Description: PGP signature

Re: Spam message when using CVS for webpages

[Ineiev]

On Wed, Oct 18, 2023 at 01:15:30PM -0600, Bob Proulx wrote:
> Ineiev wrote:
> > Savane is the free software hosting system savannah.gnu.org runs.
> >
> > sv_membersh is the restricted shell used as the login shell for Savane users
> > when they connect via SSH.
> >
> > Savane released under the AGPL; offering the corresponding source code
> > is a requirement of the AGPL.
> 
> I spent some time looking at this issue and my assessment is that
> sv_membersh is only a peripheral part of Savannah at best.  It isn't
> needed for Savannah to operate.  It's a security gate that we use to
> protect the host from potentially malicious activity or potentially
> accidental harm.

I can't see why this matters. what matters is the fact that we use
it. since we use it, we must comply with its license.

> It does not need to be savane software and might be
> any suitable component program.

Only part of the message depends on this, the one saying it's part
of Savane. if it were part of Giungla, it would say, "sv_membersh is
part of Giungla."

> Even though Savannah as a whole is distributed under the AGPL Savannah
> makes use of many programs which are licensed under other licenses
> such as the other various GPL versions and other permissive licenses.

I feel that as expressed, this mixes Savane, the package we maintain
in Savannah 'administration' group, and Savannah, the set
of services the GNU Project provides. we don't distribute Savannah,
and it is based on a few separate programs, each with its own
licensing terms.

> That the whole of Savannah is available under the AGPL does not make a
> requirement that every component used in Savannah be forced into the
> AGPL.

No, but sv_membersh and the Savane Perl modules it uses
were released under the AGPL, and we both jointly can't
just reconsider that decision.

> For example GNU ls does not emit its license upon every invocation.
> That would interfere with its primary function.  But ls will emit its
> license information when this is asked for with ls --version.

GNU ls is distributed under the GPL, and what you are speaking
about is covered by the GPLv3 Section 5d, which explains that
the legal notices may be accessible via a prominent item
in the list of options the interface presents, and moreover,
when an interactive interface doesn't display the notices,
the licensee isn't required to make it display them.

In contrast, sv_membersh is distributed under the AGPL; now,
the AGPL does include the same provisions, but also adds Section 13
requiring that our modified version prominently offer all users
interacting with it remotely an opportunity to receive
the corresponding source of our version; and AGPL Section 13 has
nothing like "you needn't make it do so if it doesn't."


signature.asc
Description: PGP signature

Re: Spam message when using CVS for webpages

[Ineiev]

On Wed, Oct 18, 2023 at 03:46:55PM +0100, Gavin Smith wrote:
> I am trying to update a project's webpages after a new release, but
> every time I issue a cvs command the message is printed:
> 
> > sv_membersh is part of Savane.
> > In order to download the corresponding source code of Savane, run
> > 
> >   rsync -avz --cvs-exclude ga...@cvs.savannah.nongnu.org:/opt/src/savane .
> 
> I don't know what sv_membersh or Savane is or why I should care.

Savane is the free software hosting system savannah.gnu.org runs.

sv_membersh is the restricted shell used as the login shell for Savane users
when they connect via SSH.

Savane released under the AGPL; offering the corresponding source code
is a requirement of the AGPL.

Do you think the message should elaborate on these points?

> This message was not printed before and is distracting and confusing.  I
> have updated GNU webpages using CVS many times over several years and never
> had this message before.

That was an omission.

> Using CVS from the command line is fiddly enough as it is (as I only
> use CVS infrequently to update GNU webpages I don't use it enough to be
> comfortable with it) without having extra messages to worry about.

> This message looks like an advert to me and isn't helpful.  If I wanted
> to download the source code of Savane I would look for it myself, without
> having it shoved in my face.

The problem is, we don't deploy the exactly same version for all
Savannah hosts at once, we update them one by one, so you hardly
would be able to tell which Git commit corresponds to software
running on the particular host; this feature makes sure the users
can download the right version.

> Can this unnecessary and annoying message please be removed?

You can disable that message in your Savannah account configuration
(the 'Quiet SSH member shell' checkbox).


signature.asc
Description: PGP signature

Re: failed to download man-db-2.12.0.tar.xz

[Ineiev]

On Mon, Oct 16, 2023 at 12:34:28PM +0800, wen zhang wrote:
>  When i tried to download man-db-2.12.0, i was redirected to
> 'https://bigsearcher.com/mirrors/nongnu/man-db/
> man-db-2.12.0.tar.xz ' from '
> https://download.savannah.nongnu.org/releases/man-db/man-db-2.12.0.tar.xz',
> then failed because man-db-2.12.0.tar.xz has not been synced after 20 days
> of release.
> I tried to find bigsearcher's contact information but failed, may someone
> remove this mirror from savannah's 302 redirection list or contact with
> them to find a solution?

Thank you for report, I've done both.


signature.asc
Description: PGP signature

Re: Hosting a tiny library

[Ineiev]

Hello, Anton;

On Tue, Sep 19, 2023 at 07:37:51PM +0300, Anton Shepelev wrote:
> 
> Does a super-tiny project stand a change of acceptance into
> Savannah?
...
> The project is very small, consisting of a pair of .c and .h
> files, with potentially a bunch of additional .c files
> implementing different memory-management (grow/shrink)
> strategies, but this is only planned for the future.

A .[ch] pair may turn out too small; any bunch of files will
make the package big enough.

In any case, our team will need a complete (if not functional)
tarball to evaluate.


signature.asc
Description: PGP signature

Re: Is PHP available to projects' web pages?

[Ineiev]

On Sun, Jul 30, 2023 at 10:42:21AM +, Alan Mackenzie wrote:
> 
> Yes, I can see my way to generating the .html files.  PHP is used solely
> to include boilerplate files (like lists of links) into the main files.

Apache SSI commands like 
must work [0]...

> I'm not looking forward to removing all but one of the duplicate
> copyright/license statements which will appear in these files because of
> this file inclusion.  But I know how to do that.

...however, copyright and license notices should be written
in the covered files directly; if they aren't, it's too easy
to end up with invalid notices [1].

[0] https://savannah.gnu.org/maintenance/HomePage/
[1] https://www.gnu.org/licenses/gpl-howto.html#why-license-notices


signature.asc
Description: PGP signature

Re: Moving an existing project from SourceForge to Savannah.

[Ineiev]

Hello, Alan;

On Tue, Jul 25, 2023 at 10:55:30AM +, Alan Mackenzie wrote:
...
> I would thus like to move the project from SourceForge to Savannah.  May
> I take it this would be acceptable and welcomed?

Yes; it's nice to see software migrating to more user-respecting
forges,

https://www.gnu.org/software/repo-criteria-evaluation.html

> Looking at the Savannah site, there are a couple of things which confuse
> me.  I couldn't find a definition of what is meant by "group".  It seems
> to mean the name of a project (in my case, "CC Mode") and/or the Linux
> file-system group name under which project files will be stored
> ("cc-mode").

The "project" is a type of group; other group types hosted on Savannah
include GNU User Groups, www.gnu.org portions and www.gnu.org translation
teams.

> Also, there is on the page "register" an opportunity to give a *.tar.gz
> URL or upload a file to Savannah.  What is this tarball?  Is it a
> tarball  of an existing repository, or just of the project's source
> files?

It's a release of source files; we use it to see if the registered
package follows our hosting requirements.

> I would also like to preserve the project's mailing list, if possible.
> I have a copy of posts going back to 2001 on my own machine, I don't
> know if it will be possible to extract a more complete copy from
> SourceForge.  Do you see any problems, here?  Currently, the main
> mailing address for this list is bug-cc-m...@gnu.org, and the gnu server
> forwards the mail to the SourceForge address.  I foresee this address
> remaining the main address for the list, relocated back to Savannah.

I think you can use your old mailing list or migrate to lists.gnu.org.

> What about old releases?  How much point is there, trying to preserve
> these?  SourceForge still has releases going back around 20 years, to
> release 5.26.  Current (three years old) is 5.35.  They do not take up
> much space (around 700 kByte each).  The older releases must be presumed
> lost.

You'll be able to upload them to Savannah download area.


signature.asc
Description: PGP signature

Re: Savannah "Forum Error"

[Ineiev]

On Wed, Jun 28, 2023 at 02:19:38AM +0200, Dora Scilipoti wrote:
> 
> https://savannah.gnu.org/forum/forum.php?forum_id=0 still leads to the
> error page for me (I did cleared the cache).

Sorry; the link on www.gnu.org/home.html was fixed.

Re: Savannah "Forum Error"

[Ineiev]

On Tue, Jun 27, 2023 at 01:29:44AM +0200, Dora Scilipoti wrote:
> 
> on Monday June 25 I submitted a news item in the www group in Savannah.
...
> https://savannah.gnu.org/forum/forum.php?forum_id=0. Following that link
> leads to an error page with a notice that says, "Error - choose a forum
> first."
> 
> Any idea of what is causing it and how it can be solved?

Thank you, fixed.

It was a relatively recent regression in Savannah web UI.

Re: SVN patch authors and email addresses

[Ineiev]

On Mon, May 15, 2023 at 11:25:42PM -0700, Michael Eager wrote:
> > As a starting point, you could use
> > 
> > https://savannah.gnu.org/u/
> 
> Thanks.  That did get me a couple of names.  Still have a few missing.

When that page is absent, we are not likely to have any info
about that person; for example, when users delete their accounts,
their "real" names and emails are erased.

Probably you'll have to resort to filling the missing info with
something like anonym...@example.net.


signature.asc
Description: PGP signature

Re: SVN patch authors and email addresses

[Ineiev]

On Mon, May 15, 2023 at 02:52:43PM -0700, Michael Eager wrote:
> I'm investigating converting the DDD repository from Subversion to GIT.
> 
> Part of the process involves creating a file of patch authors with their SVN
> user names and the corresponding full name and email address which GIT uses.
> 
> I don't find a listing of on the Savannah website of members or a way to
> search by user name.  Is there a way to find this information?  Or someone
> who can update a short list of patch authors for me?

As a starting point, you could use

https://savannah.gnu.org/u/


signature.asc
Description: PGP signature

Re: Help with updating Savannah web page

[Ineiev]

On Mon, Apr 24, 2023 at 03:49:45PM -0700, Michael Eager wrote:
> On 4/24/23 15:12, Karl Berry wrote:
> > Hi Michael - some quick answers. Maybe others know better.
> > 
> >  Is there documentation how to configure or update the page?
> > 
> > https://savannah.gnu.org/cvs/?group=ddd
> > 
> > In short, do a cvs checkout (as project member) of the "webpages
> > repository". The exact invocation will be shown on that page.
> 
> That is the DDD project web page, not the Savannah web page.
> I've been updating these web pages.

I wonder if you mean group public info,

https://savannah.gnu.org/project/admin/editgroupinfo.php?group=ddd

> > A bit more info:
> > https://savannah.gnu.org/maintenance/HomePage/
> > 
> >  How do I update the Latest News area?
> > 
> > https://savannah.gnu.org/news/?group=ddd
> > "Submit" to submit news, then, as manager of the group,
> > you can "Manage" (approve) the submitted items.
> 
> There does not appear to be any way to delete news items.

Only recent news (two weeks old or so) can be deleted.

> >  Possibly unrelated:  how do I request a @gnu.org email alias?
> > 
> > Email sysad...@gnu.org. Good guess that Savannah volunteers cannot
> > modify gnu.org email setup :).

The options I'm aware of are,

* (Possibly unrelated) create a mailing list,
  https://savannah.gnu.org/mail/admin/?group=ddd
* Request a fencepost account, as a maintainer of a GNU package,
  https://www.gnu.org/software/README.accounts.html
* When you have a fencepost account, you'll be able to add aliases
  in /com/mailer/aliases



signature.asc
Description: PGP signature

GNU/Linux distributions in download area [was: Little questions]

[Ineiev]

On Fri, Apr 07, 2023 at 05:06:17PM +0200, stef...@manjaro.org wrote:
> I want know What Is the size offered
> for download section. I Need at last 40Gb for store packages archives for a
> Linux Os system.

We have no resources to host whole OS distros; probably we should mention
this somewhere in our documentation.


signature.asc
Description: PGP signature

Re: DNS issue affecting gnu.org (and subdomains)

[Ineiev]

On Sun, Mar 26, 2023 at 12:55:56PM -0400, James Cloos wrote:
> BP> +1 for the https://hostux.social/@fsfstatus status page.
>
> try it w/ links or the like.
>
> useless.
>
> ecmascript should *never* be required.
>
> especially for something like a status page.

+1.

Also, it just replied with "403 Forbidden" when I accessed it via Tor.

Re: Question about the project hosting requirements of Savannah

[Ineiev]

On Tue, Mar 07, 2023 at 02:52:59PM +1100, Svetlana Tkachenko wrote:
> 
> (In the scenario that program 1 that requires the user to run a non-free
> program 2 in order for the user to be able to utilize program 1, program 1 is
> considered non-free.)

To be precise, it isn't necessarily nonfree, but it depends on nonfree
software, which isn't acceptable for Savannah.


signature.asc
Description: PGP signature

Re: Savannah project website in Git?

[Ineiev]

On Mon, Mar 06, 2023 at 03:54:09PM +0100, Andreas Rönnquist wrote:
>
> I am using the services of savannah.nongnu.org, and they are working
> nicely for my project - with one minor exception. I would like to have
> my project web page source in git to, and not in CVS.

Using Git means that next to every user will download the whole
history of changes with logs for every file in the tree, which
is an overkill for web pages where typical use cases are fixing
a typo on a page, uploading a new page or at most making a set
of changes on multiple pages.

Our Git server already suffers overloading; if Git is used for web
pages, the situation will yet deteriorate.

> But, since we currently have it in CVS - have anybody made the effort
> to handle the CVS repository with git on top of it? It should
> definitely be doable.

Sure; it would save Savannah Git server from the additional load,
though the resources still would be wasted when downloading unneeded
data from CVS.


signature.asc
Description: PGP signature

"Watched partners" in Web UI

[Ineiev]

Hello,

Currently, Savane allows to add "watched partners" from the groups
the user is a member of on the "My groups" page, with links
to partners' pages (/users/*partner*); and vice versa, that area
includes links to people who "watch" you.

It's also said that those who "watch" people will receive all
their notifications from the trackers of the relevant groups,
but this is wrong, and I wouldn't be surprised if it turned out
that the notifications have never been passed to the "watchers";
furthermore, I'm not sure if we want that.

What do people think? should we implement the notifications,
fix the description, drop the feature completely, do something else?


signature.asc
Description: PGP signature

Re: Invalid confirmation hash

[Ineiev]

Hello;

On Wed, Jan 25, 2023 at 07:10:46PM +0100, Pablo Angulo wrote:
> A collaborator can not sing in into savannah. He gets an error about an
> invalid confirmation hash (exact words are in spanish).
> He has tried two different emails, one from google, the other from our
> university. He tried several times to get a new confirmation email...
> Do you know if sign in is working properly?

For spammers, it does: they register a few accounts every day,
our cron job clears them automatically.

Savannah admins can activate accounts for those who have problems.

Re: Savanah Username, Password.

[Ineiev]

On Sun, Nov 27, 2022 at 09:19:59PM +0100, sundaresh venugopal wrote:
>My email is this, sundar...@mail.com. But I have not operated my
>account with this email for a long time. I do not remember my username
>and password. Preferably I would like to have the existing account
>deleted and register anew.

Your account is cherio; you should be able to reset your password via
https://savannah.gnu.org/account/lostpw.php

Re: want to reset password, but email is defunct

[Ineiev]

On Thu, Jun 02, 2022 at 02:47:05PM -0700, Scott McPeak wrote:
> Seems like a sensible precaution.  I'm in no rush.  Sending a notification
> email to the old address seems like a good idea regardless of the reason
> for the change to an account email.

The old address bounced; I went ahead and updated the email in your account;
you should be able to reset your password (may Gmail be benevolent).


signature.asc
Description: PGP signature

Re: want to reset password, but email is defunct

[Ineiev]

On Wed, Jun 01, 2022 at 11:39:52PM -0700, Scott McPeak wrote:
> 
> If possible, I'd like to regain access to the account "smcpeak".  My
> password manager says I last accessed it on 2012-06-06.  I still have what
> should be the password, but it does not work at
> https://savannah.nongnu.org/account/login.php .  I'm pretty sure the email
> for that account is "smcp...@coverity.com", but I no longer have access to
> that, so cannot reset normally.
> 
> Is there a procedure for recovering access in this situation?

The email for that account is correct; you registered neither
SSH keys nor GPG keys, so I have no idea how your identity could be
confirmed; on the other hand, the account isn't member of any group,
and its history amounts to a dozen comments in trackers (the latest
was in 2009), so we could grant you access without any strong proof.

What do other Savannah hackers think?


signature.asc
Description: PGP signature

Re: Question on new project

[Ineiev]

On Wed, May 18, 2022 at 04:51:02PM +0900, Nikolaos Chatzikonstantinou wrote:
> 
> I would like to host a new project. It's currently sitting on my local
> drive in an unfinished state, but I would like to share it before its first
> release, to get input from others and so on.

Registration implies some work from Savannah admins, and we don't
approve new packages until they pass our hosting requirements like
having proper legal notices, so at least that part has to be
"finished".

If you just want to show it somebody, you could use a service that
has no manual evaluation stage in its registration process, like
repo.or.cz in case you use Git.


signature.asc
Description: PGP signature

Re: Authenticating git.savannah.gnu.org

[Ineiev]

On Fri, Apr 29, 2022 at 01:54:13AM -0700, Yuan Fu wrote:
> 
> debug1: Authentications that can continue: publickey,password
> debug1: Offering public key: yuan@Brown ED25519 
> SHA256:xDlZxIRWzZBaA+Xg/J/Y4O96EtMj7ezWrbtLIN0Bgm4 agent
> debug3: send packet: type 50
> debug2: we sent a publickey packet, wait for reply
> debug3: receive packet: type 51
> 
> Seems my key is rejected?

Yes.  The fingerprint of the key registered in your account is

SHA256:jCGSDL+P+BqJ+v0NdXDABsY1I3Y7cjMXhb/5qG+haTc yuan@Brown (ED25519)

Probably ssh offers a wrong key.


signature.asc
Description: PGP signature

Re: Authenticating git.savannah.gnu.org

[Ineiev]

On Sat, Apr 23, 2022 at 11:45:07PM -0700, Yuan Fu wrote:
> > ssh -v -i ~/.ssh/id_rsa caso...@git.savannah.gnu.org
> 
> Thanks, it seems my key didn’t work? Below is the output of ssh.
> 
> debug1: Will attempt key: /Users/yuan/.ssh/id_rsa RSA 
> SHA256:+1b/NEVSa5oNjZXtT3O1N8KF2wHYOUH62w3AK/V8r8o explicit
> debug1: Will attempt key: /Users/yuan/.ssh/id_rsa RSA 
> SHA256:+1b/NEVSa5oNjZXtT3O1N8KF2wHYOUH62w3AK/V8r8o explicit
> debug1: SSH2_MSG_EXT_INFO received
> debug1: kex_input_ext_info: 
> server-sig-algs=
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,password
> debug1: Next authentication method: publickey
> debug1: Offering public key: /Users/yuan/.ssh/id_rsa RSA 
> SHA256:+1b/NEVSa5oNjZXtT3O1N8KF2wHYOUH62w3AK/V8r8o explicit
> debug1: Authentications that can continue: publickey,password
> debug1: Offering public key: /Users/yuan/.ssh/id_rsa RSA 
> SHA256:+1b/NEVSa5oNjZXtT3O1N8KF2wHYOUH62w3AK/V8r8o explicit
> debug1: Authentications that can continue: publickey,password
> debug1: Next authentication method: password
> 
> Then I uploaded another key, waited an hour and tried with the new key, still 
> no luck.

Make sure that the offered key is (one of the) registered; no need to wait,
the changes in Savannah account are in effect immediately; add two more -v to
ssh invocation,

  ssh -vvv caso...@git.savannah.gnu.org


signature.asc
Description: PGP signature

Re: Changed access rights in the bug-tracker "savannah.gnu.org/bugs/?group=groff"

[Ineiev]

On Sun, Mar 27, 2022 at 07:39:15PM +, Bjarni Ingi Gislason wrote:
>   https://savannah.gnu.org/bugs/?group=groff
> 
>   When clicking on a bug number in column "Item ID" a message appears:
> 
> "You are not allowed to post comments on this tracker with your current
> authentication level".

Thank you, fixed.


signature.asc
Description: PGP signature

multiple changes in Savannah web code

[Ineiev]

Hello,

I've just pushed and installed a lot of changes in the frontend part
of Savane; the commits mostly re-implement sanitizing user-supplied
values in a stricter way. I think this should fix the XSS issues
reported almost a year ago.

Please report bugs.

Thank you!


signature.asc
Description: PGP signature

Re: Daily News Aggregation

[Ineiev]

On Mon, Oct 11, 2021 at 12:07:37PM -0400, Stephen H. Dawson, DSL via Discussion 
of savannah-announce and any user-oriented topic wrote:
>The RSS feed from planet.gnu.org is missing project information from
>GNUrc.
>[1]https://lists.gnu.org/archive/html/info-gnu/2021-10/index.html
>This listing is incomplete compared to planet.gnu.org.
>Do you now understand the holes in play?

I'm afraid, I don't.

The GNU Project has no 'GNUrc' package, and I'm not sure
what "this listing" is, to say nothing of why it is incomplete.


signature.asc
Description: PGP signature

Re: Daily News Aggregation

[Ineiev]

On Mon, Oct 11, 2021 at 09:59:43AM -0400, Stephen H. Dawson, DSL via Discussion 
of savannah-announce and any user-oriented topic wrote:
...
>There is nothing I see that has a list of GNU project news beyond
>planet.gnu.org for the specifics of a project.

I'm not sure I understand this... what's wrong with info-gnu@?

>Since the identified RSS feed does not have all of the material at
>planet.gnu.org as listed there,..

But I think it does; it even includes entries that really have no
relation to the GNU Project.


signature.asc
Description: PGP signature

Re: Daily News Aggregation

[Ineiev]

On Mon, Oct 11, 2021 at 07:30:48AM -0400, Stephen H. Dawson, DSL via Discussion 
of savannah-announce and any user-oriented topic wrote:
>Yes, the URL is what I remember. What I also remember is an email that
>came daily to tell of the entries posted there.
>I am not clear on the communication reasoning in play. Posting all of
>the good news about GNU to respective news feeds is great. Aggregating
>them to this URL is even better. However, the option to have a
>collection sent by email makes sense to me.
>[1]https://planet.gnu.org/rss20.xml
>I just checked the RSS feed. It does not receive the entries from the
>9th posted to [2]https://planet.gnu.org/. Something is off on the RSS
>side of the feed. Also, the absence of the email option means GNU is
>not communicating to the public as intended.

The GNU Project has the info-gnu mailing list for announcements,
 https://lists.gnu.org/mailman/listinfo/info-gnu

There are also other channels for news related to GNU,
https://www.gnu.org/keepingup.html


signature.asc
Description: PGP signature

Re: problem connecting to cvs.savannah

[Ineiev]

On Tue, Aug 24, 2021 at 11:55:13AM +, Wensheng Xie wrote:
> I updated my PC. Now I had a problem in accessing the repository:
...
> If I ping cvs.savannah.gnu.org, the connection is there.
> 
> What do I need to check?

What is the output of this command?

ssh -v w...@cvs.savannah.gnu.org


signature.asc
Description: PGP signature

Re: Unlicensed game source code hosting

[Ineiev]

On Wed, Jul 07, 2021 at 03:32:46PM +0200, dj Stolen wrote:
> 
> I am a BoardGameGeek and as I was browsing https://boardgamegeek.com I
> found some implementation of games which are only there on the site
> (nowhere else).
...

If I understand you correctly, you were considering storing programs
developed by other people.  The purpose of Savannah is different:
we exist to help people develop software and technical documentation,
we don't provide storage and back-up services.


signature.asc
Description: PGP signature

Re: Can no longer login to savannah.

[Ineiev]

On Mon, Mar 22, 2021 at 10:22:01AM +0100, Carlo Wood wrote:
>
> This worked, because now I can do ssh ca...@cvs.savannah.gnu.org
> and it doesn't ask for my password anymore (I get an error that
> I am not allowed to execute that command; obviously because it
> is a restricted shell for cvs only).
>
> However, when I do:
>
> which> cvs diff
>
> nothing happens. That command just hangs.
> Any idea how I can investigate that?

I would check if these things work:

* "member" cvs checkout
* anonymous cvs checkout and cvs diff with it


signature.asc
Description: PGP signature

Re: Group keyrings

[Ineiev]

Hello;

On Tue, Feb 09, 2021 at 04:03:25PM +, Ineiev wrote:
...
> Probably, it would be better if each group had a public area
> where its admins (rather than every member) could post only keys
> used for releases, like GnuPG does [1]. I've pushed a patch for it
> to the group-keyring branch [2].

I've just installed the changes on Savannah, including updated
documentation,

https://savannah.gnu.org/maintenance/UsingGpg/
https://savannah.gnu.org/maintenance/DownloadArea/

Please check if anything needs fixing; after that, we probably
should make an announcement in the Savannah News area.

Thank you!


signature.asc
Description: PGP signature

Group keyrings

[Ineiev]

Hello,

[re-posted from savannah-hackers-public]

Currently, Savannah serves all GPG keys registered in accounts
of group's members as the keyring of the respective group,
like [0].

This keyring doesn't work very well as a source of signing
keys of group's releases, because the group may have many more
members than persons who actually sign releases: any member can
carelessly register new keys without thinking about the impact
on the security of released files, and team's admins have to
but monitor the aggregated keyring---I don't believe anyone actually
does (also, people may have one key for getting encrypted personal
emails and another key for signing tarballs).

In particular, the set of keys registered by members of 'emacs'
has quite a few very old keys, and one of them is dsa768; as far
as I understand, such keys aren't considered adequate these days.
if the bad ones crack such a key and replace files on a mirror
(I think it would be easier to setup a mirror and register it
on Savannah than to crack the key), they'll be able to get round
the signature verification for those who are unfortunate enough
to pick that mirror.

Probably, it would be better if each group had a public area
where its admins (rather than every member) could post only keys
used for releases, like GnuPG does [1]. I've pushed a patch for it
to the group-keyring branch [2].

What do people think?

[0] https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=emacs
[1] https://www.gnupg.org/signature_key.html
[2] 
https://git.savannah.gnu.org/cgit/administration/savane.git/log/?h=group-keyring


signature.asc
Description: PGP signature

Re: Account Name

[Ineiev]

On Fri, Oct 09, 2020 at 12:51:36AM +0200, Andrea G. Monaco wrote:
> I can't remember my user name on Savannah. I used this email address.

No account currently uses this email address; are you sure
you used it?


signature.asc
Description: PGP signature

Re: IdleAccounts

[Ineiev]

On Thu, May 28, 2020 at 02:23:34AM +0200, Thomas De Contes wrote:
> 
> Le 28 mai 2020 à 01:31, Jan Owoc a écrit :
> 
> > On Wed, May 27, 2020, 16:36 Thomas De Contes,  wrote:
> > 
> >> I'm a member of this project :
> >> https://savannah.nongnu.org/project/memberlist.php?group=rapid
> >> but i don't have a lot of time to code
> >> 
> >> 
> >> https://savannah.gnu.org/maintenance/IdleAccounts/
> >> 
> >> Is it considered as "actually join any group" ?

Yes, exactly.

> > If you made at least one legitimate comment or commit,
> 
> i did only
> svn co svn+ssh://tdecon...@svn.savannah.nongnu.org/rapid/branches/gtkada-2.24
> but no
> svn ci
> 
> i find i'm not ready to make a commit now, and i don't want to make a straw 
> one
> 
> Is it possible to ask savannah admins to have 2 or 4 more weeks to do that ?
> i registered on May 15, so i'm at the end of the 2 1st weeks ...

If your account is a member of any group, it isn't subject to
automatically deleting (in fact, we don't check VCS commits at all).


signature.asc
Description: PGP signature

Re: [Savannah-hackers-public] account recovery guidelines

[Ineiev]

Hello,

I've just committed a few first revisions of Savannah account
recovery guidelines,

https://savannah.gnu.org/maintenance/LostAccounts/

Comments and suggestions are welcome.

Thank you!


signature.asc
Description: PGP signature

Re: Eligibility of CC-BY-SA for documentation within a software project

[Ineiev]

On Fri, Feb 28, 2020 at 04:39:35PM -0700, Karl Berry wrote:
> 
> the entire repository with all previous history of commits (some of
> which turned out to be inconsistent with the policies) to Savannah after
> adjusting the current commits to the requirements?
> 
> I don't know. I don't recall a precedent either way.

TTBOMK the current practice is to keep the latest revisions
compliant; it would be too much to require rewriting the history.


signature.asc
Description: PGP signature

Re: Eligibility of CC-BY-SA for documentation within a software project

[Ineiev]

On Fri, Feb 28, 2020 at 05:55:00AM +, Ineiev wrote:
> >
... 
> > As far as I can recall, we are not allowed to accept gpl for manuals,
> > although that seems draconian
...

The GFDL is the license for GNU manuals; if some documentation
is FDL-incompatible, GNU packages won't be able to use it, and
it's expected that the GNU project should be able to copy
from packages hosted on Savannah.


signature.asc
Description: PGP signature

Re: Eligibility of CC-BY-SA for documentation within a software project

[Ineiev]

On Thu, Feb 27, 2020 at 04:00:40PM -0700, Karl Berry wrote:
> cc-by-sa became gplv3 compatible. 
> 
> Cool! I forgot that.
> 
> Still not gfdl compatible.
> 
> https://creativecommons.org/2015/10/08/cc-by-sa-4-0-now-one-way-compatible-with-gplv3/
> 
> In that light, I hope it would be allowed.
> 
> I fear it's still an exception that rms would have to approve :(. 
> As far as I can recall, we are not allowed to accept gpl for manuals,
> although that seems draconian and I can't find any explicit statement
> about it right now :(.

 https://savannah.gnu.org/register/requirements.php:
"For manuals, we recommend GNU FDL version X-or-later,
 where X is the latest released version of the FDL;
 other licensing compatible with that is acceptable".


signature.asc
Description: PGP signature

Re: A second Git repo for Gash

[Ineiev]

On Fri, Feb 07, 2020 at 12:58:27PM -0500, Timothy Sample wrote:
> 
> Thanks!  Here’s some descriptions.
> 
> Gash:
> 
> POSIX-compatible shell written in Guile Scheme
> 
> Gash-Utils:
> 
>Core POSIX utilities written in Guile Scheme

I've just updated these strings in Savannah.


signature.asc
Description: PGP signature

Re: A second Git repo for Gash

[Ineiev]

On Thu, Feb 06, 2020 at 01:14:17PM -0500, Timothy Sample wrote:
> 
> I was hoping to have a second Git repo for my project called “gash”.
> Would it be possible to make one called “gash-utils”?

Done; what the descriptions of your repositories should be?


signature.asc
Description: PGP signature

Re: [Savannah-users] Multiple GPG keys on Savannah

[Ineiev]

Hello, Asher;

On Fri, Aug 02, 2019 at 12:13:13PM -0400, Asher Gordon wrote:
> 
> I have an ECDSA key (ed25519) and and RSA key (rsa4096). I prefer to use
> the ECDSA key since it is smaller and faster but still secure. I have
> the RSA key in case people cannot use my ECDSA key (since ECC is still
> relatively new).
> 
> Is it OK to upload both keys? Or will that cause problems? Currently, I
> have both keys uploaded [1].

Yes, you can upload as many keys as you reasonably want.

> As a side note, when testing the keys, Savannah's gpg fails to import
> the ECDSA key since it is too old (1.4.16). For example, when I try to
> test both keys, it imports the RSA one successfully, but not the ECDSA
> one:

This means that Savannah won't be able to use your ECDSA key to send
you encrypted emails; it still should use your RSA key for that
(depending on your account configuration).

> I would suggest updating Savannah's GnuPG since it is so old. I am still
> able to upload the keys even though they don't pass the test, though.

The respective part of Savannah runs Trisquel 7, and it comes with
GnuPG 2.0 series which doesn't support ECC anyway; however, we should
update it before 2020, and then...

https://savannah.nongnu.org/support/?109583


signature.asc
Description: PGP signature

Re: [Savannah-users] repository online

[Ineiev]

Hello,

On Sun, Jul 28, 2019 at 06:59:51PM +0200, wscieklyfour...@o2.pl wrote:
> I submitted repository with below details but cannot still find it under
> search button.  What search terms should I put?

We only host packages that contain something substantial, they only
show up under evaluation.

Your submission contained no reasonable description, I'm going to
discard it as spam; please fill the registration form carefully
if you'd like to create a new group on Savannah; also, please check
https://savannah.gnu.org/maintenance/HowToGetYourProjectApprovedQuickly/

Thank you!


signature.asc
Description: PGP signature

Re: [Savannah-users] Savane markup [was: How to subscribe to a bugreport?]

[Ineiev]

On Thu, Jun 13, 2019 at 06:21:35AM -0400, Paul Smith wrote:
> 
> Any misspellings and it won't work.  And of course, there's no preview
> capability and there's no way to edit comments once they're created...
> 
> Full info about what is available can be found here:
> https://savannah.nongnu.org/cookbook/?func=detailitem_id=125

I've just added a page with an updated description of markup and
a form to preview it,
https://savannah.gnu.org/markup-test.php

Let me know if any moves were in a wrong direction.


signature.asc
Description: PGP signature

Re: [Savannah-users] How to subscribe to a bugreport?

[Ineiev]

On Thu, Jun 13, 2019 at 06:21:35AM -0400, Paul Smith wrote:
> Any misspellings and it won't work.

Correct.

> And of course, there's no preview capability

No... well, there is, but only for comments, not for original
submissions (yet).

> and there's no way to edit comments once they're created...

I'm not sure we should let people remove their comments;
instead, I'm thinking of a way to hide them---like spam,
but without "incriminating" the users.


signature.asc
Description: PGP signature

Re: [Savannah-users] How to subscribe to a bugreport?

[Ineiev]

On Thu, Jun 13, 2019 at 09:41:23AM +0300, Konstantin Kharlamov wrote:
> Oh, did I mention the site also lost all whitespace
> formatting that I applied to the report? t

In fact, it is not completely lost, you can see it in the
"page source", it's just browsers that "collapse" the spaces;
perhaps we should modify rendering to enforce them.


signature.asc
Description: PGP signature

Re: [Savannah-users] How to subscribe to a bugreport?

[Ineiev]

Hello, Konstantin;

On Thu, Jun 13, 2019 at 01:26:57AM +0300, Konstantin Kharlamov wrote:
> Basically, I created a report http://savannah.gnu.org/bugs/index.php?56484
> and I want to subscribe to it.
>
> I haven't seen a CC field while creating a report, and there's no way to
> modify the field now.
>
> I thought maybe I need to log in, but it's impossible either. When I create
> an account, it says something like "this email already has account
> registered". And then when I try "restore password" link, it requires a
> login instead of email, and I've no idea what login it is. Certainly not the
> one I usually use, because account creation prohibits certain characters on
> login name.

The account with your current email is nongnusucks; as I can see, you did
manage to create another account and post from it in that bug.


signature.asc
Description: PGP signature

Re: [Savannah-users] Savannah https SSL certificates updated

[Ineiev]

On Mon, Mar 02, 2015 at 10:15:31PM +, Bob Proulx wrote:
 The https SSL certificates for the Savannah web site have been updated.

It looks like this disabled some of my cron jobs on fencepost.gnu.org;
it used to wget https://...savannah.gnu.org/...; now it says
ERROR: cannot verify savannah.gnu.org's certificate, issued by 
`/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2':
  Unable to locally verify the issuer's authority.

Probably I should file a request to sysadmin, or configure
something in ~/.

Any ideas?

Re: [Savannah-users] Problems with login

[Ineiev]

On 06/01/2013 01:55 PM, Albino B Neto wrote:

2013/6/1 Albino B Neto bino...@binoanb.eti.br:

I did register in saravannah as binoanb.


The registration was pending with email bino...@binanb.eti.br;
I changed it to bino...@binoanb.eti.br and activated the account;
you must be able to reset the password.

Re: [Savannah-users] Mailing list discarding random messages

[Ineiev]

On 05/25/2013 06:27 AM, Bob Proulx wrote:

  www-..-(general|trans|discuss|internal)
  www-..-..-(general|trans|discuss|internal)

Is lista a pattern that should be added to that collection?  Or is
that a single one-off name unique to that list?


I'd suggest www-..-..* (i.e. all lists of www.gnu.org translation teams).

Re: [Savannah-users] Mailing list discarding random messages

[Ineiev]

On 05/24/2013 08:48 PM, Marin Rameša wrote:

I also have a mail that is for multiple recipients (including www-hr-
li...@gnu.org) that did not get archived.


Just a guess: did you try to remove listhel...@gnu.org from
[General Options] - [The list moderator email addresses]?

Re: [Savannah-users] password must be more complicated

[Ineiev]

On 05/13/2013 11:19 PM, Jan Owoc wrote:

Until this thread surfaced, I didn't know that a program like
pwqcheck existed, let alone what the phrase pwqcheck options are:
'match=0 max=256 min=24,24,11,8,7'  meant. I wanted to point out that
a large portion of websites that require users to generate passwords
either:

A) have rules written out in human-readable form on what is an
acceptable password (eg. have all 4 of these character classes AND be
7 characters long, or have 3 of 3 character classes AND be 8
characters long, or be at least 24 characters long); the user can then
count the characters in the password they've invented or generated,
and know if it would pass


Something like attached?
diff --git a/frontend/php/include/account.php b/frontend/php/include/account.php
index e757500..70db623 100644
--- a/frontend/php/include/account.php
+++ b/frontend/php/include/account.php
@@ -23,14 +23,110 @@
 
 require_once(dirname(__FILE__).'/pwqcheck.php');
 
+function expand_pwqcheck_options() {
+  global $pwqcheck_args;
+
+  $args = $pwqcheck_args. ;
+  $help = ;
+
+  if(preg_match(/max=([[:digit:]]*) /, $args, $matches)) {
+$help .= br /\n;
+  $help .= sprintf(_(The maximum allowed password length: %s.),
+   $matches[1]);
+  }
+
+  if(preg_match(/passphrase=([[:digit:]]*) /, $args, $matches)) {
+$help .= br /\n;
+  $help .= sprintf(_(The number of words required for a passphrase: %s.),
+   $matches[1]);
+  }
+
+  if(preg_match(/match=([[:digit:]]*) /, $args, $matches)) {
+$help .= br /\n;
+if($matches[1]) {
+  $help .= sprintf(_(EOF
+The length of common substring required to conclude that a password
+is at least partially based on information found in a character string: %s.
+EOF
+), $matches[1]);
+} else {
+  $help .= _(Checks for common substrigs are disabled.);
+}
+  } # preg_match($args, /match=([^ ]*)/ , $matches)
+
+  $field = ([[:digit:]]*|disabled);
+  if(preg_match(/min=.$field.,.$field.,.$field.,.$field.,.$field. 
/,
+ $args, $matches)) {
+$help .= br /\n;
+if($matches[1] == disabled) {
+  $help .=
+_(Passwords consisting of characters from one class only are not 
allowed.);
+} else {
+  $help .= sprintf(_(EOF
+The minimum length for passwords consisting from characters of one class: %s.
+EOF
+), $matches[1]);
+}
+$help .= br /\n;
+if($matches[2] == disabled) {
+  $help .= _(EOF
+Passwords consisting of characters from two classes that don't meet
+requirements for passphrases are not allowed.
+EOF
+);
+} else {
+  $help .= sprintf(_(EOF
+The minimum length for passwords consisting from characters of two classes
+that don't meet requirements for passphrases: %s.
+EOF
+), $matches[2]);
+}
+$help .= br /\n;
+if($matches[3] == disabled) {
+  $help .= _(Check for passphrases is disabled.);
+} else {
+  $help .=
+sprintf(_(The minimum length for passphrases: %s.), $matches[3]);
+}
+$help .= br /\n;
+if($matches[4] == disabled) {
+  $help .= _(EOF
+Passwords consisting of characters from three classes are not allowed.
+EOF
+);
+} else {
+  $help .= sprintf(_(EOF
+The minimum length for passwords consisting from characters
+of three classes: %s.
+EOF
+), $matches[4]);
+   }
+$help .= br /\n;
+if($matches[5] == disabled) {
+  $help .= _(EOF
+Passwords consisting of characters from four classes are not allowed.
+EOF
+);
+} else {
+  $help .= sprintf(_(EOF
+The minimum length for passwords consisting from characters
+of four classes: %s.
+EOF
+), $matches[5]);
+   }
+  } # preg_match(/min=.$field.,.$field.,.$field.,.$field.,.$field. 
/,
+  return $help;
+}
+
 function account_password_help() {
   global $use_pwqcheck, $pwqcheck_args;
   $help = _((long enough or containing multiple character classes: symbols, 
digits (0-9), upper and lower case letters));
   if ($use_pwqcheck) {
 $pwqgen = exec(pwqgen);
 $help .=  .sprintf(_((for instance: %s).), htmlspecialchars($pwqgen));
-$help .=  .sprintf(_(pwqcheck options are: '%s'),
+$help .=  .sprintf(_(pwqcheck options are '%s'),
  htmlspecialchars($pwqcheck_args));
+$help .= expand_pwqcheck_options();
   }
   return $help;
 }

Re: [Savannah-users] password must be more complicated

[Ineiev]

On 05/08/2013 11:34 AM, Bob Proulx wrote:

I think it is useful to use
pwqcheck and if it passes that then stop there.  But if it fails
pwqcheck I would like to look to see if it is a false positive.  Look
to see if it has a reasonable amount of character classes and if so
then mark it okay.


We could implement it as a warning rather than a requirement
(Password has changed; note that it may be weak (pwqcheck message).).

Re: [Savannah-users] password must be more complicated

[Ineiev]

On 05/07/2013 11:48 AM, Bob Proulx wrote:

But playing around with things I find some crazy behavior.  Check this
out.  I ran pwgen to create random passwords.  I tried some.  The
first several I tried failed.  Others did work.

  $ echo ohtaOe0h | pwqcheck -1 max=256 min=disabled,24,11,8,7
  Bad passphrase (based on a dictionary word and not a passphrase)

  $ echo uChiel9m | pwqcheck -1 max=256 min=disabled,24,11,8,7
  Bad passphrase (based on a dictionary word and not a passphrase)

  $ echo Iephoo3i | pwqcheck -1 max=256 min=24,24,11,8,7
  Bad passphrase (not enough different characters or classes for this length)

  $ echo ox8iChae | pwqcheck -1 max=256 min=24,24,11,8,7
  OK


pwgen -1 -s 8 1|while read i;do echo $i|pwqcheck -1 min=24,24,11,8,7;done 
|grep ^OK|wc -l

8698

pwgen -1 -s 9 1|while read i;do echo $i|pwqcheck -1 min=24,24,11,8,7;done 
|grep ^OK|wc -l

9334

Of course, an independent generator will produce some passwords
that don't pass pwqcheck criteria, but IMHO the results
are reasonable (provided the goal is to eliminate weak passwords
rather than to accept all pwgen-generated ones).

Re: [Savannah-users] password must contain multiple character classes...

[Ineiev]

On 05/06/2013 09:48 AM, Bob Proulx wrote:

Dan (jidanni) the original poster isn't subscribed.  He didn't ask to
be CC'd so we haven't been doing so.  Would you write him and let him
know that you improved things for him?


Done.


I have no idea on how to push the commit yet; it looks like it is
not enough to be in the administration group to do that.


Hmm...  Let me look at things for a bit.


Thank you!

Re: [Savannah-users] password must contain multiple character classes...

[Ineiev]

On 05/02/2013 11:10 PM, Bob Proulx wrote:
 There weren't any differences between the two repositories concerning
 the files for which you have proposed changes.  So everything you
 propose applies equally to either.  But it seems to me that the
 repository that needs your modifications is administration/savane.
 Since that is the one that is actively running the site.

I think you are right; I should have noticed that myself.

 And if savane-cleanup is a fork then the improvements really need to
 go into it too.  Does anyone know the status of that cleanup effort?

The latest committer must know, unless the effort was abandoned.

Re: [Savannah-users] password must contain multiple character classes...

[Ineiev]

On 04/05/2013 09:49 PM, Karl Berry wrote:

We are all agreed that the current savannah password requirement is
suboptimal, so there's no point in continuing to argue about it, there's
no one left to convince.  What's needed, as always with savannah, is a
person to volunteer to figure out how to actually change it and do the
work.


What about allowing longer passwords (e.g. up to 127 characters;
more wouldn't probably be practically useful)?

Re: [Savannah-users] Contribute to www-nl

[Ineiev]

Hi, Karim!

On 02/27/2013 08:57 AM, i...@kar.im wrote:

I want to contribute to www-nl


What do you want to contribute?


but the module/folder (
http://cvs.savannah.gnu.org/viewvc/?root=www-nl
http://cvs.savannah.gnu.org/viewvc/?root=www-nl ) doesn't exist.


The way to contribute is group-specific.


I also
requested access to the group but haven't received anything back yet.


As I can see, it was less than three days ago. It is unreasonable
to _require_ so fast response from a group's admins.