On Sat, 19 Feb 2011 17:35:21 +1000, Allan McRae wrote:
I will repeat myself again... Patches for pacman do bugger all for
getting signatures into Arch Linux repos. Patches for the Arch Linux
devtools/db-scripts packages are needed.
To be honest, I don't think it's worth to work on patches
Integrity checking in pacman seems to be a CPU-bound embarrassingly
parallel task, so I'd like to spread it out over every available core
to speed it up. To me it looks like both the delta and regular
package integrity checking loops in lib/libalpm/sync.c could be
parallelised. But I've never
On Sat, Feb 19, 2011 at 04:26:56AM -0500, Tavian Barnes wrote:
snip
- There's no portable way to get the number of available cores. Where
does platform-specific code go in libalpm? The way to do it on Linux
is with sched_getaffinity(); sysconf(_SC_NPROCESSORS_ONLN) is almost
as good and
On Sat, Feb 19, 2011 at 01:13:22PM +0200, Nezmer wrote:
On Sat, Feb 19, 2011 at 04:26:56AM -0500, Tavian Barnes wrote:
snip
- There's no portable way to get the number of available cores. Where
does platform-specific code go in libalpm? The way to do it on Linux
is with
Hi Allan
I will repeat myself again... Patches for pacman do bugger all for
getting signatures into Arch Linux repos. Patches for the Arch Linux
devtools/db-scripts packages are needed.
Well, Pierre says the same for pacman. Someone has to take the first
initiative here.
And I will once
On Sat, 19 Feb 2011 10:25:38 +0100
Pierre Schmitz pie...@archlinux.de wrote:
I'd prefer to be pointed at some documents which
describe exactly the wrokflow to sign a package with makepkg, upload
it, add it to a db, update, replace and delete it.
Once there is a version of pacman which
On Mon, Feb 7, 2011 at 4:58 AM, Allan McRae al...@archlinux.org wrote:
This is a draft for the README file update for pacman-3.5.
I have flagged two areas that I am not particularly clear at what happened.
I would be great if the people involved in those changes could make the
appropriate
On Fri, 18 Feb 2011 23:30:22 -0200
Denis A. Altoé falqu...@256.com wrote:
Two new command line options were added:
Nice to see your work with makepkg in this area Denis - that's key (pun). From
what I've reviewed of what you're doing, I would say you're working in an area
that needs it for
On 19/02/11 19:25, Pierre Schmitz wrote:
On Sat, 19 Feb 2011 17:35:21 +1000, Allan McRae wrote:
I will repeat myself again... Patches for pacman do bugger all for
getting signatures into Arch Linux repos. Patches for the Arch Linux
devtools/db-scripts packages are needed.
To be honest, I
On 19/02/11 11:30, Denis A. Altoé Falqueto wrote:
Minor change to use macro to substitute the shebang with the correct
shell binary, as is done in other scripts.
Signed-off-by: Denis A. Altoé Falquetodenisfalqu...@gmail.com
---
Signed-off-by: Allan
On 19/02/11 11:30, Denis A. Altoé Falqueto wrote:
The option --trus was changed to --edit-key, for better alignment
with the underlying --edit-key of gnupg.
The options --config and --gpgdir were not being handled correctly.
They would not work if were not used as first arguments always.
Now
On Sat, Feb 19, 2011 at 2:06 PM, IgnorantGuru
jgj7.pacman...@mailnull.com wrote:
Interesting that you think so, because patches are the way to make non-secure
junk. The way to make things work is for the person most familiar with the
code and protocols to make those changes rather than him
On Sat, 19 Feb 2011 23:46:57 +1000
Allan McRae al...@archlinux.org wrote:
Or is it less secure to write our own code (reviewed by perhaps two
people total) to launch and parse the output of gpg or use the
wrapper provided by the gpgp devs. Note that gpgme just calls gpg,
so you can still
On 19/02/11 11:30, Denis A. Altoé Falqueto wrote:
Two new command line options were added:
-n, --sign: forces the generation of a signature for
the resulting package, even if not configured in makepkg.conf.
The command line has precedence over the option in
makepkg.conf. So, even if
On Sat, 19 Feb 2011 15:33:11 +0100
Xavier Chantry chantry.xav...@gmail.com wrote:
And well, we agree, so thanks for your quality contribution !
My pleasure. Frankly, I thought it would be a waste of my time to try to talk
to the development team about this, but I made my best effort anyway,
On 20/02/11 00:33, IgnorantGuru wrote:
On Sat, 19 Feb 2011 23:46:57 +1000
Allan McRaeal...@archlinux.org wrote:
Or is it less secure to write our own code (reviewed by perhaps two
people total) to launch and parse the output of gpg or use the
wrapper provided by the gpgp devs. Note that
On Sun 20 Feb 2011 01:24 +1000, Allan McRae wrote:
On 20/02/11 00:33, IgnorantGuru wrote:
On Sat, 19 Feb 2011 23:46:57 +1000
Allan McRaeal...@archlinux.org wrote:
Or is it less secure to write our own code (reviewed by perhaps two
people total) to launch and parse the output of gpg or use
Yeah! Archers deserve to die!
But really I'm not convinced by this hyper-paranoia trash.
There will always be ways to compromise your machine. Someone who would
go through the trouble of setting up a proxy mirror and injecting
malicious code into seemingly normal packages is probably going to
On Sat, 2011-02-19 at 20:05 +0100, Alf Gaida wrote:
Yeah! Archers deserve to die!
But really I'm not convinced by this hyper-paranoia trash.
There will always be ways to compromise your machine. Someone who would
go through the trouble of setting up a proxy mirror and injecting
malicious
Maybe i have should use a ironic tag. Nothing is secure in the end, if
anyone will do harm, he'll find a security hole. Like this:
http://www.webhostingtalk.com/showthread.php?t=717240
I agree fully with Allan. For me it makes not a big difference if a package is
signed or not. It's a nice to
On 19 February 2011 06:28, Nezmer g...@nezmer.info wrote:
Actually, The sysconf() method works at least in FreeBSD and the man page
says the sysconf interface is defined by POSIX.1
The sysconf() interface is specified by POSIX.1, but
_SC_NPROCESSORS_ONLN is a non-standard extension.
You can
On 02/19/2011 08:38 PM, Alf Gaida wrote:
Maybe i have should use a ironic tag. Nothing is secure in the end, if
anyone will do harm, he'll find a security hole. Like this:
http://www.webhostingtalk.com/showthread.php?t=717240
Exactly, because we cannot reach perfect security, we should not
On Sat, Feb 19, 2011 at 3:24 PM, Tavian Barnes
taviana...@tavianator.com wrote:
On 19 February 2011 06:28, Nezmer g...@nezmer.info wrote:
Actually, The sysconf() method works at least in FreeBSD and the man page
says the sysconf interface is defined by POSIX.1
The sysconf() interface is
On 20/02/11 08:42, Daniel Mendler wrote:
@Allan: I am a bit disappointed with your opinion that you want to
implement only features that you care about. I think there is also a
reponsibility if you are one of the main developers of the package
manager of a popular distribution. And you don't
Am 19. Feb. 11, 23:42:18 schrieb Daniel Mendler:
It makes a big difference if your system is compromised. And then you
will care about it. I don't understand this naive and short-sighted opinion.
Daniel
I'm _not_ naive and short-sighted. i just don't care. If i were concernd about
this there
On 20/02/11 09:22, Tavian Barnes wrote:
On 19 February 2011 18:08, Dan McGeedpmc...@gmail.com wrote:
On Sat, Feb 19, 2011 at 3:24 PM, Tavian Barnes
taviana...@tavianator.com wrote:
On 19 February 2011 06:28, Nezmerg...@nezmer.info wrote:
You can look at how x264 guys implemented this.
I'm not sure I even want to get involved in this thread. :/
On Sat, Feb 19, 2011 at 5:05 PM, Allan McRae al...@archlinux.org wrote:
On 20/02/11 08:42, Daniel Mendler wrote:
@Allan: I am a bit disappointed with your opinion that you want to
implement only features that you care about. I think
On 19 February 2011 18:26, Allan McRae al...@archlinux.org wrote:
On 20/02/11 09:22, Tavian Barnes wrote:
On 19 February 2011 18:08, Dan McGeedpmc...@gmail.com wrote:
On Sat, Feb 19, 2011 at 3:24 PM, Tavian Barnes
taviana...@tavianator.com wrote:
On 19 February 2011 06:28,
Responsibility? I take responsibility for myself and no one else,
anything else would be stupid and make me legally liable for work I
don't even get paid for.
I don't mean that you take legal reponsibility. I only mean that you
have some influence one how this project continues.
And you
On 20/02/11 10:36, Daniel Mendler wrote:
I think this should also go to a much more technical level. We have the
gpg tree in Allan's repository. As I said I tested it with a repository
and got it to work. So can you tell me what do you need till this can be
merged into master?
1. Design a
30 matches
Mail list logo
