Re: Another load of typos

[Wesley J Landaker]

On Monday, 14 March 2005 21:32, Florian Zumbiehl wrote:
> To verify that what I think to be incorrect really is, here is the
> list of "words" I've found to be used with "a" but which I think
> should be used with "an":

> FAQ

Most people I know pronounce this "fack" not "eff ay kyu". Others 
probably have the opposite view, but nobody I've spoken with has ever 
said it out loud. ;)

It's probably up to the speaker/writer whether it's "a FAQ" or "an FAQ", 
depending on how they're intending it to be pronounced.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2



pgpVJnOvZFWh9.pgp
Description: PGP signature

Bug#299724: ITP: groach -- pests such as roaches hide under your windows (xroach clone)

[Wesley J. Landaker]

Package: wnpp
Severity: wishlist
Owner: "Wesley J. Landaker" <[EMAIL PROTECTED]>

* Package name: groach
  Version : 0.4.0
  Upstream Author : INOUE Seiichiro <[EMAIL PROTECTED]>
* URL : 
<http://home.catv.ne.jp/pp/ginoue/software/groach/index-e.html>
* License : GPL
  Description : pests such as roaches hide under your X windows (xroach 
clone)

groach is a clone of the classic xroach program, but with multiple
themes, more modern code, and a free license.

Since xroach has license issues (bug #189122), groach is a great
alternative.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#299724: ITP: groach -- pests such as roaches hide under your windows (xroach clone)

[Wesley J Landaker]

On Tuesday, 15 March 2005 18:50, sean finney wrote:
> On Tue, Mar 15, 2005 at 06:18:43PM -0700, Wesley J. Landaker wrote:
> > groach is a clone of the classic xroach program, but with multiple
> > themes, more modern code, and a free license.
>
> why would anyone want to use this program? it's so... full... of... 
> bugs...
>
>
> (/me goes and hides under an xterm)

Hey if all you have is critism, you can... bug off. ;)

-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2



pgpwVnea46rna.pgp
Description: PGP signature

Bug#340624: ITP: sendcard -- web-based virtual greeting card (e-card) software

[Wesley J. Landaker]

Package: wnpp
Severity: wishlist
Owner: "Wesley J. Landaker" <[EMAIL PROTECTED]>

* Package name: sendcard
  Version : 3.2.3
  Upstream Author : Peter Bowyer <[EMAIL PROTECTED]>
* URL : http://www.sendcard.org
* License : Artistic License or QPL (contacted author to clarify)
  Description : web-based virtual greeting card (e-card) software

Sendcard is a web-based virtual greeting card (e-card) server software package.

As described by the upstream website (the rest of this is a quote):

What is sendcard?
Sendcard is a multi-database (It currently supports 9 different
databases!) e-card or virtual postcard program written in PHP. Suitable
for large or small sites, it is very easy to setup, and comes with an
installation wizard. What could be easier?

Some of sendcard's features:
  * Adminstration console 
  * Configuration interface
  * Statistics module
  * Plugin control panel
  * Automatic database table creation
  * JPEG/ GIF/ PNG/Java/Flash/Quicktime support in cards
  * different templates for different cards (if required)
  * PHP in the templates
  * Emoticons (if required)
  * Comprehensive documentation
  * Automatic deletion of old cards
  * Multiple recipients
  * Smart template system
  * Optional music
  * Optional background and font colour
  * Optional selection of font face
  * Delayed sending of cards
  * Support for 9 databases 
  * MySQL
* PostgreSQL
* Interbase
* MS SQL
* mSQL
* OCi8
* ODBC
* Oracle
* Sybase
* Easily Extensible using built-in plugin architecture
* Unlimited support
* IT'S FREE!


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: apt PARALLELISM

[Wesley J. Landaker]

On Wednesday 14 December 2005 14:41, Olaf van der Spek wrote:
> On 13 Dec 2005 15:56:00 +0100, Claus Färber <[EMAIL PROTECTED]> 
wrote:
> > Olaf van der Spek <[EMAIL PROTECTED]> schrieb/wrote:
> > > That's not true. Suppose you've only got 3 users. If each user
> > > connects to one (different) mirror, he gets 1/1 of that mirror's
> > > bandwidth. If each user connects to each mirror, he only gets 1/3 of
> > > that mirror's bandwidth.
> >
> > They could get 1/1 of each server (total 3/1) if they connect at
> > different times.
>
> True if you assume the users have three times the bandwidth of a
> mirror (on average). A 'bit' unlikely.

It's not that simple; you have to count multiple users. If there are 500 
users accessing the mirror simultaneously, the mirror needs to have 500x 
the bandwidth of every user.

This isn't even taking into account the complexity of the internet routing 
in between, which can make multiple simultaneous sources faster--in actual 
wall-clock time--for the user no matter how fast or slow the user's or the 
mirror's connection is "on average".

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpHrkni4PEXL.pgp
Description: PGP signature

Re: For those who care about lesbians

[Wesley J. Landaker]

On Sunday 15 January 2006 01:36, Manoj Srivastava wrote:
> On Sat, 14 Jan 2006 17:51:03 +, Roger Leigh 
<[EMAIL PROTECTED]> said:
> > Mike Bird <[EMAIL PROTECTED]> writes:
> >> On Sat, 2006-01-14 at 08:40, Roger Leigh wrote:
> >>> Andrew, do you understand just how inappropriate and offensive
> >>> your mail was?  Nothing justifies abuse of our lists like that.
> >>> d-d-a is a widely-read list both inside and outside the project,
> >>> and you have done harm to our reputation.
> >>
> >> There was nothing offensive about Andrew's message.
> >
> > It is offensive to many people, myself included.
>
> Err, that is a poor criteria. Some people are offended by
>  others wishing them a merry Christmas, preferring happy holidays
>  instead. And others are offended by the dilution of Christmas by
>  happy holidays.

Whether or not any particular individual is offended by the content of 
Andrew's post is less important than how it was INTENDED to be offensive 
and off-topic.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpIeJsGokdsd.pgp
Description: PGP signature

Re: For those who care about the GR

[Wesley J. Landaker]

On Sunday 22 January 2006 11:59, Manoj Srivastava wrote:
> On Sun, 22 Jan 2006 10:21:13 -0700, Wesley J Landaker <[EMAIL PROTECTED]> 
said:
> > On Saturday 21 January 2006 13:52, Manoj Srivastava wrote:
> >> So, I am seeking arguments and guidance from the developer body
> >> whether issue 1 can, and should, be decidable by a general
> >> resolution, or whether the freeness of the GFDL licensed works
> >> without invariant clauses is incontrovertibly non-free, as the
> >> license is currently written.

> > My reading of all the options of this GR so far have the effect of
> > stating how the Debian project is interpreting the DFSG with respect
> > to the GFDL.

> I beg to differ. The original proposal was to explain the
>  stance Debian has already taken, as evidenced  by the BTS usertags
>  gfdl and nonfree-doc, and the release team statement -- and how the
>  license may be fixed.

Well, I believe that the original proposal was to *determine* the stance 
Debian should take. Anyway, you asked, as Project Secretary, for arguments 
and guidance from developers, so I provied my input.

> If you someone wants to change how Debian interprets the GFDL,
>  it should be a separate issue -- and quite likely should be done
>  before. Why is it that no one cared to override the delegates
>  decision until a statement explaining the decision is being issued?

Well, this last paragraph makes it sound to me like you've already made up 
your mind. If you are actually interested in why I personally didn't 
publicly make a big deal about the delegates decision, I'd be happy to 
discuss it some other time, but I don't think my action or inaction 
actually relevent to this GR.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpUQiyx78o3N.pgp
Description: PGP signature

Bug#301410: ITP: confluence -- language for synchronous reactive hardware system design

[Wesley J. Landaker]

Package: wnpp
Severity: wishlist
Owner: "Wesley J. Landaker" <[EMAIL PROTECTED]>

* Package name: confluence
  Version : 0.10.4
  Upstream Author : Tom Hawkins <[EMAIL PROTECTED]>
* URL : http://www.confluent.org/
* License : GPL
  Description : language for synchronous reactive hardware system design

>From the upstream website <http://www.confluent.org>:

  A Confluence program can generate digital logic for an FPGA or ASIC
  platform, or C code for hard real-time software.

  Confluence combines the component-based methodologies of Verilog and
  VHDL with the expressiveness of higher order functional programming.

  In comparison to Verilog, VHDL, and C, systems designed in Confluence
  result in 2X to 10X code reduction, making the source easier to manage
  and reuse. And because Confluence relies on a correct-by-construction
  compiler, bugs are reduced--some are prevented altogether--thus
  reducing the overall verification effort.

Essentially it's a high-level HDL that can generate VHDL, Verilog, JHDL,
C, etc, from a functional-style description. Quite a few open hardware
cores are written using this language, and it's growing in popularity in
industry as well.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#302309: ITP: bcron -- Bruce's cron system

[Wesley J. Landaker]

On Sunday 10 April 2005 12:08, Steve Greenland wrote:
> On 10-Apr-05, 10:55 (CDT), Reinhard Tartler <[EMAIL PROTECTED]> wrote:
> > On Apr 8, 2005 12:05 AM, Steve Greenland <[EMAIL PROTECTED]> wrote:
> > > Expect people to whine. I personally don't see why "@daily" is
> > > significantly easier than "0 0 * * *" but apparently some people get
> > > all sweaty if they have to type an asterisk.
> >
> > what about the "@reboot" extension? I think that's a really neat
> > feature.
>
> /etc/rdS.d
>
> I know, that's not accessible to users, only the admin. OTOH, I can't
> think of any really good reason that user needs to do something
> *automatically* on reboot.

Perhaps user-run services?

-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgp4HmI18wpEs.pgp
Description: PGP signature

Bug#304218: ITP: drawtiming -- tool for documenting hardware designs through timing diagrams

[Wesley J. Landaker]

Package: wnpp
Severity: wishlist
Owner: "Wesley J. Landaker" <[EMAIL PROTECTED]>

* Package name: drawtiming
  Version : 0.3
  Upstream Author : Edward Counce <[EMAIL PROTECTED]>
* URL : <http://drawtiming.sourceforge.net/>
* License : GPL
  Description : tool for documenting hardware designs through timing 
diagrams

>From the upstream website <http://drawtiming.sourceforge.net/index.html>:

 This software package provides a command line tool for documenting
 hardware and software designs through timing diagrams. It reads signal
 descriptions from a text file with an intuitive syntax, and outputs a
 timing diagram to an image file. Notation typical of timing diagrams found
 in the Electrical Engineering discipline is used, including arrows
 indicating causal relationships between signal transitions.

Essentially, it's a minilanguage for generating timing diagrams. This
is an incredibly useful thing if you have to design or document complex
digital circuits.

(One more tool to make Debian more useful for hardware development! =)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Temporal Release Strategy

[Wesley J. Landaker]

On Wednesday 13 April 2005 08:12, Patrick A. Ouellette wrote:
> PROPOSAL FOR DISCUSSION:
>
> I suggest we can eliminate the traditional concept of a "release"  with
> the addition of another step in the progression from unstable to
> stable.  Additionally, all promotion of packages from one step to the
> next will be automated according to strict rules.
>
> The progression I see is:
>
> unstable -> testing -> candidate -> stable

I like the spirit of this idea, although I'm sure the details need a lot of 
working over. (This could, but wouldn't need to *replace* releases--it 
could simply augment the release creation process.)

I'm interested to hear other's ideas on why this is/is not a good idea, and 
what technical/logistical hurdles would prevent this from being done.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgp3g2JDBTT46.pgp
Description: PGP signature

Re: Bug#308364: ITP: waste -- Software product and protocol that enables secure distributed communication for small trusted groups of users.

[Wesley J. Landaker]

On Friday 13 May 2005 06:09, Romain Beauxis wrote:
> Le Vendredi 13 Mai 2005 12:18, vous avez ÃcritÂ:
> > I took a quick look at the code and found it may require DFSG actions.
> >
> > http://cvs.sourceforge.net/viewcvs.py/waste/waste/license.cpp?rev=1.1&v
> >iew= auto that arrays are either the GPL license itself, backdoor code
> > (who knows, I didn't try to decode it) or some hashes of something.
> >
> > To me it seems it violates the GPL, the source code is not in a
> > changeable form.
> >
> > It is also a good place to hide backdoors when crackers get access the
> > the source code repository...
>
> Yep, when I see that:
> WASTE - license.cpp
> Copyright (C) 2003 Nullsoft, Inc.
> Copyright (C) 2004 WASTE Development Team
>
> Then that:
> //ADDED Md5Chap - THIS PART IS GPL LICENSE!!! TOUCH AND DIE!
>
> Followed by a full binary only array, I feel it like you: it might be a
> good place for a backdoor, given that TOUCH AND DIE seems very strange
> refering to GPL licence...

The license.cpp file creates a couple arrays, szGPL0 & szGPL1, which 
supposedly are a binary representation of the GPL license.

However, no matter what they represent, it's not really an issue (for 
changing, or for "backdoors"), as nowhere in any of the rest of the code 
does anything reference those arrays.

Probably a good idea to ask the upstream what's up with it, and have them 
remove or document it, but to make it out-of-the-question DFSG free, you 
could either ignore or remove these files with absolutely no ill effects to 
the program. (i.e. this is obvious via inspection, and just to be sure, I 
compiled it with the original code, and then with license.?pp deleted and 
#includes of the header removed from the three files it's referenced from, 
and got bit for bit binaries out).

-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpsoauOZrnbZ.pgp
Description: PGP signature

Re: Questions about waste licence and code.

[Wesley J. Landaker]

On Friday 13 May 2005 06:30, Steinar H. Gunderson wrote:
> On Fri, May 13, 2005 at 02:20:02PM +0200, Romain Beauxis wrote:
> > http://cvs.sourceforge.net/viewcvs.py/waste/waste/license.cpp?rev=1.1&v
> >iew=auto
>
> Has it ever occured to you that this might be the license text itself, in
> some compressed form?

In fact, that is what it is supposed to be, but even if not, the data is 
never used during compilation or runtime. Deleting the file and removing 
references to it yields bit-for-bit binaries vs. an original compile.

Still, the question for upstream is: why is this here? It's not actually 
used by the program.
-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpxUsySZ19xN.pgp
Description: PGP signature

Re: Changes to the weekly WNPP posting

[Wesley J. Landaker]

Hi Martin,

On Thursday 19 May 2005 10:28, Martin Michlmayr wrote:
> WNPP (Work-Needing and Prospective Packages) is an important part of
> our infrastructure used to discuss packages to be added to the archive
> and, in particular, to look for new or additional maintainers for
> existing packages.
[ . . . ]
> I have therefore decided to stop the weekly WNPP summaries to d-d-a
> and instead do the following:
>
>  - send the weekly posting to debian-wnpp instead of d-d-a
>
>  - only include new entries
>
> Finally, please note that I will go through the list of orphaned
> packages after sarge is out and will request removal of packages which
> have not been maintained for a long time.  Now is your chance to check
> whether you are using any of them.  Please visit
> http://www.debian.org/devel/wnpp/ for more information.

One suggestion might be to include both new entries, and entries that are 
about to be requested for removal. That seems like it might be useful. What 
do you think?

-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpmPCNVwGoFh.pgp
Description: PGP signature

Keysigning without physically meeting ... thoughts?

[Wesley J. Landaker]

Hi folks,

I wrote this up to someone. I thought I'd share it, and get your thoughts.
(e.g. anybody see any weaknesses in #1-#3 that *aren't* present in the 
typical meet, check ID, get GPG fingerprint, assuming #4 is always used 
afterwards?)

On Tuesday 31 May 2005 08:44, Wesley J. Landaker wrote:
> For instance, I don't know if this is officially acceptable or not, but I
> would probably be willing to sign someone's key even if I hadn't met them
> in person, if I got in the mail:
>
>   1) A picture of them holding a recent newspaper with their GPG
> fingerprint and signature written on it. (This would relate the person's
> face & signature with their GPG key, and verify that it's recent).
>  
>   2) A copy of an acceptable (probably government-issued, non-expired)
> picture ID. (This would relate the person's face with their "government"
> identity).
>
>   3) A signed, dated, and notarized statement saying something to the
> effect of "My name is __, my active e-mail that I control is
> [EMAIL PROTECTED], and the GPG fingerprint of my active key that I
> control and is not compromised is __. Attached to
> this statement is a picture of me with a newspaper dated ___ with the
> same GPG fingerprint, and a copy of my ___ photo ID, which I have
> shown to the undersigned notary. Signed __, notarized by
> ___." (Relates the date (which should be reasonably close to the
> time when the picture in #1 was taken--a few weeks at the most), their
> name, e-mail, and GPG fingerprint together by the statement, and the
> picture from #1, and with their "government" identity, as that is checked
> by the notary).
>
>   4) I'd sign the key, and send the updated key to the e-mail address
> given, signed by the GPG key with the fingerprint given. (Relates the
> e-mail address with the GPG key, as if they can't get the e-mail or
> decrypt the e-mail to get the signature, it effectively hasn't really
> been signed).

-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpTmKyVwiLKk.pgp
Description: PGP signature

Re: Keysigning without physically meeting ... thoughts?

[Wesley J. Landaker]

On Tuesday 31 May 2005 14:11, Andrew Suffield wrote:
> On Tue, May 31, 2005 at 09:03:12AM -0600, Wesley J. Landaker wrote:
> > I wrote this up to someone. I thought I'd share it, and get your
> > thoughts. (e.g. anybody see any weaknesses in #1-#3 that *aren't*
> > present in the typical meet, check ID, get GPG fingerprint, assuming #4
> > is always used afterwards?)
>
> Falsifying a government-issued ID is a criminal offence, regardless of
> how often it happens (using it to buy alcohol is not important; they
> simply raise the minimum age to compensate, so there's no need to
> enforce it there). Falsifying a random photograph is not illegal at
> all, and there is no reason why somebody wouldn't do it. Nothing here
> has verified their identity with any strength to speak of. A person
> who wants to generate an identity can do so with minimal effort and no
> repercussions - so why wouldn't they?

Right, but they have to get it notarized (or forge a notary's seal, which is 
a criminal offense, at least in the US) which requires government ID 
(again, at least in the US). 

Regardless, how is this different from meeting someone in person? They can 
just show me their fake ID--I won't know it's fake. (And, as you said, 
forged ID happens a lot and is easily available. =)

-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpwZ651ztwc2.pgp
Description: PGP signature

Re: Keysigning without physically meeting ... thoughts?

[Wesley J. Landaker]

On Tuesday 31 May 2005 20:48, Jacob S wrote:
> > Regardless, how is this different from meeting someone in person? They
> > can  just show me their fake ID--I won't know it's fake. (And, as you
> > said,  forged ID happens a lot and is easily available. =)
>
> So why bother with steps 1 & 2 when 3 is the only one that carries any
> weight? Maybe there is a good reason that I do not know of, but I can
> not think of any. I am genuinely curious, though.

The general idea was to be purposefully overkill--that if they were going to 
forge something, they'd have to forge a whole lot of it. 

Partly, this was in response to the (perceived(?)) guideline that you 
shouldn't ever sign someone's public key unless you've met them in 
person--I was trying to narrow down all of the links that were important 
(seeing the person's face, seeing their ID, seeing that the two match, 
knowing that it was actually the person I saw who has control of the key 
and that same person has control of their e-mail address, etc).

Barring something I just totally missed, I believe what I wrote up is at 
least as good at determining that a person is who they say they are as 
meeting in person and checking ID's. Obviously there are always the issue 
of forgeries, but I don't think this method is any *worse* in the respect. 
But I thought I'd give anyone interested a chance to bang at the idea, 
because I'm curious if someone else knows something I don't. =)

-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpCORrW0LTyO.pgp
Description: PGP signature

Re: Keysigning without physically meeting ... thoughts?

[Wesley J. Landaker]

On Wednesday 01 June 2005 04:52, Andrew Suffield wrote:
> > Right, but they have to get it notarized (or forge a notary's seal,
> > which is a criminal offense, at least in the US) which requires
> > government ID (again, at least in the US).
>
> A notary doesn't certify that the document you hand them is
> correct. All they certify is that you handed them this particular
> document on this particular date.

Well, the whole point is that they also certify that you are who you say you 
are, i.e. they check your ID.

> > Regardless, how is this different from meeting someone in person?
>
> The difference would be the deterrent effect. Without it, there's
> absolutely no reason why anybody wouldn't generate throwaway
> identities at whim.

There isn't really any more deterrent if they only one they show their fake 
ID to is me. Make ID, show it to me, dispose of ID afterwards.

Anyway, this has been an interesting thread, because what I am seeing is 
that there really isn't any reason why meeting physically is better at 
building a web-of-trust than alternate methods, if crafted thoughtfully. =)

-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpscM5aLpFYI.pgp
Description: PGP signature

Re: Keysigning without physically meeting ... thoughts?

[Wesley J. Landaker]

On Tuesday 31 May 2005 23:54, Marc Haber wrote:
> The entire procedure is quite US centric. I don't understand why you
> US guys are so fond of your notaries. Over here, it's a three digit
> bill for the notary to open the office door and to offer you a chair,
> so there might be cultures where one thinks twice or even three times
> before having something notarized.

Do you really mean the ENTIRE procedure, or do you just mean the notary? 
What would be a better way to replace that step for a global aware 
procedure? Or do you think it's necessary at all?

> Additionally, the web of trust is the web of trust because it is
> entirely self-contained, without putting any trust on government and
> state official. Your suggestion violates this principle by moving the
> verification state to the notary.

The web of trust's point is to be self-contained once it exists. It might 
need to bootstrap itself using other methods. For instance, it's already 
not self-contained by the above definition--because when you meet somebody, 
you don't just believe them when they say they are who they are, you make 
them show you some sort of ID, usually a government-issued one. 

Or do you think that when signing somebody's GPG key, one shouldn't ask for 
government issued ID, but use some other criteria? If so, I'm curious what 
a good protocol would be.

> Even if the notary were sufficiently advanced to offer PGP key signing
> with her official key this were not good enough for Debian, since the
> Debian web of trust explicitly relies on being self-contained. You'd
> need to have a DD notary, which at this point makes the signature
> valid because of the DD property, and being notary becomes irrelevant.

The notary was to make a connection between the person's "government" ID and 
their picture--the other parts were to connect the picture with the e-mail 
address and GPG key. If this were sufficient to determine that someone is 
who they say they are to about as good of an degree as meeting someone in 
person and checking their ID (even if both methods share weaknesses), I'd 
say that's a success. Wouldn't you?

-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpCbDrVZoFwk.pgp
Description: PGP signature

Re: Keysigning without physically meeting ... thoughts?

[Wesley J. Landaker]

On Tuesday 31 May 2005 23:54, Marc Haber wrote:
> The entire procedure is quite US centric. I don't understand why you
> US guys are so fond of your notaries. Over here, it's a three digit
> bill for the notary to open the office door and to offer you a chair,
> so there might be cultures where one thinks twice or even three times
> before having something notarized.

One thing I should mention, that others sort of alluded to. In the US, a 
notary is very inexpensive. For example, often if you have an account at a 
bank, you can have documents notarized there for free (as I can at my bank) 
or for a few dollars.

That said, I can only think of about 1 thing I've ever needed to have 
notarized in my life, so it's not like I'm "fond" of notaries--but they 
seem to fulfill their intended purpose.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpy683rbO8sp.pgp
Description: PGP signature

Re: And now for something completely different... etch!

[Wesley J. Landaker]

On Wednesday 08 June 2005 17:25, Matthew Palmer wrote:
> On Thu, Jun 09, 2005 at 01:13:16AM +0200, Javier Fernández-Sanguino Peña 
wrote:
> > to find their own (sometimes flawed) solution to a very common problem.
>
> Years using Linux: 10.
> Times I've absolutely needed an X-less boot when an XDM was installed: 0.

If you were really using Linux 10 years ago, you must have had some great 
hardware that you only ever booted into X, or you just never installed any 
XDM at all, instead of just running it when it was needed. X sucked up an 
enourmous amount of memory and resources on a 386 with a few megs of RAM, 
but it was a great way to run Mosaic. =)

> How common was that problem you were trying to solve, again?

Anyway, I'm not arguing for the defaults being either way, but just because 
it's not common for you, doesn't mean it's not common in general. 

I don't often customize runlevels very much, but usually the first thing I 
do when I install a Debian system is remove all the xdm's from 2 and 3 and 
add them to 5. I switch between those all the time on systems that are 
mostly lights servers but sometimes need to become desktops on the fly when 
an extra warm body shows up.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgp7PGcxAgner.pgp
Description: PGP signature

Re: Bits from the dpkg maintainer

[Wesley J. Landaker]

On Sunday 12 June 2005 14:05, Scott James Remnant wrote:
> The Wig & Pen ("Format: 2.0") source format is an evolutionary (rather
> than revolutionary) change to the current source package format.
> Brendan O'Dea's work on providing _unpack_ support has been integrated
> into dpkg-source.  Support for building these formats will be added as
> it matures and solidifies.
>
> Existing source packages ("Format: 1.0") are supported without
> modification.
>
> The basics of the new format are:
>
> * Multiple upstream tarballs are supported:
[...]
> * The "Debian Diff" may be replaced by the "Debian Tar":
[...]
> * Bzip2 compression is supported as an alternative to gzip.

As a practical matter, how soon will these really be supported in Debian? Is 
dpkg change all that is needed? i.e. Could I upload a new revision of a 
package that has multiple upstream tarballs, and a debian.tar.bz2 right 
now, or are there a lot of other things that have to change first?

-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgptV69LqTwng.pgp
Description: PGP signature

Urgency bug, or am I missing something?

[Wesley J. Landaker]

Hi folks,

I just uploaded a security fix to unstable, with high urgency. However, I got 
this response:

On Wednesday 02 August 2006 12:02, you wrote:
> Warning: high (security) is not a valid urgency; it will be treated as low
> by testing.
>
> Accepted:
> cheesetracker_0.9.9-6.diff.gz
>   to pool/main/c/cheesetracker/cheesetracker_0.9.9-6.diff.gz
> cheesetracker_0.9.9-6.dsc
>   to pool/main/c/cheesetracker/cheesetracker_0.9.9-6.dsc
> cheesetracker_0.9.9-6_i386.deb
>   to pool/main/c/cheesetracker/cheesetracker_0.9.9-6_i386.deb

The changes looks right:

> Format: 1.7
> Date: Wed,  2 Aug 2006 10:31:35 -0600
> Source: cheesetracker
> Binary: cheesetracker
> Architecture: source i386
> Version: 0.9.9-6
> Distribution: unstable
> Urgency: high (security)
> Maintainer: Wesley J. Landaker <[EMAIL PROTECTED]>
> Changed-By: Wesley J. Landaker <[EMAIL PROTECTED]>

And the "Urgency" field matches Debian policy 5.6.17, where it explicitly 
states: "It consists of a single keyword usually taking one of the values 
low, medium or high (not case-sensitive) followed by an optional commentary 
(separated by a space) which is usually in parentheses."

Is this a bug, or am I actually just missing something here?


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#381201: ITP: reniced -- renice running processes based on regular expressions

[Wesley J. Landaker]

On Wednesday 02 August 2006 15:15, Bart Martens wrote:
>  Instead of editing the scripts in /etc/init.d to give daemons the
>  nicelevel you want (and get prompted at every package update because
>  these files are conffiles) you can just run reniced once a day.

Wow, that sounds like an annoying bug just waiting to get reported! (Having to 
edit scripts in /etc/init.d is an exceptionally bad way to configure a 
daemon.)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: possible grave bug in debian-installer or ifupdown?

[Wesley J. Landaker]

On Sunday 17 December 2006 13:58, Bastian Venthur wrote:
> Two or three weeks ago I installed the current latest Debian/Testing on
> two different servers. Last week I had to reboot both and noticed that
> none of them appeared back in the network again. I checked them locally
> and noticed that on both boxes the network interface was not brought up.
> I issued:
>
>   # ifup eth0
>
> manually on both boxes but nothing happened. I checked
> /etc/network/interfaces on both boxes and noticed the following line:
>
>   allow-hotplug eth0
>
> after replacing it with
>
>   auto eth0
>
> the problem was fixed. Since I used a standard minimal installation on
> two different boxes, I wonder if this is a bug in d-i or ifupdown. So am
> I missing something obvious or do we have a grave bug?

It looks like something recent broke this. I can at least confirm it is 
happening on at least one of my boxes that was fairly recently installed 
with etch.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgp788JpGbtIr.pgp
Description: PGP signature

Re: db.debian.org (and related infrastructure) updates

[Wesley J. Landaker]

On Sunday 31 December 2006 05:16, Amaya wrote:
> Nicolas Boullis wrote:
> > What about gender? How is it specified?
>
> Currently it is a drop down that allows you to choose:
> - unspecified
> - male
> - female
>
> Which in my opinion reflects sex and not gender.
>
> I would rather have it as an input field where people can express their
> gender in the way they want to, as gender has little to do with
> biological sex, and there's more than two options for it.

I think if someone *really* doesn't want to put "male" or "female" they can 
just put "unspecified".

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpYjofJccq4i.pgp
Description: PGP signature

Re: possible problem with ftp.us.debian.org

[Wesley J. Landaker]

On Saturday 06 January 2007 15:31, Nikita V. Youshchenko wrote:
> later - the md5sum mismatch errors started some weeks ago and do happen
  ^

Months; I've had to switch 10's of clients to use ftp.debian.org instead 
since I've been getting intermittant problems like this with 
ftp.us.debian.org since ~ October last year.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpfON22PpUUu.pgp
Description: PGP signature

Bug#374373: ITP: googleearth-package -- utility for automatically building a Google Earth Debian package

[Wesley J. Landaker]

Package: wnpp
Severity: wishlist
Owner: "Wesley J. Landaker" <[EMAIL PROTECTED]>

* Package name: googleearth-package
  Upstream Author : Wesley J. Landaker <[EMAIL PROTECTED]>
* URL : (native package)
* License : GPL
  Description : utility for automatically building a Google Earth Debian 
package

Google Earth is a great program now available for GNU/Linux, but sadly
is both non-free and non-distributable. For those who wish to run it on
their Debian system, but wish it to be managed by the normal Debian
packaging system, this program will assist in building a local Debian
package in a similar fashion to java-package. This package *itself*
contains absolutely no code from Google and is 100% free. (For the
curious, this is appropriately destined for contrib.)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#374373: ITP: googleearth-package -- utility for automatically building a Google Earth Debian package

[Wesley J. Landaker]

Joe Smith wrote:
> Is this really needed? Google was very careful in making sure that the
> package installs in /usr/local, and does not interfere with the
> system. Normally the main reason why a debian package is better than
> what upsteam distributed is because using upstreams packages will mess
> with stuff it should not touch.
Well, it doesn't install in /usr/local (by default, you can get it
there) but in a user's home directory. Actually, perhaps if you run it
as root it will pick /usr/local by default, but I didn't try that (I
don't usually run things as root, even stuff from Google).
> Google Earth takes care of its own updates by prompting the user, and
> allowing them to download and run the new installer (or at least it
> does on windows, and I can't imagine why the linux version would not).
> Needing to use a *-package utility prevents automatic updates anyway,
> and does not simplify installation much if any. So the only real
> advantage would seem to be that it would make Google Earth easier to
> uninstall. Well I guess it simplifies pushing updates out to a bunch
> of workstations, but in most cases users should just download the the
> .bin and run it.
Apparently, the "easier to uninstall" is a bigger deal to me than it is
to you. So this utility may not be for you.

There has only been one version out for GNU/Linux as far as I'm aware,
so I'm not sure anyone knows exactly how the updater works. Seeing how
their software is packaged, I actually don't see any way that the
Debianized version would break updates if run as root (which would have
to be the case anyway unless every user has their own version) but
personally I don't like programs that try to update themselves outside
of package management.

Anyway, there are a few advantages:
  * Once you've made the package, you can install on multiple machines
easily.
  * It's much cleaner, as you have a managed Debian package to
install/uninstall.
  * In-program updates are optional (run as root and do them, or don't).
  * If you don't like doing it this way, nobody is going to make you do
it. =)

But the most important one of all is: I've found it useful, I've got it
working[1], and I'd like to give others an opportunity to use it if they
want to.

[1] (almost working--I'm still tweaking it a bit, since I've only been
working on it for a few hours)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#374373: ITP: googleearth-package -- utility for automatically building a Google Earth Debian package

[Wesley J. Landaker]

Paul Wise wrote:
> On Sun, 2006-06-18 at 23:56 -0400, Joey Hess wrote:
>   
>> Wesley J. Landaker wrote:
>> 
>>> But the most important one of all is: I've found it useful, I've got it
>>> working[1], and I'd like to give others an opportunity to use it if they
>>> want to.
>>>
>>> [1] (almost working--I'm still tweaking it a bit, since I've only been
>>> working on it for a few hours)
>>>   
>> Does it use the loki installer as I read somewhere? I had been
>> considering possibly adding loki support to alien as a package format
>> (without generation support), which might be a nicer general solution.
>> 
>
> It uses makeself as the wrapper format (shell script+tar.bz2):
>
> http://packages.debian.org/unstable/utils/makeself
>
> Inside that is a setup.sh, which runs setup.gtk/gtk2, running strings -a
> on those files gives some loki_* functions, looks like it is using the
> loki system. The app itself seems to reside in 2 tarballs (data and
> program).
>
>   

Well, having a unified installer that supported lots of stuff, including
Google Earth, would be nice, and could possibly depricate this package.
But for now, I've finished the first version of this utility that just
packages Google Earth and just uploaded it.

The package includes the following niceities:
  * Makes a nice, clean googleearth package with no interaction
  * Installs things in the normal, proper FHS places
  * Does the menu entry and MIME registration the Debian way
  * Dependencies are set correctly, including shlibdeps and fonts
  * Installs the upstream license into the standards Debian spot
  * Can use a pre-downloaded version, or can attempt to download
automatically

And the following rough edges:
  * It spews a lot of output to the screen while building
  * It uses more diskspace during build than is strictly necessary
  * The package it generates could use some minor improvements

Anyway, the standards "it-works-for-me" applies, but I've tested it on
both etch and sid with no problems. Patches and helpful suggestions are
welcome.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: About NM and Next Release

[Wesley J Landaker]

On Friday 08 August 2003 10:59 am, Andrew Suffield wrote:
> On Fri, Aug 08, 2003 at 10:32:07AM -0600, Joel Baker wrote:
> > Funny. I thought the FSF was, at least origionally, more or less
> > entirely about self-interest, altruism, and politics.
>
> The organisation might have been founded for those reasons, although
> I think it was primarily politics. I don't think you'll find much (if
> any) GNU code that was written because of them. Most of it was
> written because "I need a foo. I don't *have* a foo, but I *do* know
> how to make one".

Eh?! The FSF is *all* about altruism and politics. 

See http://www.fsf.org/philosophy/philosophy.html
particularly http://www.fsf.org/gnu/manifesto.html

If you haven't, listen to the free software song: 
http://gnuwww.epfl.ch/music/free-software-song.html

The FSF and the GNU project is all about ideals, politics, altruim, 
self-interest, helping your neighbor, etc. If there are people who 
contribute to it that DON'T believe in those things, well, that's their 
choice, but it doesn't change what the project is all about.

> > So tell us - why *do* people write free software?
>
> I write software because I can, and I release it as free software
> because that makes it better over time. Others will vary (I'm not in
> the mood for writing an essay on the subject).

While most software might be written because you have an itch to 
scratch, that doesn't explain why people give it away as free software.

I release all software I create as free software of the common 
philosophical beliefs that I share with the FSF. Simply put: If I make 
something cool for myself, I want to share it so that other people can 
enjoy it too. I'm nice. I like to share. I want to help people. And 
change the world while I'm at it.

-- 
Wesley J. Landaker - [EMAIL PROTECTED]
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2



pgpKy6Sc95xcx.pgp
Description: signature

Re: (no subject)

[Wesley J. Landaker]

On Saturday 23 July 2005 23:29, Manoj Srivastava wrote:
> On Sat, 23 Jul 2005 11:16:08 -0700, Daniel Burrows <[EMAIL PROTECTED]> 
said:
> > On Friday 22 July 2005 10:00 pm, Ryan Schultz wrote:
> >> For -devel... does anyone know why this list receives so many
> >> questions about [REDACTED]?
> >>
> >> [long list of links into -devel archives]
> >
> >   Because you just told Google that we're a good source for
> >   information about
> > you-know-what :P.
>
> We know everything that can be known about Voldemort?

Voldemort, who's that? Oh yeah, I think he's the composer of dueling 
banjos... ;)

-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpfCogfJCGwW.pgp
Description: PGP signature

Re: please fix your RC bugs

[Wesley J. Landaker]

On Sunday 31 July 2005 00:19, Andreas Barth wrote:
> we currently have almost 800 RC bugs in etch due to small glitches that
> started to make code FTBFS with the new gcc version.
>
> It is urgently necessary that maintainers start to fix their own
> packages, and that whoever has some time at their hands, NMU such
> packages.

A lot of that is waiting on the C++ ABI transition, and dependencies. And if 
you NMU, please make sure you know what you're doing and read the bugs in 
question, so that you are not hurting more than you help.

I don't want to rant, but since you are urging NMUs and apparently doing 
them yourself. Your recent NMU of cheeesetracker compiled it against two 
C++ ABIs; you could avoided this if you read the bug report and my 
response. Also, always contact the maintainer first, and use a delayed 
upload queue. You did neither of these when NMUing cheesetracker.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpHPESKi7nx2.pgp
Description: PGP signature

Re: please fix your RC bugs

[Wesley J. Landaker]

On Sunday 31 July 2005 08:22, Wesley J. Landaker wrote:
> I don't want to rant, but since you are urging NMUs and apparently doing
> them yourself. Your recent NMU of cheeesetracker compiled it against two
> C++ ABIs; you could avoided this if you read the bug report and my
> response. Also, always contact the maintainer first, and use a delayed
> upload queue. You did neither of these when NMUing cheesetracker.

BTW, I apologize if this came off sounding like a personal attack; I know 
Andreas meant well, and we all make mistakes. Sorry for getting upset at 
you, Andreas!

But please, everyone, please be careful and considerate when you 
NMU--especially during this C++ ABI transition, or it'll just make things 
longer and harder. =)

-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpkxIWGqZtPU.pgp
Description: PGP signature

Re: Bruce Perens hosts party at OSCON Wednesday night

[Wesley J. Landaker]

On Tuesday 02 August 2005 18:13, Bruce Perens wrote:
> Oh my goodness, Adam. If I wanted to advertise, I'd ask the DPL for some
> freebies. I must merit them by now.
>
> The fact is, some people there might really want to see me. Some of them
> are even my friends. And it happens that I have to be at this party for
> work, and my employer will pay for anyone who brings a resume. Free
> beer, as they say.
>
> But if the consensus of the other folks on debian-devel is that this
> message did not belong there, I will apologize and withdraw it.

FWIW, I didn't think it was out of line. I thought, "wow, that'd be cool to 
go meet Bruce; too bad I'm not in that area."

-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpXJz7WCqEe4.pgp
Description: PGP signature

Re: [OT] FTPmasters (again)

[Wesley J. Landaker]

On Wednesday 31 August 2005 04:58, Steinar H. Gunderson wrote:
> On Wed, Aug 31, 2005 at 01:46:54PM +0300, Yavor Doganov wrote:
> > In fact it is a GNU distribution, it used to be GNU/Linux distribution,
> > now we can call it simply GNU (given the fact that both hurd and
> > kfreebsd-gnu are rocking and under active development). "Linux
> > distribution" is just wrong (and rather annoying).
>
> Can we please discuss this when we actually have a release with something
> not Linux as the kernel? :-)

That and--it will make most of us cringle--when other kernels are popular, 
you'll hear lots of stuff like:

"Hey, what Linux do you use?"
"Hurd, man."
"That's cool, I use FreeBSD."
"Debian rocks with all these kernels."
"Yeah, that's why I love Linux."

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgp4jMwgCzu0g.pgp
Description: PGP signature

Re: To Linux or not to Linux

[Wesley J. Landaker]

On Wednesday 31 August 2005 09:49, Yavor Doganov wrote:
> On Wed, 31 Aug 2005 07:35:23 -0600, Wesley J. Landaker wrote:
> > That and--it will make most of us cringle--when other kernels are
> > popular, you'll hear lots of stuff like:
>
> The reason for calling it GNU (ok, GNU/Linux as the the other ports are
[...]
> By calling it simply "Linux" you mislead the people -- they will know
[...]

Which was kind of my point; Linux is already a term that has been overloaded 
far too much, so we should be careful in our naming if we want to avoid 
dialogs like the one I made up from becoming more of reality than they 
already are. =)

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpzueyN9To6x.pgp
Description: PGP signature

Re: To Linux or not to Linux

[Wesley J. Landaker]

On Wednesday 31 August 2005 17:29, Marc 'HE' Brockschmidt wrote:
> That's why I don't care if we call our distribution Debian Linux, Debian
> GNU/Linux, Debian GNU or Debian GNU/kFreeBSD (I mean, we provide the
> usual GNU userland for it, right?)

Another interesting point is that if we lambaste people for using "Linux" to 
refer to free operatings systems based on most of GNU, and Linus' kernel, 
we also ought to be careful what we call "GNU", since if you, for instance, 
run Debian, and you say, "I run nothing but GNU" (implying you don't use 
other popular operating systems like FreeBSD, MS Windows or Mac OSX) you're 
just as innaccurate as if you said, "I run nothing but Linux" (implying the 
same thing). 

I see a lot of push for "It's not Linux, it's GNU!"; but that isn't really 
any more accurate, unless you *really are* running GNU. Just something to 
think about. =)

(Personally, I'm usually happy to just call it "Debian" when promoting it's 
use -- we'd still be Debian even if we replaced all GNU software with 
alternative implementations.)

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpqxxGVzKEqd.pgp
Description: PGP signature

Re: Standardizing ~/.cache/ and similar things.

[Wesley J. Landaker]

On Sunday 18 September 2005 17:43, Faré wrote:
> Dear Debian developers,
>
> here is a proposal I submit for inclusion in the debian policy:
>
> PROPOSAL 1: ~/.cache/${package_name}/
> All packages that keep a per-user directories caches of data that need
> not be archived/backed up should put it in ~/.cache/${package_name}/
> instead of wherever they put it currently.

Given PROPOSAL 3 below, shouldn't this be ~/.var/cache or something like 
that?

> PROPOSAL 3: ~/.run/ ~/.lib/ ~/.share, etc.
> Programs that insist to install stuff in the user's directory (such as
> openoffice, gimp, etc.), or that have runtime files (such as emacs'
> .saves-*) should put this stuff in a proper hierarchy that mirrors the
> categories of the FHS, only on a per-user basis. This will help
> administration of per-user installed stuff in the same way that the
> FHS helps with machine-global installed stuff.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpjeitVu6BP0.pgp
Description: PGP signature

Re: localhost.localdomain

[Wesley J. Landaker]

On Thursday 06 October 2005 14:02, Henrique de Moraes Holschuh wrote:
> On Thu, 06 Oct 2005, Joey Hess wrote:
> > FWIW, it was done as a result of bug #247734, which includes details on
> > how every possible choice seems to break something and the reasoning
> > that led to the current choice.
>
> I read that bug report VERY carefully. Twice. There is *nothing* there
> that seems to have been fixed/addressed by .localdomain, except maybe a
> DNS timeout in Pierre's machine.  Everything else deals with the
> hostname.

FWIW, I completely agree with Henrique here (and pretty much in all past 
messages in this thread)--I also read that bug report VERY carefully, and I 
do not see how adding .localdomain had anything to do with the resolution 
of that bug.

I believe that localhost.localdomain should be removed, as it is both 
unnecessary and arbitrary.

> Or am I getting confused and d-i uses localhost.localdomain as the
> default hostname, and say, if I had told it that my machine is named
> "twerk", domain "foo.bar" I would get a
>
> 127.0.0.1 twerk.foo.bar twerk localhost
>
> entry in /etc/hosts?
>
> That would explain a lot...  but still make such a "fix" quite a bad
> idea.

No, on all of my sarge and sid machines the entry looked like:

127.0.0.1 localhost.localdomain localhost foobar

Where foobar was the name I gave during the install process.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpBYGTLWzRBg.pgp
Description: PGP signature

Re: Effort to change IETF's copying conditions for RFCs

[Wesley J. Landaker]

On Thursday 06 October 2005 06:57, Simon Josefsson wrote:
> Hi everyone!
>
> I know the copying conditions of IETF RFC's has been a concern for
> Debian in the past, and that the RFCs has been removed from the
> official archive (?), so I thought this would be of some interest to
> you.  I am trying to influence the IETF to change the copying
> conditions on RFCs to make them more free software friendly.

This would be great to get this clarified, as I believe the RFCs were always 
intended to be available for unlimited distribution. I totally support 
lobbying to get the the IETF to make it clear. =)

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgp6JtxZjRsmR.pgp
Description: PGP signature

Re: localhost.localdomain

[Wesley J. Landaker]

On Friday 14 October 2005 02:47, Thomas Hood wrote:
> OK, I have modified netcfg so that it writes
>
> 127.0.0.1 localhost
>
> to /etc/hosts.

Thank you! Yay for purging ugly non-standardness! =)

> From now on let's consider at least the following two phenomena to be
> bugs:
>
> * The application expects to be able to resolve 'localhost.localdomain'
>   to an IP address.
> * The application breaks if 'localhost.localdomain' is included on the
>   127.0.0.1 line in /etc/hosts.

Yes, I totally agree here. =)

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgplsRX5lyUm5.pgp
Description: PGP signature

Re: Proposed MBF: Debian upstream version higher than watch file-reported upstream version

[Wesley J. Landaker]

On Sunday 17 February 2008 13:41:34 Raphael Geissert wrote:
> If nobody objects I'll start filling (in an automated way since there are
> no false positives) reports on the 307 source packages which report a
> Debian upstream version higher than Upstream version by the watch file.

I don't know what you mean by "there are no false positives". My ghdl 
package you mention is a false positive, for one.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


signature.asc
Description: This is a digitally signed message part.

Re: A dream of the Debian-logo

[Wesley J. Landaker]

On Saturday 07 June 2008 11:44:42 József Makay wrote:
> This picture is a dream of the Debian-logo in the future...

Very cool looking!

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


signature.asc
Description: This is a digitally signed message part.

Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository

[Wesley J. Landaker]

On Saturday 21 June 2008 11:38:07 Roberto C. Sánchez wrote:
> On Sat, Jun 21, 2008 at 07:34:59PM +0200, Holger Levsen wrote:
> > Hi,
> >
> > On Saturday 21 June 2008 15:52, Alexander Wirt wrote:
> > > I'm still not that sure if its a good idea to add a non-offical
> > > debian repo keyring into the archive...
> >
> > Nobody is forced to install it?!
> >
> > And AFAICS we regulary recommend backports.org to users, who need newer
> > software. So I think it should be in.
>
> But backports.org is still unofficial.  If it were permitted, then what
> would happen when other unofficial repository maintainers want to
> package their repository keyrings?  Will those be allowed or disallowed?

Maybe a common, group maintained, debian-unofficial-keyring package?

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


signature.asc
Description: This is a digitally signed message part.

Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository

[Wesley J. Landaker]

On Sunday 22 June 2008 12:08:30 Adam Majer wrote:
> AFAIK, we do not distribute "things", we distribute *software*. Some
> packages are just composed of data though, but other packages depend on
> it. Some is just data that is very useful in the *Debian* project. This
> includes the keyring.
>
> Certainly, the backports.org keyring is useful to some people, *but* it
> is,
>
>   1. not free software

Actually, how are debian-keyring and debian-archive-keyring free-software, 
anyway? Do I get source code for the all GPG keys they contain? 
The /usr/share/doc/debian-keyring/copyright even says "The keys in the 
keyrings don't fall under any copyright." Ops!

Maybe there are other reasons, but let's not pretend we're keeping 
debian-backports-keyring out because it's not "free software".

(Personally, I think all keyrings are fine.)

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


signature.asc
Description: This is a digitally signed message part.

Re: RFC: use readable $(cmd) syntax instead of unreadable `cmd`

[Wesley J. Landaker]

On Friday 09 February 2007 11:11, Jari Aalto wrote:
> I have reported bugs against backtick and suggested to change to use
> the more readable alternative. The result was surprising. To quote
> one message (bug closed reasoning):
>
>  "If your development environment cannot display ` differently than '
> , you need to get a new one."
>
> I'm askinf if it is ok to to reopen such bugs based of better QA
> aspects. Possibly by providing patches if the maintainer is busy
> elsewhere to handle such a "minor issue" from his perspective.

IMHO:

I would be happy to see bugs against my own packages that *clearly* 
increased usability and readability of code, as long as they included 
tested, working, patches.

But a bug that asks to change coding style just for the sake of style or 
preference of someone who isn't even working on the software at all 
wouldn't be as welcome.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgp4G9FHG0Kbc.pgp
Description: PGP signature

Re: Handling of (inactive) Debian Accounts

[Wesley J. Landaker]

On Sunday 11 February 2007 03:57, Joerg Jaspert wrote:
>   - miss the WaT mail. Even if you are on vacation for a long time, I
> guess it wont be 3 weeks (vote) plus one or two months (WaT mail
> timeout), and dont you read your backlog when you come back?

What about if the WaT mail is rejected (e.g. as spam) for some reason? 
Perhaps unlikely, but just in case it would be nice if the WaT status was 
available somewhere online (e.g. perhaps under db.debian.org).

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpUwMewevVyk.pgp
Description: PGP signature

Re: LSB init scripts

[Wesley J. Landaker]

On Friday 04 May 2007 05:53:39 Marc Haber wrote:
> >I think that would give you the best of both worlds, particularly if
> > it's combined with logging so that the *full* output, without any
> >prettification, goes into a file on disk somewhere.
>
> Agreed, with the option of having the whole blurb on the console for
> debugging just in case that the box does not come up cleanly.

Or, having the option to have the main vt console come up with nice, 
minimal, terse output, and have full output spit to a different console 
(e.g. vt12).

(I've actually set up a few of my systems manually to do something similar, 
like have different syslog levels/types go to vt10, vt10, and vt12, since 
those are rarely used for anything else.)

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpU7OKC6VAYL.pgp
Description: PGP signature

Re: Bug#422137: ITP: 09F911029D74E35BD84156C5635688C0 -- l33t h4x0r numb3r

[Wesley J. Landaker]

On Friday 04 May 2007 11:59:20 Roger Leigh wrote:
> Federico Di Gregorio <[EMAIL PROTECTED]> writes:
> > Il giorno ven, 04/05/2007 alle 10.59 +0200, Stefano Zacchiroli ha 
scritto:
> >> On Fri, May 04, 2007 at 10:32:45AM +0200, Christoph Haas wrote:
> >> > Very good idea. Although the number 09F911029D74E35BD84156C5635688C0
> >> > might look simple it's probably not a good idea to hardcode any
> >> > number like 09F911029D74E35BD84156C5635688C0 into applications.
> >> > Abstracting
> >>
> >> So you're proposing to rename the proposed package name to
> >> "lib09F911029D74E35BD84156C5635688C0"?
> >
> > libnumb3rs0? we can bump the soname when the ABI changes, i.e., when an
> > old number is removed from the library or a new one added. :)
>
> Policy §8.1 would suggest lib09F911029D74E35BD84156C5635688C0-1.

Well, since it would be nice to have a console tool 
(i.e. /usr/bin/09F911029D74E35BD84156C5635688C0) to print out this number 
for use in shell scripts, as well as having bindings for scripting 
languages, I'd like to see this split out into several binary packages at 
least:

lib09F911029D74E35BD84156C5635688C0-1
lib09F911029D74E35BD84156C5635688C0-dev
09F911029D74E35BD84156C5635688C0-tools
lib09F911029D74E35BD84156C5635688C0-ruby
lib09F911029D74E35BD84156C5635688C0-perl
lib09F911029D74E35BD84156C5635688C0-python
lib09F911029D74E35BD84156C5635688C0-lua
...etc...

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgppOR37oGjzq.pgp
Description: PGP signature

Re: LDAP breaks kcheckpass when not setuid root (#298148)

[Wesley J. Landaker]

On Friday 04 May 2007 05:23:17 Christoph Haas wrote:
> libpam-ldap (optionally) people who lock their screen in KDE will not be
> able to unlock the screen and may (like me) lose data because they
> finally give up and Ctrl+Alt+Backspace. :( It turned out that unlocking

Unrelated to your *actual* problem, but I've had a stuck screensaver before 
and important data I didn't want to kill, so I know the feeling:

If you get stuck like this again, you can switch to a text console w/ 
Ctrl+Alt+F1, log in as root, and do a "killall -9 kdesktop_lock".

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpAzhGJvOQoi.pgp
Description: PGP signature

Re: LDAP breaks kcheckpass when not setuid root (#298148)

[Wesley J. Landaker]

On Friday 04 May 2007 12:34:23 Wesley J. Landaker wrote:
> On Friday 04 May 2007 05:23:17 Christoph Haas wrote:
> > libpam-ldap (optionally) people who lock their screen in KDE will not
> > be able to unlock the screen and may (like me) lose data because they
> > finally give up and Ctrl+Alt+Backspace. :( It turned out that unlocking
>
> Unrelated to your *actual* problem, but I've had a stuck screensaver
> before and important data I didn't want to kill, so I know the feeling:
>
> If you get stuck like this again, you can switch to a text console w/
> Ctrl+Alt+F1, log in as root, and do a "killall -9 kdesktop_lock".
         

(Or as yourself, actually.)

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpHTcGzKeNf6.pgp
Description: PGP signature

Re: Are popcon stats per package and arch possible?

[Wesley J. Landaker]

On Sunday 06 May 2007 05:07:48 Michael Hanke wrote:
> But sometimes upstream does not agree.
>
> Nevertheless, when they say, 'we provide binaries for Linux', they always
> mean i386 Linux with everything linked statically to a huge binary blob.
>
> I'd really like to be able to provide some hard numbers about users of
> similar packages (same field or a direct competitor) running it on
> arches different from i386.

Worse, it's usually *called* a "static" binary in their download list, but 
running ldd on it shows it actually depends on specific versions of twelve 
different libraries only found in an old development build of Fedora. ;)

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpAPu2DIzgem.pgp
Description: PGP signature

Re: svn-buildpackage etc., mergeWithUpstream, and dpatch/quilt/cdbs again

[Wesley J. Landaker]

On Thursday 17 May 2007 05:12:52 Magnus Holmgren wrote:
> On Wednesday 16 May 2007 14:52, Marcus Better wrote:
> > Magnus Holmgren wrote:
> > > Now, how do you combine these? Several people have thought: "The VCS
> > > can handle the changesets. Putting patches under VCS is silly!"
> >
> > I fully agree. Unfortunately Subversion doesn't make it easy for you.
> > You can keep your "patches" in different "feature branches", but it
> > gets messy since Subversion doens't keep track of merges.
>
> Is there any fundamental misdesign in Subversion that prevents that from
> being implemented somewhere in the future?

No, merge tracking has been in the Subversion roadmap for a long time, but 
has been lower priority than other things. However, merge tracking is now 
one of the highest priorities. Basic merge tracking is scheduled to be in 
the next release; more enhancements will follow.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpe1ImNx2h76.pgp
Description: PGP signature

tool to turn redundant files into symlinks

[Wesley J. Landaker]

Hi folks,

For a package problem I'm trying to solve (#414422), it would be nice to 
have a tool that could find duplicate files (ala fslint[1] or fdupes[2]) 
and turn them into symlinks.

I could create something that does this just for this package, but does 
anyone know of such a pre-existing tool in Debian?

[1] AFAICT fslint can do hardlinks, but not symlinks.
[2] fdupes lists duplicate files, but does not take any action.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpQKVP9iqSJv.pgp
Description: PGP signature

Re: tool to turn redundant files into symlinks

[Wesley J. Landaker]

On Monday 21 May 2007 00:16:13 Philipp Matthias Hahn wrote:
> On Sun, May 20, 2007 at 07:42:56PM -0600, Wesley J. Landaker wrote:
> > For a package problem I'm trying to solve (#414422), it would be nice
> > to have a tool that could find duplicate files (ala fslint[1] or
> > fdupes[2]) and turn them into symlinks.
>
> If hardlinks are okay too, see the "perforate" package (I find this
> package hard to find, since the name is somewhat misleading). It's
> written in Perl.

Well, thanks, I didn't know about this one. But, it does really *have* to be 
symlinks. I've found a few other tools that do hardlinks. =)

Anyway, if there isn't something that already does it, I can probably just 
parse the output of one of these programs and do the symlink replacement 
myself.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


pgpOQAWHtYT3d.pgp
Description: PGP signature

Re: tool to turn redundant files into symlinks

[Wesley J. Landaker]

On Monday 21 May 2007 23:51:24 Klaus Ethgen wrote:
> Hi Weskey,
>
> Am Di den 22. Mai 2007 um  0:53 schrieb Wesley J. Landaker:
> > > If hardlinks are okay too, see the "perforate" package (I find this
> > > package hard to find, since the name is somewhat misleading). It's
> > > written in Perl.
> >
> > Well, thanks, I didn't know about this one. But, it does really *have*
> > to be symlinks. I've found a few other tools that do hardlinks. =)
>
> I am the author of perforate. Well I rewritten it from scratch as the
> original tool had some flaws.
>
> It is very easy to add a option for symlinking. But there is a little
> problem deciding which of the files should be the symlink and which the
> original. With hardlinks this is not the problem as after hardlinking
> the files together there is no different between them.

In my case, it could be arbitrary and it would be fine. But it might be a 
good idea to always sort by directory hierarchy (i.e. always either prefer 
to symlink either up or down a directory tree).

> > Anyway, if there isn't something that already does it, I can probably
> > just parse the output of one of these programs and do the symlink
> > replacement myself.
>
> That would be the other way. finddup can print out the double files.

One issue I have with both finddup and fdupes, is they both don't quote 
their output very sanely; or at least, in not in a particularly easy manner 
for parsing (I can do it with a lookbehind regex).

For example:
$ finddup .
2 './file with spaces' './file1' './file with (parens)' './file with a
newline' './file2' './file with 'ticks'' './file with "quotes"'
$ fdupes -1 .
./file1 ./file\ with\ a
newline ./file\ with\ "quotes" ./file\ with\ 'ticks' ./file\ with\ 
(parens) ./file\ with\ spaces ./file2

I would LOVE it if it would shell quote the output or something... or if 
there was a -0 option to delimit things with nulls... or something that 
could make it work reliably with any filename

Anyway, sounds like maybe I should file some wishlist bugs. =)

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


signature.asc
Description: This is a digitally signed message part.

Re: A sane guess at default Debian mirror for pbuilder

[Wesley J. Landaker]

On Sunday 27 May 2007 09:25:50 Junichi Uekawa wrote:
> After 6 years or so of setting ftp.jp.debian.org as default for
> pbuilder, I'm finally determined that it shouldn't stay like this.  So
> I'd like to have some default guessing to happen.  Preferably I don't
> want to ask via debconf, since users should have already answered the
> question at installation-time.
[...]
> debootstrap:
>   uses ftp.debian.org as default mirror.

debconf questions aside, I think ftp.debian.org is a much saner *default* 
than ftp.jp.debian.org. I've always wondered where the later silly default 
came from. =)

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


signature.asc
Description: This is a digitally signed message part.

Re: Using standardized SI prefixes

[Wesley J. Landaker]

On Monday 11 June 2007 15:10:24 Hendrik Sattler wrote:
> Am Montag 11 Juni 2007 22:15 schrieb Josselin Mouette:
> > Le lundi 11 juin 2007 à 15:25 -0400, Joey Hess a écrit :
> > > > You seem to fancy the K-is-1024--k-is-1000 convention
> > >
> > > No, I hate that convention. K and k should only ever refer to 1024.
> >
> > /me waits for the day measuring jugs are graduated in powers of two,
> > just to please a group of hackers who don't like SI units.
>
> And you have to change their world in an useless atempt?
> Abbreviations are ambiguous by design. Who actually says that KB means
> kilobyte?

Well, in SI units, KB never means kilobyte, and is not ambiguous at all; 
it's a kelvin·bel. 

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


signature.asc
Description: This is a digitally signed message part.

Re: Using standardized SI prefixes

[Wesley J. Landaker]

On Tuesday 12 June 2007 01:48:27 Josselin Mouette wrote:
> > Why do you think that the marketing materials for most hard drives
> > include the note that 1 GB = 1 000 000 000 bytes?
>
> Maybe because they are sold in the US, one of the 3 countries where SI
> units are not standard?

Even in the US all legitimate science and engineering is done in SI units.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


signature.asc
Description: This is a digitally signed message part.

Re: Using standardized SI prefixes

[Wesley J. Landaker]

On Monday 11 June 2007 22:57:00 John H. Robinson, IV wrote:
> It does solve a real problem. It solves an ambiguity. Does k mean 1000
> or 1024? Does M mean 100 or 1048576?
>
> Answer: k mean 1 000
> ki means 1 024
>   m means 1 000 000
>   mi means 1 048 576
>
> No more ambiguity.

Except, don't forget that prefixes are case-sensitive. "ki" and "mi" aren't 
correct binary prefixes, and "m" means milli.

Instead you want "k", "Ki", "M" and "Mi" above.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


signature.asc
Description: This is a digitally signed message part.

Re: Using standardized SI prefixes

[Wesley J. Landaker]

On Wednesday 13 June 2007 14:03:51 Lionel Elie Mamane wrote:
> On Tue, Jun 12, 2007 at 05:33:12PM -0600, Wesley J. Landaker wrote:
> > Even in the US all legitimate science and engineering is done in SI
> > units.
>
> Suurre... That's why in 1999 the NASA Mars orbiter didn't crash
> because one (NASA) team worked in metric units and the other (private
> contractor) in imperial units.

I am happy to very brutally assert that the team who didn't use SI was not 
doing legitimate science or engineering. But whether it's from unskilled 
employees or bad management, it's quite unfortunate. =(

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


signature.asc
Description: This is a digitally signed message part.

Re: Using standardized SI prefixes

[Wesley J. Landaker]

On Saturday 16 June 2007 04:43:53 Josselin Mouette wrote:
> Le vendredi 15 juin 2007 à 17:36 -0400, Ivan Jager a écrit :
> > Yes. Any time the unit is bytes. There is even a standard for it.
>
> I must have missed that one. Could you point us to this standard?

I too would love to see that standard.

Well, there is IEEE 1541, and it does mention bits and bytes. But ... oh 
wait! It also says to use binary prefixes appropriately, and that SI 
prefixes *must not* be used to indicate binary multiples. 

Then there is IEC 60027-2 ... oh, yeah, binary multiples.

There are a few others, like ASTM SI-10. They all say the same thing. SI 
prefixes always have their normal, powers of 10, meaning.

All these standards are from almost 10 years ago.

Okay, let's look at a really *old* standard, ISO 31: ah, it ALSO says SI 
prefixes *always* mean powers of ten. If you want to do powers of two, you 
are supposed to use the prefix with a subscript 2. Note that this standard 
is being revised and combined with IEC 60027 to be ISO/IEC 8, and will 
then agree with the others cited above.

So basically, IEEE, IEC, ISO, ASTM, have all standardized things, the same 
way, that SI prefixes always have their SI meaning, even in the context of 
bits and bytes. This has actually been done, in practice, by 
standards-aware scientists and engineers for more than 15 years, who have 
used ad-hoc binary prefixes when necessary. Standardized binary prefixes 
only make things more clear and less ambiguous, and have now been around 
for almost 10 years.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


signature.asc
Description: This is a digitally signed message part.

Re: Using standardized SI prefixes

[Wesley J. Landaker]

On Wednesday 20 June 2007 08:28:33 Michelle Konzack wrote:
> I am sitting on my line but does this mean we sould use
>
>  2B
> k2B   => kilo Byte with power of 2
> M2B   => Mega Byte with power of 2
> G2B   => Giga Byte with power of 2
> T2B   => Tera Byte with power of 2

No, we should use kB = 1000 B and KiB = 1024 B, since that is what is 
actually standardized. k2B and friends were an example of how some people 
avoided misusing standard prefixes (i.e. not using kB for 1024), by making 
up non-standard ones that did made some sense. There have been lots of 
schemes like that over the years.

If it were k2B that were standardized instead of KiB, I'd be pushing to use 
that instead, but that's not the case. =)

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


signature.asc
Description: This is a digitally signed message part.

Excluding a single arch on an arch: any

[Wesley J. Landaker]

Hey folks,

Is is possible to make the equivalent of an Architecture: any package except 
that it excludes one or two specific architectures? 

Basically, I'd like to be able to write, for example:

Architecture: any [!ia64]

I know I could specifically list supported architectures, but I don't want 
to do that, because the package in question works on *every architecture*, 
including unofficial ones (like hurd, knetbsd, etc) except for it has all 
sorts of perpetual, unresolvable problems on one particular architecture. I 
just want to exclude that specific one.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


signature.asc
Description: This is a digitally signed message part.

Re: Excluding a single arch on an arch: any

[Wesley J. Landaker]

On Sunday 12 August 2007 13:35:02 Adeodato Simó wrote:
> * Reinhard Tartler [Sun, 12 Aug 2007 21:27:50 +0200]:
> > "Wesley J. Landaker" <[EMAIL PROTECTED]> writes:
> > > Is is possible to make the equivalent of an Architecture: any package
> > > except that it excludes one or two specific architectures?
> >
> > I think the best you can do is to write a check for that specific
> > architecture in the package's preinst script, and abort the
> > installation if it is being installed on that 'blacklisted'
> > architecture.
>
> Uuh, that doesn't sound right. The correct thing to do would be to
> ensure the package does not build on the broken architectures, and
> remove the binaries from unstable. 

Won't this then prevent the package from migrating to testing, because it's 
arch: any, but failing to build on a release arch?

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


signature.asc
Description: This is a digitally signed message part.

Re: Excluding a single arch on an arch: any

[Wesley J. Landaker]

On Sunday 12 August 2007 19:13:38 Steve Langasek wrote:
> On Sun, Aug 12, 2007 at 05:43:27PM -0600, Wesley J. Landaker wrote:
> > Won't this then prevent the package from migrating to testing, because
> > it's arch: any, but failing to build on a release arch?
>
> "and remove the binaries from unstable."  The criterion for migration to
> testing is *not*, and never has been, that the package build on
> architectures; the criterion is that the package must not have any
> out-of-date binaries in unstable, which can be dealt with by 1) making
> sure the package builds on all architectures, 2) getting the ftp team to
> agree to remove the out-of-date binaries, or 3) ensuring in advance that
> the package never gets built on architectures where it doesn't belong.

Ah, okay. The package in question does have an out-of-date binary that 
previously built without problems (but AFAICT doesn't actually work).

> This is a proxy for the requirement that packages be supported "on as
> many architectures as is reasonably possible."  If the package is not
> supported on a given architecture, the binaries of that package for the
> architecture in question should not be in the archive (and particularly,
> not in testing), but it is *not* the role of the testing migration
> scripts to make decisions about whether a package is supported for an
> architecture, only to ensure consistency between architectures.  The
> decision of whether a package is supported is one that has to be made by
> the package maintainer and the porters.

Thanks all for the tips and clarification. I believe I know how to proceed  
sanely now. =)

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


signature.asc
Description: This is a digitally signed message part.

Re: RFC: changes to default password strength checks in pam_unix

[Wesley J. Landaker]

On Monday 03 September 2007 01:07:15 Thijs Kinkhorst wrote:
> On Mon, September 3, 2007 08:37, Bas Zoetekouw wrote:
> > And what's the rationale to change the minimum length to 8?  It won't
> > help security, as people who pick weak passwords now, will still pick
> > weak, but longer, passwords.
>
> I agree with Bas here: I'm all for removing the Debian deviation from
> upstream, so please go ahead with that, but raising it further is not
> necessarily a useful thing to do. I can easily think of a 6-char password
> that is a lot more difficult to guess than an 8 char one.

Especially when the most common response I've seen to a system saying that a 
password is not long enough is to start adding easily guessable extension 
strings to the password the user already picked, NOT to sit back down and 
think up a better, intrinsicly longer password:

e.g.

password: apple
Too short, must be 8 characters!
password: apple123

password: dog
Too short, must be 8 characters!
password: dogabcd

So raising the minimum length doesn't necessarily result in better 
passwords -- *especially* not from the kind of user who uses a derivative 
of "apple" or "dog"[1]. 

And maybe it's not "1234" or "abcd", but I'd wager a lot of people have some 
sort of algorithm -- or will quickly make one -- to extend a picked 
password without starting from scratch when e.g. a bunch of unimportant web 
services demand 15 character passwords. =)

Anyway, poor password pickers will still be poor even if you force them to 
long length ones, and good password pickers will still be good even if you 
force them to a shorter length. (Remember that there still quite a few 
systems out there that have a *maximum* password of 8 characters, so you 
have to get creative anyway...)

However, all that said, you have to draw the minimum line somewhere, 8 is a 
subjectively better "arbitrary" default than 6, and it's also good to match 
upstream in this case.

[1] Seriously similar to real passwords I've seen in the wild.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


signature.asc
Description: This is a digitally signed message part.

Re: Forming a new linux Distrbution

[Wesley J. Landaker]

On Sunday 14 October 2007 20:05:40 nithi saro wrote:
> Hello  friends ,
>
>   We are college students . we
> are planning to build new linux
> distribution.We don't have any idea how to start and how to
> proceed.Soplease give detailed
> steps to build a new one from scratch (LFS).

Rolling your own distribution from *scratch* might sound fun, but it's 
almost guaranteed to be a bad idea if you are college students and don't 
have any idea how to start. =)

Instead, what you might want to do is make a custom Debain-based 
distribution, which gives you the advantage of not starting from *scratch* 
but getting to strip things down, select exact packages, make your own 
installers, rebrand things, whatever.

A bigger plus is that it's not terribly difficult. See 
<http://wiki.debian.org/Custom> for a good starting point.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]> 
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


signature.asc
Description: This is a digitally signed message part.

Bug#221806: ITP: mmsclient -- mms streaming media download utility

[Wesley J. Landaker]

Package: wnpp
Severity: wishlist

* Package name: mmsclient
  Version : 0.0.3
  Upstream Author : "Major MMS" (http://www.geocities.com/majormms/)
* URL : http://www.geocities.com/majormms/
* License : GPL
  Description : mms streaming media download utility

mmsclient is a simple client to download streaming audio and/or video media
from the internet using the MMS protocol. Downloaded streams can then be
replayed offline at your leisure, using any compatible media player of your
choice (not included).



NOTES:

Most media streamed with MMS is in Microsoft media format, so some non-free
codecs or players may be required to actually play back some downloaded
streams. This package, however, just understands the MMS protocol and saves
streams for later use; it's not concerned with decoding the actually media.

The upstream author posted his work at the URL given above. However, he or she
does not give an e-mail address or name either on the web site or in the
downloaded package. The source is explicitly marked as being licensed under
the GPL, so I don't believe this is a problem.

I will attempt to track down more info about the upstream author, 
but if that is not possible, I will happily take over as the upstream
maintainer as well as doing the packaging. (The package works very well as is,
but is sorely in need of UI updates!)


-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux saidin 2.4.22-1-686-smp #5 SMP Sat Oct 4 14:35:05 EST 2003 i686
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8

ITP: ttf-essays -- TrueType font based on the typeface used in a 1743 English translation of Montaigne's Essays

[Wesley J Landaker]

On Tuesday, 12 October 2004 03:39, Carlos Perellà MarÃn wrote:
> * Package name: ttf-essays
>   Description : TrueType font based on the typeface used in a
> 1743 English translation of Montaigne's Essays

I'm surprised somebody hasn't done this sooner. Fonts from 1743 have 
been out of copyright for at least, oh, 5 years or so. ;)

-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2



pgp6Zcvgl3Z5S.pgp
Description: PGP signature

Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

[Wesley J. Landaker]

On Friday, October 12, 2012 05:10:12 David Kalnischkies wrote:
> On Thu, Oct 11, 2012 at 7:38 PM, Christoph Anton Mitterer
> 
>  wrote:
> > algo,... not to mention that newer algos like Keccack are quite fast.
> 
> I wonder if it is really a good idea to search for a security checksum
> based on the metric that it can be quickly calculated … but off-topic.

FWIW, NIST disagrees. Keccack is SHA-3: 



signature.asc
Description: This is a digitally signed message part.