Thanks for the feedback on IRC and mailing list. Find v2 below.
Ulrich
Title: Change of ACCEPT_LICENSE default
Author: Ulrich Müller
Posted: 2019-04-XX
Revision: 1
News-Item-Format: 2.0
The default set of accepted licenses has been changed [1,2] to:
ACCEPT_LICENSE="-* @FREE"
This means th
The OpenPGP smartcard standard, and the Nitrokey Pro smartcards that
are being distributed to Gentoo developers, do not support having a
separate primary/signing key for keys that are generated on the cards.
As a result they can only be used in accordance with our current
requirements if the keys a
On 2019-04-24 20:34, Rich Freeman wrote:
> The only reason to have a separate primary key is to have an offline
> copy,
Not quite. First and foremost, you don not want to have an offline copy
of the primary private key - you want to have the primary ENTIRELY
offline. Secondly, the reason for tha
On 2019-04-25 12:32, Rich Freeman wrote:
> The OpenPGP smartcard standard, and the Nitrokey Pro smartcards that
> are being distributed to Gentoo developers, do not support having a
> separate primary/signing key for keys that are generated on the cards.
> As a result they can only be used in acco
On Thu, Apr 25, 2019 at 7:57 AM Marek Szuba wrote:
>
> On 2019-04-24 20:34, Rich Freeman wrote:
>
> > The only reason to have a separate primary key is to have an offline
> > copy,
>
> Not quite. First and foremost, you don not want to have an offline copy
> of the primary private key - you want
On 25.04.2019 14:32, Rich Freeman wrote:
> [snip]
> Patch follows:
>
>
> diff --git a/glep-0063-v3.rst b/glep-0063-v3.rst
> index 5895873..86e5fd9 100644
> --- a/glep-0063-v3.rst
> +++ b/glep-0063-v3.rst
> @@ -12,6 +12,12 @@ OpenPGP key management policies for the Gentoo
> Linux distribution.
>
On Thu, 2019-04-25 at 07:32 -0400, Rich Freeman wrote:
> The intent of the separate primary key is to reduce the risk of it
> being compromised by keeping it offline. However, if it were
> generated on a smartcard it would be exclusively be maintained
> offline, so it is counterproductive to requi
Hi,
Per bug #673116 [1], I'd like to RFC adding a new global flag:
7z - Enable support for 7-Zip (.7z) archives
The consumers are currently split between using '7z', '7za' and '7zip'
flags:
dev-games/physfs/metadata.xml:Enable 7zip/lzma archive
support
dev-libs/poco/metadata.xml:
# Michał Górny (25 Apr 2019)
# This programs suffers severe code quality problems and should have
# never been added to Gentoo. It looks like a shell script badly
# converted to a C program with a lot of system() calls with globs,
# horribly unreadable code and broken memory management including
On Thu, Apr 25, 2019 at 7:58 AM Marek Szuba wrote:
> On 2019-04-24 20:34, Rich Freeman wrote:
>
> > The only reason to have a separate primary key is to have an offline
> > copy,
>
> Not quite. First and foremost, you don not want to have an offline copy
> of the primary private key - you want t
# Jason Zaman (25 Apr 2019)
# net-mail/perdition was last-rited in 2016. The
# SELinux policy packge is no longer needed.
# Removal in 30 days.
sec-policy/selinux-perdition
On Thu, 2019-04-25 at 07:13 +, Vieri wrote:
>
> On Thursday, April 25, 2019, 12:45:28 AM GMT+2, Gokturk Yuksek
> wrote:
> > The following package is up for grabs:
> > dev-libs/libaio
>
> Great to see that there's some activity on this list.
> I hope you don't mind me asking how I can ge
On 4/24/19 8:53 AM, Michał Górny wrote:
>
> systemd.eclass has more than one purpose, and therefore such dep didn't
> belong there (ebuilds should take care of the dependencies when using
> tmpfiles logic from it). tmpfiles.eclass on the other hand has a single
> purpose, so we've solved the prob
On Thu, 2019-04-25 at 16:07 -0400, Michael Orlitzky wrote:
> On 4/24/19 8:53 AM, Michał Górny wrote:
> > systemd.eclass has more than one purpose, and therefore such dep didn't
> > belong there (ebuilds should take care of the dependencies when using
> > tmpfiles logic from it). tmpfiles.eclass on
On Thu, 25 Apr 2019 11:30:27 -0400
Alec Warner wrote:
> > Seeing as separating the primary and the signing key has been part of
> > OpenPGP best practices for a long, long time, I have got highly mixed
> > feelings about this statement. On the one hand, it is not reasonable to
> > expect someone
On Thu, Apr 25, 2019 at 4:34 PM James Le Cuirot wrote:
>
> On Thu, 25 Apr 2019 11:30:27 -0400
> Alec Warner wrote:
>
> > > Seeing as separating the primary and the signing key has been part of
> > > OpenPGP best practices for a long, long time, I have got highly mixed
> > > feelings about this st
On 4/25/19 4:20 PM, Michał Górny wrote:
>
> Wrong. tmpfiles_process() requires virtual/tmpfiles on any system,
> including daemontools, bare minimal init and whatever. Keeping it
> installed afterwards is a minor side effect, and technical limitation of
> our dependency types (lack of install-de
On 4/25/19 10:48 PM, Rich Freeman wrote:
> I think a big problem is that gpg is sorely lacking in command line
> commands/options for key management. Almost anything having to do
> with key management involves a back-and-forth console interaction.
Yes and no.. One issue is it depends on context,
On Thu, 2019-04-25 at 16:49 -0400, Michael Orlitzky wrote:
> On 4/25/19 4:20 PM, Michał Górny wrote:
> > Wrong. tmpfiles_process() requires virtual/tmpfiles on any system,
> > including daemontools, bare minimal init and whatever. Keeping it
> > installed afterwards is a minor side effect, and te
On Tue, Apr 23, 2019 at 6:25 PM Zac Medico wrote:
>
> On 4/23/19 2:03 PM, Michael Orlitzky wrote:
> > We have two eclasses with almost-identical functions for handling
> > tmpfiles.d entries:
> >
> > 1. systemd.eclass
> >
> > a. systemd_dotmpfilesd
> > b. systemd_newtmpfilesd
> >
On Thu, 2019-04-25 at 17:24 -0400, Mike Gilbert wrote:
> On Tue, Apr 23, 2019 at 6:25 PM Zac Medico wrote:
> > On 4/23/19 2:03 PM, Michael Orlitzky wrote:
> > > We have two eclasses with almost-identical functions for handling
> > > tmpfiles.d entries:
> > >
> > > 1. systemd.eclass
> > >
> > >
On Thu, Apr 25, 2019 at 5:26 PM Michał Górny wrote:
>
> On Thu, 2019-04-25 at 17:24 -0400, Mike Gilbert wrote:
> > On Tue, Apr 23, 2019 at 6:25 PM Zac Medico wrote:
> > > On 4/23/19 2:03 PM, Michael Orlitzky wrote:
> > > > We have two eclasses with almost-identical functions for handling
> > > >
On 4/25/19 5:23 PM, Michał Górny wrote:
>>
>> What's wrong? You only need the effect of tmpfiles_process() if you're
>> running systemd or OpenRC. If the user is running SysV-init and if the
>> package also installs a SysV-init script, then that init script is going
>> to have to create any tempora
Signed-off-by: Mike Gilbert
---
eclass/tmpfiles.eclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/eclass/tmpfiles.eclass b/eclass/tmpfiles.eclass
index a8bb9061ec8c..f23c7c77ab07 100644
--- a/eclass/tmpfiles.eclass
+++ b/eclass/tmpfiles.eclass
@@ -113,7 +113,7 @@ tmpfiles
On Thu, 25 Apr 2019 17:46:50 -0400
Mike Gilbert wrote:
> Signed-off-by: Mike Gilbert
> ---
> eclass/tmpfiles.eclass | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/eclass/tmpfiles.eclass b/eclass/tmpfiles.eclass
> index a8bb9061ec8c..f23c7c77ab07 100644
> --- a/eclass/
On Thu, 25 Apr 2019 12:57:54 +0100
Marek Szuba wrote:
> On 2019-04-24 20:34, Rich Freeman wrote:
>
> > The only reason to have a separate primary key is to have an offline
> > copy,
>
> Not quite. First and foremost, you do not want to have an offline copy
> of the primary private key - you
On Thu, Apr 25, 2019 at 5:50 PM James Le Cuirot wrote:
>
> On Thu, 25 Apr 2019 17:46:50 -0400
> Mike Gilbert wrote:
>
> > Signed-off-by: Mike Gilbert
> > ---
> > eclass/tmpfiles.eclass | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/eclass/tmpfiles.eclass b/eclass
On Thu, Apr 25, 2019 at 4:55 PM Kristian Fiskerstrand wrote:
>
> Quite frankly I'd expect a Gentoo Developer to be able to manage the gpg
> interface.
>
Being able to is not the same as caring enough to be bothered with
it... I don't want to custom-tailor my Gentoo key. I just want to
generate
On 4/26/19 12:26 AM, Rich Freeman wrote:
> I mean, I'd expect any Gentoo dev to be able to figure out how to use
> git as well, but git also has a terrible command line interface,
Not really, it is quite intuitive once you understand the basics.
>
> Personally I think we ought to make it easier
On Thu, Apr 25, 2019 at 5:54 PM James Le Cuirot wrote:
>
> if I understood it correctly, it only removes the primary private key
> from the online copy and not the entire primary key. The --list-keys
> option shows an [SC] primary with an [E] subkey and an [S] subkey and I
> gathered from a conver
On Thu, Apr 25, 2019 at 6:29 PM Kristian Fiskerstrand wrote:
>
> On 4/26/19 12:26 AM, Rich Freeman wrote:
> > I mean, I'd expect any Gentoo dev to be able to figure out how to use
> > git as well, but git also has a terrible command line interface,
>
> Not really, it is quite intuitive once you un
On Thu, 2019-04-25 at 17:42 -0400, Michael Orlitzky wrote:
> On 4/25/19 5:23 PM, Michał Górny wrote:
> > > What's wrong? You only need the effect of tmpfiles_process() if you're
> > > running systemd or OpenRC. If the user is running SysV-init and if the
> > > package also installs a SysV-init scri
32 matches
Mail list logo
