IRC Logs for #crux-devel Friday, 2015-01-02

teK_Per even did cat ... | grep .. :)00:06
teK_frinnst00:14
teK_http://crux.nu/bugs/index.php?do=details&task_id=111100:16
*** Feksclaus has quit IRC00:19
*** leo-unglaub has quit IRC00:20
teK_% openssl req -noout -text -in crux.csr | head -400:34
teK_Certificate Request:00:34
teK_    Data:00:34
teK_        Version: 0 (0x0)00:34
teK_        Subject: C=SE, ST=Sm\xC3\x83\xC2\xA5land, L=Kalmar, O=CRUX, OU=R&D / Special Division, CN=crux.nu/emailAddress=infra@crux.nu00:34
teK_jfyi00:34
jaegersometimes I wonder about the license thing, if we should be keeping license files in some cases. I don't know the answer00:37
teK_IANAL but my bet would be that we would have to00:37
teK_I hate lawyers :p00:37
teK_not even them, laws making beatiful things complicated. :o00:38
jaegerheh00:39
frinnstjaeger, license files from different ports?01:44
jaegerfrom the software we port01:45
mechaniputerPardon me for chiming in on this channel... I would guess that since our ports don't count as "us" distributing the software but only providing directions to download it, that we don't have to. However the installer CD might be a different situation.01:58
jaegerit's fine, don't sweat it02:02
*** mavrick61 has quit IRC03:24
*** mavrick61 has joined #crux-devel03:25
jaegergah... just spent about 30 minutes chasing a realloc typo04:29
jaegereven with valgrind :P04:32
Romsterleo-unglaub, http://crux.ster.zone/ports/xfce4.httpup i was thinking of giving sepen the diff when its all done.07:24
Romstermechaniputer, we have a sources of the iso so we are covered on that.07:24
*** all has joined #crux-devel09:32
*** Feksclaus has joined #crux-devel11:26
frinnstwtf, couldnt find the xorg-bdftopcf when I ran the xorg-xproto update yesterday :)12:10
frinnstsilly typ-o12:10
frinnsttypeo12:10
frinnstasdfakjsd12:10
jue:)12:14
*** crash_ has joined #crux-devel13:04
teK_sepen emailed me about repo administration15:05
teK_a bit late for my taste.15:05
*** crash_ has quit IRC15:20
Romsterwhat was the verdict?15:22
diverseI assume teK_ meant that sepen gave his permission15:41
teK_he asked if I added people / repos15:41
teK_actuallyhe didnt15:41
diverse:(15:41
teK_I invited him to talk, as jaeger suggested :)15:41
Romsterof course you add because he is never around when needed nor even reads email.15:42
Romsteryet he sometimes still commits updates.15:42
Romsteri guess having a family means very little amount of time left.15:43
teK_we will see; it does make most sense, to talk together instead of about each other ;)15:43
teK_I have had a family longer than I was CRUX user/maintainer :>15:43
jaegerAnd we don't know what other drains he has on his time. It's different for everyone.15:45
teK_and voluntary.15:45
jaegerIf he's amenable to having another person help with his ports, then that could help a lot15:46
jaegerIf he's not, then someone else can fork if they want to15:46
teK_this depends on the changes Romster/leo-unglaub made to xfce/his other ports15:46
teK_sepen is a nice guy and we will figure out something :]15:47
jaegerindeed15:47
Romsterall i did was versions and patches from other distros really.15:48
Romsterbut it is work in progress.15:48
teK_oh and leo-unglaub also offered help with webservices (he speaks PHP I hope :P)15:48
teK_I'd love to see a way to close bug reports with commit messages, for example15:49
teK_he also offered to push our CSR for a TLS cert for crux.nu :)15:49
Romsternot sure on that freebee SSL certs15:50
teK_so you disabled startssl in your browser?15:50
teK_I even trust T√úRKTRUST and T-Systems/Deutsche Telekom.. so..15:51
Romsteri mean fee certs for everyone ting. isnt there a opportunity for abuse or they revoke them and then what do we do have to go buy a cert?15:51
Romsterfree*15:51
teK_yes there's some kind of dependency that's still better than sending password over the wire with HTTP15:51
teK_if you'd like your concerns to be documented, feel free to comment on the FS task :)15:52
Romsteri like https but the free certs. free there has to be a catch or a con in it.15:52
jaegerWell, the free tier doesn't have all the features of the paid tiers15:53
jaegerfeatures we don't particularly need15:53
Romsterok so its restricted features too.15:53
teK_the catch, I think, is CEOs/non-tech people of companies asking for the extended validation certs because they saw them on $FANCY_SITE and that will cost you even with startssl15:53
jaegerno wildcards, no multi-domains, etc.15:53
jaegernot important for use on crux.nu15:53
jaegerno green bar (tm) in the browser, heh15:54
teK_:P15:54
teK_WE NEED THAT SHINY GREEN BAR15:54
Romsterat that point you go with another cert authority?15:54
jaegerthen we have to pay!15:54
Romsterno green bar woot.15:54
jaegeror you buy a higher tier from them15:54
teK_http://i2.kym-cdn.com/photos/images/newsfeed/000/264/200/acb.jpg15:54
teK_Romster: startssl offers extened validation15:55
teK_but it's just another scam. like AV :p15:55
Romsteryeah scams everywhere15:55
Romsterhave to think long and hard if there is any merit in trusting them15:56
Romsterie never rus into the next cool thing and later go oh shit...15:56
teK_as hinted eralier.. users/browsers should reduce the list of trusted CAs because if one is compromised, you are screwed. Cross validation even worsens the situation15:56
jaegerSSL cert features haven't changed much in years15:56
Romsters/rus/rush/15:57
teK_only the business models arround them :p15:57
jaegerexactly15:57
jaegerand frankly, you know as much about startssl as any of the others: what the internet can tell you in reviews, etc.15:57
Romsterreally i don't trust any authorities to be honest.15:58
Romsterthey have a single point of failure.15:58
jaegerthen you're pretty much screwed :)15:58
jaegeras far as SSL and websites go, you don't have much choice15:58
Romsterpretty much, its how its always been on certs15:58
jaegeryou either run it without SSL, pay for SSL, or self-sign SSL.15:58
teK_I know that T-Systems has a good chance of working with BKA/BND. For examle. :)15:59
Romsteri'd rather self sign than trust some third party15:59
jaegerthat's fine for your personal use or at home or on an internal network you control, or similar16:00
jaegernot so much for a public website16:00
Romsterbut business/corporate16:00
teK_the bug report has been open since mid November :)16:01
teK_I am pretty certain about us going with startssl.16:01
Romsterthats nothing...16:01
teK_for my standards it is !1116:01
jaegerWell, it isn't a downgrade from non-SSL16:01
teK_indeed16:02
Romsteri know off toppic buy why can't we have GPG and group trust certificates.16:03
teK_because it requires quite some work16:03
Romsterthats jsut too good to be implmented and no money for these lame cert companies16:03
jaegerpersonally I see now harm in trying the startssl cert16:05
teK_we are not paying anything and TLS can be enabled like "this"16:05
Romstertrue so may as well16:07
Romsternot like you can't revert it easily should anything happen16:07
teK_and there are alternatives if we are not satisfied with startssl: a) https://www.globalsign.com/en/ssl/ssl-open-source/ b) https://de.godaddy.com/ssl/ssl-open-source.aspx16:08
Romsterright16:11
Romsteryou lot work with dns sites ssl stuff most of the time in your jobs right?16:12
jaegerat work we buy our certs from entrust16:12
diversethe shiny green bar, huh16:21
diverseall this talk about leo got us interest in security huh?16:28
diverse*interested16:28
Romsterthink its been on and off discussion for awhile now.16:32
diversewhere do we need to apply the TLS certs?16:33
*** Feksclaus has quit IRC16:36
*** Feksclaus has joined #crux-devel16:37
*** Feksclaus has quit IRC17:04
*** Feksclaus has joined #crux-devel17:05
teK_site-wide.17:25
teK_the wiki, flyspray, the admin interface of mailman use passwords/cookies17:26
diverseI see17:26
frinnstproblem with startssl is that it actually costs money to revoke a cert18:22
teK_during the first 12 months ;)18:23
jaegerit's unlikely we'd need to revoke it18:51
teK_in this case, we have more severe problems, I'm sure18:52
jaegerindeed18:53
*** leo-unglaub has joined #crux-devel19:04
frinnstyeah but it sort of makes startssl sorta untrusted. chances are owned certs wont be revoked19:25
jaegercan stop using it at that point, though19:26
frinnstunless someone else starts using it19:28
jaegerhow does that stop us from not using it?19:29
frinnstnot for us. I was thinking more in general and for end users19:31
frinnstbut nevermind, i've yet to hit my caffeine quota19:31
frinnstafk :)19:31
jaegerheh, fair enough19:31
*** kori_ has quit IRC23:16
*** leo-unglaub has quit IRC23:34

Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!