From taro-k at movasense.com Sat Nov 1 15:42:00 2014 From: taro-k at movasense.com (taro-k at movasense.com) Date: Sun, 02 Nov 2014 00:42:00 +0900 Subject: [Dev] Iceweasel: make download source only from debian repo Message-ID: <5454FF48.5040805@movasense.com> Hi. In libre/iceweasel's PKGBUILD, I think it's more clear if the download source is only from Debian repo. I did some investigation but couldn't find the reason we really need parabola repo there. The patch is attached. thx. Taro -- taro-k at movasense.com Key fingerprint: 8294 6974 F5C7 345B FBFB F6B5 B5E8 87D1 00A5 42D7 -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-iceweasel-1-33.0.deb2-5-make-source-only-from-debian.patch Type: text/x-patch Size: 3142 bytes Desc: not available URL: From emulatorman at riseup.net Mon Nov 3 13:23:32 2014 From: emulatorman at riseup.net (=?windows-1252?Q?Andr=E9_Silva?=) Date: Mon, 03 Nov 2014 11:23:32 -0200 Subject: [Dev] Iceweasel: make download source only from debian repo In-Reply-To: <5454FF48.5040805@movasense.com> References: <5454FF48.5040805@movasense.com> Message-ID: <545781D4.3040409@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/01/2014 01:42 PM, taro-k at movasense.com wrote: > Hi. In libre/iceweasel's PKGBUILD, I think it's more clear if the > download source is only from Debian repo. I did some investigation > but couldn't find the reason we really need parabola repo there. I told you the reason about it from labs [0]. I suggest you open a report bug on Debian to solve it. [0]:https://labs.parabola.nu/issues/590#note-3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJUV4HUAAoJEOaXR1L5cERW9kAP/1hG3YSc7GnMqUVdSoM+qCxY hsCozKWwdirPKKHNfnMm4FsWAHsOmFUBXaTRGpSwFytLAk+KwGB0hFb/sy9tgHI2 fEsD9TiSifgxbkk3OZGSxjeLnYE/OjyuqxNjTKdGtiezbuMIjhxLu6rRZZ9DqP2l 4TXbyROmsiDbpyBhiOkCAR3vUVKVFb6sUK7W1objbggLKlTetv3FCyBsaZ9Dh2DQ U4cSRHREEbm2hhzOP0WiDzmgXy+Sobz+u6QfKc7PlT0xXTqVzG6KmPp1Y+weCVro gJkLeHekhKYjBQhQfgz1ANeA2GMtkr/ClBDellmyLvetozfrTGQfkvQwBPTA119a pCH8rsU9i3uKooj2UvhFWnVevxFF4zPYeMEZB6e+a2AbwejJf3b7SVV81yVaKzft 6p3xAbCaWDtha4mjzhuogAmQjJ8e5UbzAF5mVyXMy3jSOi2Y91fMasOPeck4DgzW 2IyjhcqgR1sIytwPkY/ChOflESJx0wh8Is5ScZOxvTHBqfkGLZ+2mWaKqJPLZc7s hNJTPnxykdL5L5Ain4dK5V6fWk2bwg0VG1l+Psc0bNb598BTKNo5pDp09sKnU+62 J1OlZBQ/L/qmFmhMo6WrQjf6gPK9lFCwVyQGM/tvxpl0JW+dr2b+guzlZ7xgY9Il U+FDR0GbY7FnFAqw/QmC =V/DO -----END PGP SIGNATURE----- From taro-k at movasense.com Mon Nov 3 13:37:44 2014 From: taro-k at movasense.com (taro-k at movasense.com) Date: Mon, 03 Nov 2014 22:37:44 +0900 Subject: [Dev] Iceweasel: make download source only from debian repo In-Reply-To: <545781D4.3040409@riseup.net> References: <5454FF48.5040805@movasense.com> <545781D4.3040409@riseup.net> Message-ID: <54578528.4040708@movasense.com> Oh, sorry, I didn't notice your reply there. I will check the notification function. By the way, your reply: > [0]:https://labs.parabola.nu/issues/590#note-3 > Iceweasel is being built from Parabola because Debian upstream contains nonfree OpenH264 plugin provided by Cisco Systems. Parabola's packages should be built from source tarball without nonfree stuff. If it's the only reason, the following command in PKGBUILD is sufficient, I think. rm -v toolkit/mozapps/extensions/{test/{browser/browser_openH264.js,xpcshell/test_openh264.js},content/{OpenH264-license.txt,openH264Prefs.xul},internal/OpenH264Provider.jsm} Also, I did check it's the only difference between parabola repo's and debian repo's. I believe downloading directly for upstream as much as possible is always more clear for security-conscious people. best. Taro On 11/03/2014 10:23 PM, Andr? Silva wrote: > On 11/01/2014 01:42 PM, taro-k at movasense.com wrote: >> Hi. In libre/iceweasel's PKGBUILD, I think it's more clear if the >> download source is only from Debian repo. I did some investigation >> but couldn't find the reason we really need parabola repo there. > > I told you the reason about it from labs [0]. I suggest you open a > report bug on Debian to solve it. > > [0]:https://labs.parabola.nu/issues/590#note-3 > _______________________________________________ > Dev mailing list > Dev at lists.parabola.nu > https://lists.parabola.nu/mailman/listinfo/dev > -- taro-k at movasense.com Key fingerprint: 8294 6974 F5C7 345B FBFB F6B5 B5E8 87D1 00A5 42D7 Let's encrypt emails even if it's not "top secret". "Email Self-Defense" by Free Software Foundation https://emailselfdefense.fsf.org/en/ ??????????????????????? ??????????? by ??????????? https://emailselfdefense.fsf.org/ja/ From emulatorman at riseup.net Mon Nov 3 14:33:52 2014 From: emulatorman at riseup.net (=?UTF-8?B?QW5kcsOpIFNpbHZh?=) Date: Mon, 03 Nov 2014 12:33:52 -0200 Subject: [Dev] Iceweasel: make download source only from debian repo In-Reply-To: <54578528.4040708@movasense.com> References: <5454FF48.5040805@movasense.com> <545781D4.3040409@riseup.net> <54578528.4040708@movasense.com> Message-ID: <54579250.4090008@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/03/2014 11:37 AM, taro-k at movasense.com wrote: > Oh, sorry, I didn't notice your reply there. I will check the > notification function. By the way, your reply: >> [0]:https://labs.parabola.nu/issues/590#note-3 Iceweasel is being >> built from Parabola because Debian upstream > contains nonfree OpenH264 plugin provided by Cisco Systems. > Parabola's packages should be built from source tarball without > nonfree stuff. > > If it's the only reason, the following command in PKGBUILD is > sufficient, I think. > > rm -v > toolkit/mozapps/extensions/{test/{browser/browser_openH264.js,xpcshell/test_openh264.js},content/{OpenH264-license.txt,openH264Prefs.xul},internal/OpenH264Provider.jsm} > > Also, I did check it's the only difference between parabola repo's > and debian repo's. > > > I believe downloading directly for upstream as much as possible is > always more clear for security-conscious people. > > best. Taro Micha? found more info about it and you're right [0], then i've put the changes reported by you [1], thanks and sorry for the inconvenience :) [0]:https://labs.parabola.nu/issues/590#note-4 [1]:https://projects.parabola.nu/abslibre.git/commit/?id=4708588870352f162407ed0ca13618ba15539997 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJUV5JQAAoJEOaXR1L5cERW7iUP/3ylgLPYRGE1QnJlqFSR+wb+ vbnI1pRnpVgkz2Ax9XZ7mGpi/bMHZMSMmDuOiahkPIT9ydIk6xUAYyE3z6zLVy8R 8b1aBWIknG8HXc8NmJMy+Kh0ty8edq1SCegcbQRhQ/qm9+O4Y+nmfyifs/fCtsLt ehjtJ1fyWmDi0VXohSFKLK4JQ5PmBLbSUEOhm8L3rXCJx9dL5u+/XKpMaIlD/5NB fgmqd1KbytbakI8wgYQCWzlcsqbxNfEmRhQ/NNk+UhW7RLoGadWML4GmwVAlAu7q CPxxRBczH5QoHRRKBzBfpyKx/gY4n9iWy1jLD3CSg6K+BS9x/SgKiPqr87bXdOl/ rbd55CfE2A2h8DNXKE3pzKtGuYoRaUYsCfuJXq1DJND307Pki8EuXqsBJmdLNkN3 NLKzfRHBKO7ne/JykdkeMfU22Q7MxFRG3N7sHNYIcpEcvBUHn6LyxaZUNKAFJnK7 7E3SVZHzVLArgGsXeIn0YlzEMjSpakoprS7/jp4EJaKDzM+t2b1y++Rq9asnCNPP Xk3REO2Lmai7KueX7k2v8fjeNrRUidm2zvCYDAXvXLYeBT3qUDTrLNb+iqIzwAB8 gALwvyuxe8mXtABKshmvevzax98IEcNNzDtCV1MyVV1dhAbU9EokX/H8Jakr44U2 eLO+kvf7M2nBytl/iShX =x81a -----END PGP SIGNATURE----- From taro-k at movasense.com Tue Nov 4 01:53:08 2014 From: taro-k at movasense.com (taro-k at movasense.com) Date: Tue, 04 Nov 2014 10:53:08 +0900 Subject: [Dev] Iceweasel: make download source only from debian repo In-Reply-To: <54579250.4090008@riseup.net> References: <5454FF48.5040805@movasense.com> <545781D4.3040409@riseup.net> <54578528.4040708@movasense.com> <54579250.4090008@riseup.net> Message-ID: <54583184.9080503@movasense.com> On 11/03/2014 11:33 PM, Andr? Silva wrote: > On 11/03/2014 11:37 AM, taro-k at movasense.com wrote: >> Oh, sorry, I didn't notice your reply there. I will check the >> notification function. By the way, your reply: >>> [0]:https://labs.parabola.nu/issues/590#note-3 Iceweasel is being >>> built from Parabola because Debian upstream >> contains nonfree OpenH264 plugin provided by Cisco Systems. >> Parabola's packages should be built from source tarball without >> nonfree stuff. > >> If it's the only reason, the following command in PKGBUILD is >> sufficient, I think. > >> rm -v >> toolkit/mozapps/extensions/{test/{browser/browser_openH264.js,xpcshell/test_openh264.js},content/{OpenH264-license.txt,openH264Prefs.xul},internal/OpenH264Provider.jsm} > >> Also, I did check it's the only difference between parabola repo's >> and debian repo's. > > >> I believe downloading directly for upstream as much as possible is >> always more clear for security-conscious people. > >> best. Taro > > Micha? found more info about it and you're right [0], then i've put > the changes reported by you [1], thanks and sorry for the inconvenience :) Thx lot. Not only Iceweasel but also other packages, and not only Parabola but also Arch, I always believe downloading from upper stream as much as possible, is much better in terms of security clarity. BTW, in the Redmine, mtjm (Micha??) said no need to remove them, but you are keeping removing. Is this because of Patent although they are open source? best. Taro > [0]:https://labs.parabola.nu/issues/590#note-4 > [1]:https://projects.parabola.nu/abslibre.git/commit/?id=4708588870352f162407ed0ca13618ba15539997 > _______________________________________________ > Dev mailing list > Dev at lists.parabola.nu > https://lists.parabola.nu/mailman/listinfo/dev > -- taro-k at movasense.com Key fingerprint: 8294 6974 F5C7 345B FBFB F6B5 B5E8 87D1 00A5 42D7 Let's encrypt emails even if it's not "top secret". "Email Self-Defense" by Free Software Foundation https://emailselfdefense.fsf.org/en/ ??????????????????????? ??????????? by ??????????? https://emailselfdefense.fsf.org/ja/ From blade.vp2020 at gmail.com Wed Nov 12 03:48:43 2014 From: blade.vp2020 at gmail.com (Ali Abdul Ghani) Date: Tue, 11 Nov 2014 19:48:43 -0800 Subject: [Dev] parabola for blind Message-ID: hi I am blind i use Screen reader for me, Without Screen reader My life becomes difficult It gives me the ability to control computer I installed http://talkingarch.tk/ then I follow these instructions to be parabola https://wiki.parabola.nu/Migration I wish parabola do a TalkArch derivative install CD themselves From kzer-za at cryptolab.net Sun Nov 16 12:53:20 2014 From: kzer-za at cryptolab.net (Kuba Kukielka) Date: Sun, 16 Nov 2014 12:53:20 +0000 Subject: [Dev] There might be a bug in the package 'your-freedom' Message-ID: <1416142400.884.29.camel@cryptolab.net> Hello, I wanted to compile a linux-libre kernel and one of the dependancies were 'isdn4k-utils'. I search it using pacman and packer, but I found nothing. I instaled the package from; https://www.archlinux.org/packages/core/x86_64/isdn4k-utils/ But when I upgraded the package using pacman, I had to remove 'your-freedom' which is odd, because the licence is the GPL. Thanks, -- Kuba Kukielka From mtjm at mtjm.eu Sun Nov 16 17:07:00 2014 From: mtjm at mtjm.eu (=?utf-8?Q?Micha=C5=82_Mas=C5=82owski?=) Date: Sun, 16 Nov 2014 18:07:00 +0100 Subject: [Dev] There might be a bug in the package 'your-freedom' In-Reply-To: <1416142400.884.29.camel@cryptolab.net> (Kuba Kukielka's message of "Sun, 16 Nov 2014 12:53:20 +0000") References: <1416142400.884.29.camel@cryptolab.net> Message-ID: <87egt3dqh7.fsf@mtjm.eu> > I instaled the package from; > https://www.archlinux.org/packages/core/x86_64/isdn4k-utils/ > But when I upgraded the package using pacman, I had to remove > 'your-freedom' which is odd, because the licence is the GPL. It has/had nonfree files, see [0] for details. Debian fixed it, maybe we can apply the same changes as they do (but does anyone use ISDN here?). [0] http://libreplanet.org/wiki/Software_blacklist#isdnutils -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 818 bytes Desc: not available URL: From kzer-za at cryptolab.net Sun Nov 16 20:09:08 2014 From: kzer-za at cryptolab.net (Kuba Kukielka) Date: Sun, 16 Nov 2014 20:09:08 +0000 Subject: [Dev] There might be a bug in the package 'your-freedom' In-Reply-To: <87egt3dqh7.fsf@mtjm.eu> References: <1416142400.884.29.camel@cryptolab.net> <87egt3dqh7.fsf@mtjm.eu> Message-ID: <40D4CB64-6B69-43F3-A13A-F5E26873969E@cryptolab.net> Thanks, I will only install this if I need to recompile the kernel for any reason. ------------------------------------- Kuba Kukielka -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- An HTML attachment was scrubbed... URL: From lukeshu at sbcglobal.net Tue Nov 18 17:50:01 2014 From: lukeshu at sbcglobal.net (Luke Shumaker) Date: Tue, 18 Nov 2014 12:50:01 -0500 Subject: [Dev] There might be a bug in the package 'your-freedom' In-Reply-To: <87egt3dqh7.fsf@mtjm.eu> References: <1416142400.884.29.camel@cryptolab.net> <87egt3dqh7.fsf@mtjm.eu> Message-ID: <871tp05rg6.wl-lukeshu@sbcglobal.net> At Sun, 16 Nov 2014 18:07:00 +0100, Micha? Mas?owski wrote: > > I instaled the package from; > > https://www.archlinux.org/packages/core/x86_64/isdn4k-utils/ > > But when I upgraded the package using pacman, I had to remove > > 'your-freedom' which is odd, because the licence is the GPL. > > It has/had nonfree files, see [0] for details. Debian fixed it, maybe > we can apply the same changes as they do (but does anyone use ISDN > here?). I've tried, but there were technical issues related to library versions. It's been a low-priority item on my TODO list for quite a while now. I know there was a bug for it... but apparently that was on the old bug tracker. -- Happy hacking, ~ Luke Shumaker From lukeshu at sbcglobal.net Wed Nov 19 05:59:10 2014 From: lukeshu at sbcglobal.net (Luke Shumaker) Date: Wed, 19 Nov 2014 00:59:10 -0500 Subject: [Dev] There might be a bug in the package 'your-freedom' In-Reply-To: <1416142400.884.29.camel@cryptolab.net> References: <1416142400.884.29.camel@cryptolab.net> Message-ID: <87vbmb4tox.wl-lukeshu@sbcglobal.net> At Sun, 16 Nov 2014 12:53:20 +0000, Kuba Kukielka wrote: > I wanted to compile a linux-libre kernel and one of the dependancies > were 'isdn4k-utils'. Umm... where are you seeing that? isdn4k-utils isn't a dep of linux-libre. -- Happy hacking, ~ Luke Shumaker From lukeshu at sbcglobal.net Wed Nov 19 06:02:14 2014 From: lukeshu at sbcglobal.net (Luke Shumaker) Date: Wed, 19 Nov 2014 01:02:14 -0500 Subject: [Dev] There might be a bug in the package 'your-freedom' In-Reply-To: <871tp05rg6.wl-lukeshu@sbcglobal.net> References: <1416142400.884.29.camel@cryptolab.net> <87egt3dqh7.fsf@mtjm.eu> <871tp05rg6.wl-lukeshu@sbcglobal.net> Message-ID: <87tx1v4tjt.wl-lukeshu@sbcglobal.net> At Tue, 18 Nov 2014 12:50:01 -0500, Luke Shumaker wrote: > > It has/had nonfree files, see [0] for details. Debian fixed it, maybe > > we can apply the same changes as they do (but does anyone use ISDN > > here?). > > I've tried, but there were technical issues related to library > versions. It's been a low-priority item on my TODO list for quite a > while now. I know there was a bug for it... but apparently that was > on the old bug tracker. s/library/autoconf/ After spending more of today on it that I originally planned to... I've pushed `libre/non-working/isdnutils-dfsg' to abslibre.git. It compiles. I still need to sanity-check the resulting package, and make sure all the dependencies are declared (I didn't build in a chroot). I'm pretty much too tired to do that now; I'll wait and do it with fresh eyes (maybe tomorrow?). -- Happy hacking, ~ Luke Shumaker From kzer-za at cryptolab.net Wed Nov 19 07:40:27 2014 From: kzer-za at cryptolab.net (Kuba Kukielka) Date: Wed, 19 Nov 2014 07:40:27 +0000 Subject: [Dev] There might be a bug in the package 'your-freedom' In-Reply-To: <87vbmb4tox.wl-lukeshu@sbcglobal.net> References: <1416142400.884.29.camel@cryptolab.net> <87vbmb4tox.wl-lukeshu@sbcglobal.net> Message-ID: <1416382827.1200.6.camel@cryptolab.net> Hi, The package linux-libre does not require ISDN but when I compiled the kernel from > http://linux-libre.fsfla.org/pub/linux-libre/releases/ in the file Documentation/Changes (attached) isdn4k-utils is one of the packages needed for compilation. Thanks, -- Kuba Kukielka -------------- next part -------------- Intro ===== This document is designed to provide a list of the minimum levels of software necessary to run the 3.0 kernels. This document is originally based on my "Changes" file for 2.0.x kernels and therefore owes credit to the same people as that file (Jared Mauch, Axel Boldt, Alessandro Sigala, and countless other users all over the 'net). Current Minimal Requirements ============================ Upgrade to at *least* these software revisions before thinking you've encountered a bug! If you're unsure what version you're currently running, the suggested command should tell you. Again, keep in mind that this list assumes you are already functionally running a Linux kernel. Also, not all tools are necessary on all systems; obviously, if you don't have any ISDN hardware, for example, you probably needn't concern yourself with isdn4k-utils. o Gnu C 3.2 # gcc --version o Gnu make 3.80 # make --version o binutils 2.12 # ld -v o util-linux 2.10o # fdformat --version o module-init-tools 0.9.10 # depmod -V o e2fsprogs 1.41.4 # e2fsck -V o jfsutils 1.1.3 # fsck.jfs -V o reiserfsprogs 3.6.3 # reiserfsck -V o xfsprogs 2.6.0 # xfs_db -V o squashfs-tools 4.0 # mksquashfs -version o btrfs-progs 0.18 # btrfsck o pcmciautils 004 # pccardctl -V o quota-tools 3.09 # quota -V o PPP 2.4.0 # pppd --version o isdn4k-utils 3.1pre1 # isdnctrl 2>&1|grep version o nfs-utils 1.0.5 # showmount --version o procps 3.2.0 # ps --version o oprofile 0.9 # oprofiled --version o udev 081 # udevd --version o grub 0.93 # grub --version || grub-install --version o mcelog 0.6 # mcelog --version o iptables 1.4.2 # iptables -V Kernel compilation ================== GCC --- The gcc version requirements may vary depending on the type of CPU in your computer. Make ---- You will need Gnu make 3.80 or later to build the kernel. Binutils -------- Linux on IA-32 has recently switched from using as86 to using gas for assembling the 16-bit boot code, removing the need for as86 to compile your kernel. This change does, however, mean that you need a recent release of binutils. Perl ---- You will need perl 5 and the following modules: Getopt::Long, Getopt::Std, File::Basename, and File::Find to build the kernel. BC -- You will need bc to build kernels 3.10 and higher System utilities ================ Architectural changes --------------------- DevFS has been obsoleted in favour of udev (http://www.kernel.org/pub/linux/utils/kernel/hotplug/) 32-bit UID support is now in place. Have fun! Linux documentation for functions is transitioning to inline documentation via specially-formatted comments near their definitions in the source. These comments can be combined with the SGML templates in the Documentation/DocBook directory to make DocBook files, which can then be converted by DocBook stylesheets to PostScript, HTML, PDF files, and several other formats. In order to convert from DocBook format to a format of your choice, you'll need to install Jade as well as the desired DocBook stylesheets. Util-linux ---------- New versions of util-linux provide *fdisk support for larger disks, support new options to mount, recognize more supported partition types, have a fdformat which works with 2.4 kernels, and similar goodies. You'll probably want to upgrade. Ksymoops -------- If the unthinkable happens and your kernel oopses, you may need the ksymoops tool to decode it, but in most cases you don't. It is generally preferred to build the kernel with CONFIG_KALLSYMS so that it produces readable dumps that can be used as-is (this also produces better output than ksymoops). If for some reason your kernel is not build with CONFIG_KALLSYMS and you have no way to rebuild and reproduce the Oops with that option, then you can still decode that Oops with ksymoops. Module-Init-Tools ----------------- A new module loader is now in the kernel that requires module-init-tools to use. It is backward compatible with the 2.4.x series kernels. Mkinitrd -------- These changes to the /lib/modules file tree layout also require that mkinitrd be upgraded. E2fsprogs --------- The latest version of e2fsprogs fixes several bugs in fsck and debugfs. Obviously, it's a good idea to upgrade. JFSutils -------- The jfsutils package contains the utilities for the file system. The following utilities are available: o fsck.jfs - initiate replay of the transaction log, and check and repair a JFS formatted partition. o mkfs.jfs - create a JFS formatted partition. o other file system utilities are also available in this package. Reiserfsprogs ------------- The reiserfsprogs package should be used for reiserfs-3.6.x (Linux kernels 2.4.x). It is a combined package and contains working versions of mkreiserfs, resize_reiserfs, debugreiserfs and reiserfsck. These utils work on both i386 and alpha platforms. Xfsprogs -------- The latest version of xfsprogs contains mkfs.xfs, xfs_db, and the xfs_repair utilities, among others, for the XFS filesystem. It is architecture independent and any version from 2.0.0 onward should work correctly with this version of the XFS kernel code (2.6.0 or later is recommended, due to some significant improvements). PCMCIAutils ----------- PCMCIAutils replaces pcmcia-cs (see below). It properly sets up PCMCIA sockets at system startup and loads the appropriate modules for 16-bit PCMCIA devices if the kernel is modularized and the hotplug subsystem is used. Pcmcia-cs --------- PCMCIA (PC Card) support is now partially implemented in the main kernel source. The "pcmciautils" package (see above) replaces pcmcia-cs for newest kernels. Quota-tools ----------- Support for 32 bit uid's and gid's is required if you want to use the newer version 2 quota format. Quota-tools version 3.07 and newer has this support. Use the recommended version or newer from the table above. Intel IA32 microcode -------------------- A driver has been added to allow updating of Intel IA32 microcode, accessible as a normal (misc) character device. If you are not using udev you may need to: mkdir /dev/cpu mknod /dev/cpu/microcode c 10 184 chmod 0644 /dev/cpu/microcode as root before you can use this. You'll probably also want to get the user-space microcode_ctl utility to use with this. udev ---- udev is a userspace application for populating /dev dynamically with only entries for devices actually present. udev replaces the basic functionality of devfs, while allowing persistent device naming for devices. FUSE ---- Needs libfuse 2.4.0 or later. Absolute minimum is 2.3.0 but mount options 'direct_io' and 'kernel_cache' won't work. Networking ========== General changes --------------- If you have advanced network configuration needs, you should probably consider using the network tools from ip-route2. Packet Filter / NAT ------------------- The packet filtering and NAT code uses the same tools like the previous 2.4.x kernel series (iptables). It still includes backwards-compatibility modules for 2.2.x-style ipchains and 2.0.x-style ipfwadm. PPP --- The PPP driver has been restructured to support multilink and to enable it to operate over diverse media layers. If you use PPP, upgrade pppd to at least 2.4.0. If you are not using udev, you must have the device file /dev/ppp which can be made by: mknod /dev/ppp c 108 0 as root. Isdn4k-utils ------------ Due to changes in the length of the phone number field, isdn4k-utils needs to be recompiled or (preferably) upgraded. NFS-utils --------- In ancient (2.4 and earlier) kernels, the nfs server needed to know about any client that expected to be able to access files via NFS. This information would be given to the kernel by "mountd" when the client mounted the filesystem, or by "exportfs" at system startup. exportfs would take information about active clients from /var/lib/nfs/rmtab. This approach is quite fragile as it depends on rmtab being correct which is not always easy, particularly when trying to implement fail-over. Even when the system is working well, rmtab suffers from getting lots of old entries that never get removed. With modern kernels we have the option of having the kernel tell mountd when it gets a request from an unknown host, and mountd can give appropriate export information to the kernel. This removes the dependency on rmtab and means that the kernel only needs to know about currently active clients. To enable this new functionality, you need to: mount -t nfsd nfsd /proc/fs/nfsd before running exportfs or mountd. It is recommended that all NFS services be protected from the internet-at-large by a firewall where that is possible. mcelog ------ On x86 kernels the mcelog utility is needed to process and log machine check events when CONFIG_X86_MCE is enabled. Machine check events are errors reported by the CPU. Processing them is strongly encouraged. Getting updated software ======================== Kernel compilation ****************** gcc --- o Make ---- o Binutils -------- o System utilities **************** Util-linux ---------- o Ksymoops -------- o Module-Init-Tools ----------------- o Mkinitrd -------- o E2fsprogs --------- o JFSutils -------- o Reiserfsprogs ------------- o Xfsprogs -------- o Pcmciautils ----------- o Pcmcia-cs --------- o Quota-tools ---------- o DocBook Stylesheets ------------------- o XMLTO XSLT Frontend ------------------- o Intel P6 microcode ------------------ o udev ---- o FUSE ---- o mcelog ------ o Networking ********** PPP --- o Isdn4k-utils ------------ o NFS-utils --------- o Iptables -------- o Ip-route2 --------- o OProfile -------- o NFS-Utils --------- o From lukeshu at sbcglobal.net Tue Nov 25 18:03:07 2014 From: lukeshu at sbcglobal.net (Luke Shumaker) Date: Tue, 25 Nov 2014 13:03:07 -0500 Subject: [Dev] parabolagnulinux.org domain has expired Message-ID: <87bnnvrwdg.wl-lukeshu@sbcglobal.net> The parabolagnulinux.org domain registration has expired. -- Happy hacking, ~ Luke Shumaker From emulatorman at riseup.net Wed Nov 26 05:01:36 2014 From: emulatorman at riseup.net (=?windows-1252?Q?Andr=E9_Silva?=) Date: Wed, 26 Nov 2014 03:01:36 -0200 Subject: [Dev] parabola for blind In-Reply-To: References: Message-ID: <54755EB0.2090103@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 11/12/2014 01:48 AM, Ali Abdul Ghani wrote: > hi I am blind i use Screen reader for me, Without Screen reader My > life becomes difficult It gives me the ability to control computer > > I installed http://talkingarch.tk/ > > then I follow these instructions to be parabola > > https://wiki.parabola.nu/Migration > > I wish parabola do a TalkArch derivative install CD themselves ok, i'll include it as task on labs to do it for our distro soon, thanks for let us know about it. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJUdV6pAAoJEOaXR1L5cERWgZcQANTt9tiCL8okd3xOohBqIA5E A71xtnMqsawX1pHc18MSPCAuOqrMIWlseEcphLBrcaSHbe2nYqsquAWwGtVcPnjJ ogHEhaIgPy4/fwPL0OiVCJAXaHrq9f7z6RF6uU5zwLa4vl6BDhSuUhn/tqrE/bcc Qohqnc7JGPoUqjbBwh9gARUwnNXyc1ZLg43l3rQKm1VWCixY9XoC5PaBtTqFwxmp JaNNYa4N+Gll9amm2sPtPJJpWEU+UVoiodMiLRSQTkZj+T+yL54djkoRESvzXPiF rSgXi3C3GwD0KSbPcpcj2CG1O+3I4Lj3f7rinr2mJVf508/oRGvVOvY7pS/SSclA lYQpd9ITRe4b1xYuBsWe8Q0e+6d1K6rCdWso5IMtqWNYSHDKZQ8fdqR7UYuHrAAG FrT7TzYRmrGRS2PMj5y/SsCEiGNpzrH8k8BmKCjE6fHuLhdwsEySykh/nduhuKNm ZxCoi+ltWgN1zSi1ZqghPBUQIiZpLt/bbzgkoNavBtHLlXiowg9z4zD7zLt0kjsb uvimwa/Tto3BmKO8zoXNbfqdEzVQdadB80m0oJHcHHri+u8L6aeh77ZUiC6Aiik5 oav1/9n8FjgSjh6Cvbg9nDmQTUZY/wwPdnxC/fEw89LLdE+GCbORnH3BZXRxiASR 2kg/9TaC1EzUaQEZMRgY =9ouU -----END PGP SIGNATURE----- From emulatorman at riseup.net Wed Nov 26 06:13:26 2014 From: emulatorman at riseup.net (=?windows-1252?Q?Andr=E9_Silva?=) Date: Wed, 26 Nov 2014 04:13:26 -0200 Subject: [Dev] parabola for blind In-Reply-To: <54755EB0.2090103@riseup.net> References: <54755EB0.2090103@riseup.net> Message-ID: <54756F86.9060405@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 11/26/2014 03:01 AM, Andr? Silva wrote: > On 11/12/2014 01:48 AM, Ali Abdul Ghani wrote: >> hi I am blind i use Screen reader for me, Without Screen reader >> My life becomes difficult It gives me the ability to control >> computer > >> I installed http://talkingarch.tk/ > >> then I follow these instructions to be parabola > >> https://wiki.parabola.nu/Migration > >> I wish parabola do a TalkArch derivative install CD themselves > > ok, i'll include it as task on labs to do it for our distro soon, > thanks for let us know about it. The task has been added on labs [0] [0]:https://labs.parabola.nu/issues/604 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJUdW90AAoJEOaXR1L5cERWXHAQAMdK+hAzgqn0gPcl1kEdrNGj qR3tTzOl+Nt3ksTEz7u33ZuZShVRyjrXgn1AnrEaG1nG1qlhtdJ/Om2fcaefeGya 4osiRe4fbGwJCSY+zJX2QUlb5q/Qa/rz++gF7MAelejC/2mTxR6E/nGlpsq8Ojko 7HEzy2yMiw2b16ZGC7QBjW452tOs5kFtIl+Z2Xzfstg7QUfgdwSh2NJwIBGP6jn6 VgkFPqJ37F8THPAkiFrwsl37rj/yD6sRoOWv6TGMkSVg41TKN8V8fgzxVk4NCH01 SBr5awOGOvgheVtpefvCTF5vnDVMfjnENIyHISvaca7q29bIhlrUEP6xQ/svTJjZ ca+ebchsuabd7ZJPddNK9X0ron7T/86EXSt/yuB8L6CkZB/n3XOUAIenhtdhhwKf hgaBUZxau+UQCGjjOA7EeSAd99JSA6++LgnyBUf/0fqwlDSYxCAVFJlsCLp8+/6m ZDGeBN0NzbHquppv+QnPj56gXc2dDxHOw+0U5WnuBapbsY4P+j05nSBWSH4+ymu5 0sF3XORc6AVcc7FJ0DZwRKT8e9cvOZn3Y+8xArQ8FZbYFtG3NGq07rNAToC4kRkJ cHh7oUquHxjCRWjuiQIbs7wi8sR4PBgo6vdaAMr1DIFFgSBrMnnwJTkVgqoIx5qu d+unTiF89Y1HpS7j7BB3 =gU+/ -----END PGP SIGNATURE----- From jorginho at riseup.net Thu Nov 27 11:32:00 2014 From: jorginho at riseup.net (=?windows-1252?Q?Jorge_L=F3pez?=) Date: Thu, 27 Nov 2014 12:32:00 +0100 Subject: [Dev] parabola for blind In-Reply-To: <54756F86.9060405@riseup.net> References: <54755EB0.2090103@riseup.net> <54756F86.9060405@riseup.net> Message-ID: <54770BB0.6020804@riseup.net> On 26/11/14 07:13, Andr? Silva wrote: > On 11/26/2014 03:01 AM, Andr? Silva wrote: > > On 11/12/2014 01:48 AM, Ali Abdul Ghani wrote: > >> hi I am blin > the initiative to help people with disabilities to improve their > quality of life > d i use Screen reader for me, Without Screen reader > >> My life becomes difficult It gives me the ability to control > >> computer > > >> I installed http://talkingarch.tk/ > > >> then I follow these instructions to be parabola > > >> https://wiki.parabola.nu/Migration > > >> I wish parabola do a TalkArch derivative install CD themselves > > > ok, i'll include it as task on labs to do it for our distro soon, > > thanks for let us know about it. > > The task has been added on labs [0] > > [0]:https://labs.parabola.nu/issues/604 > _______________________________________________ > Dev mailing list > Dev at lists.parabola.nu > https://lists.parabola.nu/mailman/listinfo/dev I think that it's goodthe initiative to help people with disabilities to improve their quality of life. Un sa?do, Jorge L?pez -------------- next part -------------- An HTML attachment was scrubbed... URL: From blade.vp2020 at gmail.com Fri Nov 28 00:47:06 2014 From: blade.vp2020 at gmail.com (Ali Abdul Ghani) Date: Thu, 27 Nov 2014 16:47:06 -0800 Subject: [Dev] parabola for blind In-Reply-To: <54770BB0.6020804@riseup.net> References: <54755EB0.2090103@riseup.net> <54756F86.9060405@riseup.net> <54770BB0.6020804@riseup.net> Message-ID: Thank you for this work I think Just grab and install the talkingarch-git package from the AUR. It depends on archiso-git, so you need that as well. See /usr/share/doc/talkingarch/README for full instructions. 2014-11-27 3:32 ??????-08:00, Jorge L?pez : > On 26/11/14 07:13, Andr? Silva wrote: >> On 11/26/2014 03:01 AM, Andr? Silva wrote: >> > On 11/12/2014 01:48 AM, Ali Abdul Ghani wrote: >> >> hi I am blin >> the initiative to help people with disabilities to improve their >> quality of life >> d i use Screen reader for me, Without Screen reader >> >> My life becomes difficult It gives me the ability to control >> >> computer >> >> >> I installed http://talkingarch.tk/ >> >> >> then I follow these instructions to be parabola >> >> >> https://wiki.parabola.nu/Migration >> >> >> I wish parabola do a TalkArch derivative install CD themselves >> >> > ok, i'll include it as task on labs to do it for our distro soon, >> > thanks for let us know about it. >> >> The task has been added on labs [0] >> >> [0]:https://labs.parabola.nu/issues/604 >> _______________________________________________ >> Dev mailing list >> Dev at lists.parabola.nu >> https://lists.parabola.nu/mailman/listinfo/dev > > I think that it's goodthe initiative to help people with disabilities to > improve their quality of life. > > Un sa?do, > Jorge L?pez > > -- Think not of them, thou hast thy music too From lukeshu at sbcglobal.net Fri Nov 28 07:15:40 2014 From: lukeshu at sbcglobal.net (Luke Shumaker) Date: Fri, 28 Nov 2014 02:15:40 -0500 Subject: [Dev] libretools 20141128 release announcement Message-ID: <87egsn7q3n.wl-lukeshu@sbcglobal.net> I just released libretools 20141128. This is a pretty minor release. It is based on a newer version of devtools, which now has patches that I submitted, so I have less to maintain now! (Also, I had the odd experience of merging my own commits :P). Changes from 20141004.1 to 20141128: - librechroot/libremakepkg chroots are no longer 'registered', no machine name - librechroot: prints slightly better status messages - libremakepkg: no longer involves 'nobody' needing to read your files - checkpkg: better soname checking, error handling - updated URLs to parabola.nu -- Happy hacking, ~ Luke Shumaker From blade.vp2020 at gmail.com Fri Nov 28 08:06:57 2014 From: blade.vp2020 at gmail.com (Ali Abdul Ghani) Date: Fri, 28 Nov 2014 00:06:57 -0800 Subject: [Dev] add my Program Message-ID: hi list Is one can add my Program to parabola Repository This source code http://sourceforge.net/projects/rosecry ... secrypt1.2 and This Binary http://sourceforge.net/projects/rosecry ... u%20linux/ From aurelien at hackers.camp Fri Nov 28 08:16:08 2014 From: aurelien at hackers.camp (=?utf-8?Q?Aur=C3=A9lien_DESBRI=C3=88RES?=) Date: Fri, 28 Nov 2014 09:16:08 +0100 Subject: [Dev] add my Program In-Reply-To: (Ali Abdul Ghani's message of "Fri, 28 Nov 2014 00:06:57 -0800") References: Message-ID: <87r3wnivuf.fsf@unicorn.home> Ali Abdul Ghani writes: > hi list > Is one can add my Program to parabola Repository > > This source code > > http://sourceforge.net/projects/rosecry ... secrypt1.2 > > and This Binary > > http://sourceforge.net/projects/rosecry ... u%20linux/ > _______________________________________________ > Dev mailing list > Dev at lists.parabola.nu > https://lists.parabola.nu/mailman/listinfo/dev <#secure method=pgpmime mode=sign> The link seems wrong, could you complet it please? -- Aur?lien DESBRI?RES Run Free - Run GNU.org http://www.hackers.camp From blade.vp2020 at gmail.com Fri Nov 28 08:24:49 2014 From: blade.vp2020 at gmail.com (Ali Abdul Ghani) Date: Fri, 28 Nov 2014 00:24:49 -0800 Subject: [Dev] add my Program In-Reply-To: <87r3wnivuf.fsf@unicorn.home> References: <87r3wnivuf.fsf@unicorn.home> Message-ID: This source code http://sourceforge.net/projects/rosecrypt/files/rosecrypt1.2/ and This Binary http://sourceforge.net/projects/rosecrypt/files/rosecrypt1.2/gnu%20linux/ 2014-11-28 0:16 ??????-08:00, Aur?lien DESBRI?RES : > Ali Abdul Ghani writes: > >> hi list >> Is one can add my Program to parabola Repository >> >> This source code >> >> http://sourceforge.net/projects/rosecry ... secrypt1.2 >> >> and This Binary >> >> http://sourceforge.net/projects/rosecry ... u%20linux/ >> _______________________________________________ >> Dev mailing list >> Dev at lists.parabola.nu >> https://lists.parabola.nu/mailman/listinfo/dev > <#secure method=pgpmime mode=sign> > > The link seems wrong, could you complet it please? > > -- > Aur?lien DESBRI?RES > Run Free - Run GNU.org > http://www.hackers.camp > -- Think not of them, thou hast thy music too From laigualdad at riseup.net Sat Nov 29 01:07:44 2014 From: laigualdad at riseup.net (laigualdad) Date: Sat, 29 Nov 2014 01:07:44 +0000 Subject: [Dev] Cleaning up the repos Message-ID: <8F94CD81-D7D6-48AA-87AA-AD0B93864919@riseup.net> The main repo is repo.parabola.nu, right? I presume that is the one that the others sync with. There is a directory called "latest" which contains the image from last year. :) It looks like potential confusion could be prevented by simply deleting it, since the "2013.09.01" directory is identical. The other repos that are not identical simply seem to have not synced in a while, but I know that's typical in a small distro. In the most recent directory, "2014.10.07", an .sfv (Simple verification) file is provided rather than a checksum file. Scratching my head at this. Before now, I'd never even heard of SFV. A quick search gives me many sources saying that SFV cannot be used to verify a file's authenticity. Even MD5 hashes are better. However, these days, we shouldn't use anything less than SHA-2 hashes (sha256sum, for example), because everything weaker has been broken! I mounted the iso and examined the files in the Oct 2014 image. Underwhelmingly, only md5 checksum files are included. My request is that, for the quickest solution, a sha256sums file be included in the repos as it was in previous images. I need to download the image to start fresh after I fubar'd something in my previous install during migration to Parabola, but I won't feel safe to install again until that happens. (A sha512sum output file in the iso itself would be cool, but it is not an absolute necessity.) That's all, then. Cheers! From mtjm at mtjm.eu Sat Nov 29 07:57:04 2014 From: mtjm at mtjm.eu (=?utf-8?Q?Micha=C5=82_Mas=C5=82owski?=) Date: Sat, 29 Nov 2014 08:57:04 +0100 Subject: [Dev] Cleaning up the repos In-Reply-To: <8F94CD81-D7D6-48AA-87AA-AD0B93864919@riseup.net> (laigualdad@riseup.net's message of "Sat, 29 Nov 2014 01:07:44 +0000") References: <8F94CD81-D7D6-48AA-87AA-AD0B93864919@riseup.net> Message-ID: <87ppc6l9rj.fsf@mtjm.eu> > The main repo is repo.parabola.nu, right? I presume that is the one > that the others sync with. Yes. > There is a directory called "latest" which contains the image from > last year. :) It looks like potential confusion could be prevented by > simply deleting it, since the "2013.09.01" directory is identical. This needs fixing. > The other repos that are not identical simply seem to have not synced > in a while, but I know that's typical in a small distro. Most mirrors are outdated or broken now [0]. I think not all mirrors get all files: some exclude e.g. mips64el, maybe some isos too. [0] https://www.parabola.nu/mirrors/status/ > In the most recent directory, "2014.10.07", an .sfv (Simple > verification) file is provided rather than a checksum file. Scratching > my head at this. Before now, I'd never even heard of SFV. A quick > search gives me many sources saying that SFV cannot be used to verify > a file's authenticity. Even MD5 hashes are better. However, these > days, we shouldn't use anything less than SHA-2 hashes (sha256sum, for > example), because everything weaker has been broken! I think we should remove all checksum files and include a GPG signature using SHA-2. This probably needs fixing our key signing policy. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 818 bytes Desc: not available URL: From themightygravi at inventati.org Sat Nov 29 11:34:31 2014 From: themightygravi at inventati.org (The Mighty Gravi) Date: Sat, 29 Nov 2014 12:34:31 +0100 Subject: [Dev] Cleaning up the repos In-Reply-To: <8F94CD81-D7D6-48AA-87AA-AD0B93864919@riseup.net> (laigualdad@riseup.net's message of "Sat, 29 Nov 2014 01:07:44 +0000") References: <8F94CD81-D7D6-48AA-87AA-AD0B93864919@riseup.net> Message-ID: <8761dy8cl4.fsf@mail.autistici.org> laigualdad writes: > In the most recent directory, "2014.10.07", an .sfv (Simple > verification) file is provided rather than a checksum file. Scratching > my head at this. Before now, I'd never even heard of SFV. A quick > search gives me many sources saying that SFV cannot be used to verify > a file's authenticity. Even MD5 hashes are better. SFV does not provide any authenticity verification, as md5, SHA-1/2 do not either. Its purpose is to provide the fastest integrity verification. Authenticity (and an added checksum embedded layer) resides on the gpg sign (.sig) in the same directory, which may point to some dude, indeed, familiar to me... At this point, ISO is trustful. > My request is that, for the quickest solution, a sha256sums file be > included in the repos as it was in previous images. I need to download > the image to start fresh after If you really find this as an issue, I would suggest you to fill a bug on labs.parabola.nu so we can examine it and add to our list of pending TODOs. One for every different issue, giving as much details you feel are necessary. As older ISOs are not longer maintained and I have no way to verify how they were built or who was the responsible I can do nothing, thus I'm unable to sign them. Expect some changes on new releases from next year on, beginning with the contribution of your suggestions at labs.. From lukeshu at sbcglobal.net Sat Nov 29 18:41:31 2014 From: lukeshu at sbcglobal.net (Luke Shumaker) Date: Sat, 29 Nov 2014 13:41:31 -0500 Subject: [Dev] Cleaning up the repos In-Reply-To: <8F94CD81-D7D6-48AA-87AA-AD0B93864919@riseup.net> References: <8F94CD81-D7D6-48AA-87AA-AD0B93864919@riseup.net> Message-ID: <878uit7stg.wl-lukeshu@sbcglobal.net> At Sat, 29 Nov 2014 01:07:44 +0000, laigualdad wrote: > The main repo is repo.parabola.nu, right? I presume that is the one > that the others sync with. Yes; though some are probably trying to sync with repo.parabolagnulinux.org, which should be the same server, but the domain has expired. > There is a directory called "latest" which contains the image from > last year. :) It looks like potential confusion could be prevented > by simply deleting it, since the "2013.09.01" directory is > identical. If you browse to , you can see that "latest" is a symlink to "2013.09.01". It was never updated to point to "2014.06.01" because nobody was willing to sign the ISO, as it was contributed instead of created by one of the normal developers (he's a normal contributor now, but wasn't at the time). I'm updating it to point to 2014.10.07 now. > The other repos that are not identical simply seem to have not > synced in a while, but I know that's typical in a small distro. > > In the most recent directory, "2014.10.07", an .sfv (Simple > verification) file is provided rather than a checksum > file. Scratching my head at this. Before now, I'd never even heard > of SFV. A quick search gives me many sources saying that SFV cannot > be used to verify a file's authenticity. Even MD5 hashes are > better. However, these days, we shouldn't use anything less than > SHA-2 hashes (sha256sum, for example), because everything weaker has > been broken! The checksums are only a quick check if the file/download was corrupted; authenticity should be verified with the PGP '.sig' file. -- Happy hacking, ~ Luke Shumaker From lukeshu at sbcglobal.net Sat Nov 29 22:19:14 2014 From: lukeshu at sbcglobal.net (Luke Shumaker) Date: Sat, 29 Nov 2014 17:19:14 -0500 Subject: [Dev] Cleaning up the repos In-Reply-To: <058A1CA1-48F4-4D7D-9691-6889EEC137EE@riseup.net> References: <8F94CD81-D7D6-48AA-87AA-AD0B93864919@riseup.net> <878uit7stg.wl-lukeshu@sbcglobal.net> <058A1CA1-48F4-4D7D-9691-6889EEC137EE@riseup.net> Message-ID: <8761dx7iql.wl-lukeshu@sbcglobal.net> At Sat, 29 Nov 2014 21:44:02 +0000, laigualdad wrote: > >I'm updating it to point to 2014.10.07 now. > > OK then, no need for me to add it to the bug tracker. > > I will add a note about the expired domain though. > > And...you were right about the file verification methods being used, > there is no issue. It was just my paranoia getting ahead of rational > thought. > > Thanks! :) You're welcome, and don't forget to Cc: the list! -- Happy hacking, ~ Luke Shumaker > On November 29, 2014 1:41:31 PM EST, Luke Shumaker wrote: > >At Sat, 29 Nov 2014 01:07:44 +0000, > >laigualdad wrote: > >> The main repo is repo.parabola.nu, right? I presume that is the one > >> that the others sync with. > > > >Yes; though some are probably trying to sync with > >repo.parabolagnulinux.org, which should be the same server, but the > >domain has expired. > > > >> There is a directory called "latest" which contains the image from > >> last year. :) It looks like potential confusion could be prevented > >> by simply deleting it, since the "2013.09.01" directory is > >> identical. > > > >If you browse to , you can see that > >"latest" is a symlink to "2013.09.01". > > > >It was never updated to point to "2014.06.01" because nobody was > >willing to sign the ISO, as it was contributed instead of created by > >one of the normal developers (he's a normal contributor now, but > >wasn't at the time). > > > >I'm updating it to point to 2014.10.07 now. > > > >> The other repos that are not identical simply seem to have not > >> synced in a while, but I know that's typical in a small distro. > >> > >> In the most recent directory, "2014.10.07", an .sfv (Simple > >> verification) file is provided rather than a checksum > >> file. Scratching my head at this. Before now, I'd never even heard > >> of SFV. A quick search gives me many sources saying that SFV cannot > >> be used to verify a file's authenticity. Even MD5 hashes are > >> better. However, these days, we shouldn't use anything less than > >> SHA-2 hashes (sha256sum, for example), because everything weaker has > >> been broken! > > > >The checksums are only a quick check if the file/download was > >corrupted; authenticity should be verified with the PGP '.sig' file. > > > >-- > >Happy hacking, > >~ Luke Shumaker > From themightygravi at inventati.org Sun Nov 30 13:34:59 2014 From: themightygravi at inventati.org (The Mighty Gravi) Date: Sun, 30 Nov 2014 14:34:59 +0100 Subject: [Dev] Cleaning up the repos In-Reply-To: <0BF866A3-4807-4FB1-8F81-6B01637D4891@riseup.net> (laigualdad@riseup.net's message of "Sat, 29 Nov 2014 21:23:25 +0000") References: <8F94CD81-D7D6-48AA-87AA-AD0B93864919@riseup.net> <8761dy8cl4.fsf@mail.autistici.org> <0BF866A3-4807-4FB1-8F81-6B01637D4891@riseup.net> Message-ID: <87iohwlsl8.fsf@mail.autistici.org> laigualdad writes: > TL;DR: You're right, and I was just being paranoid, sorry. There are some true reason to be paranoid when it's about browsing the net, using remote calling services and even using the most minimal software that connects to a network, but really not in this situation. > Yes, authenticity was the wrong word... What I meant is an SFV file, > or actually CRC32 checksum, does not protect from intentional > manipulation; it is trivial for CRC32 to be forged.[1] I'm not a > cryptography expert, but my rationale for suggesting more powerful > hashes is that CRC32 and other checksums prior to SHA-2 are vulnerable > to collision attacks. Well, there's no thing called collision attack on file integrity literature, and even if it existed, it would be little useful in order to replace a file with the same checksum. Some consistency and similarities in size and functionality with the original is very remote. Checksum collision, in the other hand is a real concern when we don't know from beginning some parameters that increase the rate of coincidence, for example size, date, type of file (headers) When it's about a file with likely the same size, format, uploaded the same day it is generated and being accompanied by both an SFV (or other) and a trusted GPG signature, possibilities of collision are just 0! Another thing I would add is server is protected by SSH keypair access, so the possibilities goes even more remote. Makes that sense? > After some hours of researching, I think I understand now why a CRC32 > checksum was still chosen as opposed to other hashes, if the aim is > only to detect random errors in transmission. Indeed, CRC32 is the one always prefered for data transmission on transient error-checking communications, such as IP protocol without going any further. > I used the simple mnemonic of, "a hash verifies *what*, while a PGP > sig verifies *who*." I did more research and realized that a PGP > signature actually can serve the same function as a hash in addition > to checking who made it, so a file hash and a signature are redundant. Not only PGP signatures can make and verify checksums, but it's absolutely mandatory for its correct behaviour, be aware that each one has its "signing date" as well, so yup. > In fact, it would be more of a concern to decide how to trust > Parabola's master PGP keys. In the absence of a web of trust, one has > to test the hashes of multiple downloads of the key, as demonstrated > on the website[4] of the TAILS distro, or by comparing fingerprints to > a public key page[5][6]. Hmm... I might add that to the wiki. GPG/PGP signatures already serves for us to build a trust-chain which is propagated through signing others keys on keyservers. This keys don't cover the problem with identities, who one is and why he's able to do this and that. What they do is, having been proved some contributions are made and signed by an user, whoever he is, gets some privilege for future ones. > So, I guess no action needs to be taken... I'll just submit bugs for each of the other issues. :o) As you see, all new ideas are welcome, and we're no reluctant to consider any of them. Hope I made the point!