[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-help-public] [gnu.org #209003] Re: Re: [Savannah-hackers] Outd
|
From: |
Daniel Clark via RT |
|
Subject: |
[Savannah-help-public] [gnu.org #209003] Re: Re: [Savannah-hackers] Outdated file location for AUCTeX? |
|
Date: |
Mon, 23 Jun 2008 11:09:05 -0400 |
Here is the history, apologies. An RT ticket is now open to include
history if a message hasn't been touched in 2 months, and much of the
code for that is done. You will get 2 messages, one with just this text,
one with the history.
Please respond if you are still interested in this ticket.
######## Your initial request was:
Hello,
On Fri, Aug 20, 2004 at 10:55:15PM +0200, David Kastrup wrote:
> Hello,
>
> AUCTeX is available at <URL:ftp://www.gnu.org/pub/auctex>. Yet there
> are outdated versions from earlier time accessible at
> <URL:http://ftp.gnu.org/savannah/files/auctex/beta.pkg/>. It happens
> that people actually mirror those outdated directories.
>
> What would be a proper procedure to let those directories also point
> at the normal download area of AUCTeX?
>
> Thanks,
Sorry for the delay.
http://ftp.gnu.org/savannah/files/ contains files that were available
before the crack, and may be compromised. I think they were moved
there in case a project administrator needed them, before we delete
them definitely.
I think it is a good time to do so right now.
People at ftp.gnu.org (in Cc) should be able to make a symlink to the
official location then, but I think it would be cleaner if we could
remove the outdated directory definitively.
What do you all think?
--
Sylvain
######## Additional activity:
Subject: Re: [Savannah-hackers] Outdated file location for AUCTeX?
From: James Blair
Time: Mon Aug 30 18:25:23 2004
> address@hidden - Tue Aug 24 04:51:12 2004]:
>
> Hello,
>
> http://ftp.gnu.org/savannah/files/ contains files that were available
> before the crack, and may be compromised. I think they were moved
> there in case a project administrator needed them, before we delete
> them definitely.
>
> I think it is a good time to do so right now.
>
> People at ftp.gnu.org (in Cc) should be able to make a symlink to the
> official location then, but I think it would be cleaner if we could
> remove the outdated directory definitively.
>
> What do you all think?
Sorry for the delay, I wanted to have a conversation with Bradley Kuhn
about this before I responded.
It is disturbing that this directory is being mirrored. The last thing
we want to do is distribute possibly compromised code. We should indeed
pull it ASAP. How about this proposal:
1) Move contents of ftp.gnu.org/savannah out of the way
2) Make them available to people by email request
3) Replace with a README that explains:
a) about the compromise
b) what resources are available to developers that would like to
audit their code
c) whom to contact by email to get those resources
d) whom to contact by email to report results of an audit
4) Possibly include a list of packages and their audit status?
I don't think we've received an audit report in a very long time, so I
don't expect that we'll actually get many (if any) requests. Would
savannah-hackers be interested in storing these resources on the
Savannah server (in a non-public-accessible location) and being the
point of contact for requests?
-Jim
--------------------------
Subject: Re: [gnu.org #209003] Re: [Savannah-hackers] Outdated file location
for AUCTeX?
From: Sylvain Beucler
Time: Tue Aug 31 15:42:31 2004
On Mon, Aug 30, 2004 at 06:25:23PM -0400, James Blair via RT wrote:
> Sorry for the delay, I wanted to have a conversation with Bradley Kuhn
> about this before I responded.
>
> It is disturbing that this directory is being mirrored. The last thing
> we want to do is distribute possibly compromised code. We should indeed
> pull it ASAP. How about this proposal:
>
> 1) Move contents of ftp.gnu.org/savannah out of the way
> 2) Make them available to people by email request
> 3) Replace with a README that explains:
> a) about the compromise
> b) what resources are available to developers that would like to
> audit their code
> c) whom to contact by email to get those resources
> d) whom to contact by email to report results of an audit
> 4) Possibly include a list of packages and their audit status?
>
> I don't think we've received an audit report in a very long time, so I
> don't expect that we'll actually get many (if any) requests. Would
> savannah-hackers be interested in storing these resources on the
> Savannah server (in a non-public-accessible location) and being the
> point of contact for requests?
The Savannah hackers agree to take this in charge :)
--
Sylvain
--------------------------
Subject: Re: [gnu.org #209003] Re: [Savannah-hackers] Outdated file location
for AUCTeX?
From: Sylvain Beucler
Time: Tue Aug 31 15:48:13 2004
Also, *please* keep people in Cc when you use RT. I almost always have
to manually forward messages sent by RT to the mailing-list that was
in Cc of the original request (be the sender be you, licensing, or
others). Above all, the Savannah hackers cannot be kept in sync if
they are not all notified of issues through savannah-hackers (or
sv-root for security issues), so this can be quite inconvenient.
Thanks,
--
Sylvain
On Mon, Aug 30, 2004 at 06:25:23PM -0400, James Blair via RT wrote:
> > address@hidden - Tue Aug 24 04:51:12 2004]:
> >
> > Hello,
> >
> > http://ftp.gnu.org/savannah/files/ contains files that were available
> > before the crack, and may be compromised. I think they were moved
> > there in case a project administrator needed them, before we delete
> > them definitely.
> >
> > I think it is a good time to do so right now.
> >
> > People at ftp.gnu.org (in Cc) should be able to make a symlink to the
> > official location then, but I think it would be cleaner if we could
> > remove the outdated directory definitively.
> >
> > What do you all think?
>
> Sorry for the delay, I wanted to have a conversation with Bradley Kuhn
> about this before I responded.
>
> It is disturbing that this directory is being mirrored. The last thing
> we want to do is distribute possibly compromised code. We should indeed
> pull it ASAP. How about this proposal:
>
> 1) Move contents of ftp.gnu.org/savannah out of the way
> 2) Make them available to people by email request
> 3) Replace with a README that explains:
> a) about the compromise
> b) what resources are available to developers that would like to
> audit their code
> c) whom to contact by email to get those resources
> d) whom to contact by email to report results of an audit
> 4) Possibly include a list of packages and their audit status?
>
> I don't think we've received an audit report in a very long time, so I
> don't expect that we'll actually get many (if any) requests. Would
> savannah-hackers be interested in storing these resources on the
> Savannah server (in a non-public-accessible location) and being the
> point of contact for requests?
>
> -Jim
>
--
Sylvain
--------------------------
Subject: Re: [Savannah-hackers] Outdated file location for AUCTeX?
From: James Blair
Time: Wed Sep 01 12:27:13 2004
> address@hidden - Tue Aug 31 15:48:13 2004]:
>
> Also, *please* keep people in Cc when you use RT. I almost always have
> to manually forward messages sent by RT to the mailing-list that was
> in Cc of the original request (be the sender be you, licensing, or
> others). Above all, the Savannah hackers cannot be kept in sync if
> they are not all notified of issues through savannah-hackers (or
> sv-root for security issues), so this can be quite inconvenient.
But I did:
http://lists.gnu.org/archive/html/savannah-hackers/2004-08/msg00835.html
I think RT sent out a separate email (BCC style) even though I told it
to CC. I'm trying a different approach with this response, we'll see
where that gets us.
Your plea is taken in good spirit though. Since RT does not
automatically add CCs (even on incoming tickets) it's something we could
easily (and probably do) forget to do. Despite RT, I will continue to
include CCs.
And as for the subject of this thread: thanks for accepting, and I'll
move the stuff over soon, after I consult with bkuhn on the public notice.
--------------------------
Subject: Re: [gnu.org #209003] Re: [Savannah-hackers] Outdated file location
for AUCTeX?
From: Sylvain Beucler
Time: Wed Sep 01 15:16:51 2004
On Wed, Sep 01, 2004 at 12:27:13PM -0400, James Blair via RT wrote:
> > Also, *please* keep people in Cc when you use RT.
[...]
>
> But I did:
Sorry, I complained just when savannah-hackers was in Cc :/
> I think RT sent out a separate email (BCC style) even though I told it
> to CC. I'm trying a different approach with this response, we'll see
> where that gets us.
This approach seems better; we receive the Cc list, and it also permits Mailman
to filter duplicates.
> Your plea is taken in good spirit though. Since RT does not
> automatically add CCs (even on incoming tickets) it's something we could
> easily (and probably do) forget to do. Despite RT, I will continue to
> include CCs.
Thanks :)
> And as for the subject of this thread: thanks for accepting, and I'll
> move the stuff over soon, after I consult with bkuhn on the public notice.
Good.
--
Sylvain
--------------------------
Subject: Reassignment of Justin Baugh's RT tickets
From: Daniel Clark
Time: Wed Jun 18 15:37:51 2008
Hi, my name is Danny Clark. I'm a new Sys Admin with the FSF, taking
over Justin Baugh's position, although we will not be handling the exact
same sets of issues.
You are getting this message because I am closing all of Justin's New,
Open, and Stalled RT tickets, and reassigning them to myself.
If you no longer have this issue, then you need do nothing.
If you are still having the issue described in the ticket, please reply
with the current status and urgency of your need and anything that has
changed since you made the request, and the ticket will automatically be
reopened.
At that point I will look into it it or make sure it gets assigned to
the right person on the Sys Admin team. Please understand that due to
other duties and the large amount I have to learn about the FSF
computing environment, this process may be slower than either of us
would prefer.
Cheers,
-Danny
--------------------------
Subject: Re: [gnu.org #209003] Reassignment of Justin Baugh's RT tickets
From: Sylvain Beucler
Time: Wed Jun 18 15:52:24 2008
Hi Danny, and welcome :)
The following is what RT sent. There is no information about what the
issue was about, so I can't give any status.
Perhaps you can make RT resend them?
--
Sylvain
On Wed, Jun 18, 2008 at 03:37:52PM -0400, Daniel Clark via RT wrote:
> Hi, my name is Danny Clark. I'm a new Sys Admin with the FSF, taking
> over Justin Baugh's position, although we will not be handling the exact
> same sets of issues.
>
> You are getting this message because I am closing all of Justin's New,
> Open, and Stalled RT tickets, and reassigning them to myself.
>
> If you no longer have this issue, then you need do nothing.
>
> If you are still having the issue described in the ticket, please reply
> with the current status and urgency of your need and anything that has
> changed since you made the request, and the ticket will automatically be
> reopened.
>
> At that point I will look into it it or make sure it gets assigned to
> the right person on the Sys Admin team. Please understand that due to
> other duties and the large amount I have to learn about the FSF
> computing environment, this process may be slower than either of us
> would prefer.
>
> Cheers,
> -Danny
--------------------------
Subject: Re: [Savannah-hackers] Outdated file location for AUCTeX?
From: Daniel Clark
Time: Mon Jun 23 11:09:04 2008
Here is the history, apologies. An RT ticket is now open to include
history if a message hasn't been touched in 2 months, and much of the
code for that is done. You will get 2 messages, one with just this text,
one with the history.
Please respond if you are still interested in this ticket.
--------------------------
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Savannah-help-public] [gnu.org #209003] Re: Re: [Savannah-hackers] Outdated file location for AUCTeX?,
Daniel Clark via RT <=