Alternative plan for DDP - Debian

This is a discussion on Alternative plan for DDP - Debian ; On Fri, Feb 06, 2004 at 11:30:04PM +0100, Francesco Paolo Lovergine wrote: > On Fri, Feb 06, 2004 at 10:58:03PM +0100, Osamu Aoki wrote: > > > Proposal: > > > > > > A nice script could be written ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 24 of 24

Thread: Alternative plan for DDP

  1. Re: Alternative plan for DDP

    On Fri, Feb 06, 2004 at 11:30:04PM +0100, Francesco Paolo Lovergine wrote:
    > On Fri, Feb 06, 2004 at 10:58:03PM +0100, Osamu Aoki wrote:
    > > > Proposal:
    > > >
    > > > A nice script could be written to checksum scripts and create a
    > > > signable list of trustable scripts on alioth.

    > >
    > > I thought about this route. But where and what permission to use to
    > > store them. And where you keep these scripts. If these script are to
    > > be kept in the CVS archive, this should be a group/project with
    > > fewer member.
    > >

    >
    > Ownership of the list is not essential.


    True.

    > Proper signing is a requirement to consider the list trustable. And
    > the two scripts will be subject to changes rarely.


    Yes.

    > > > Then, another script on gluck could import only files in that list
    > > > after proper checking. One of the PMs could so sign the list when all
    > > > its files had been checked. This could ensure that only coherent and
    > > > trustable scripts are used on gluck, and could avoid error-prone
    > > > human-based copies.

    > >
    > > If you can make simple and clean script to all these without any
    > > compication, that will be nice. But until then, 2 CVSROOT is the only
    > > simple and sure solution. I am open for this fancy scheme if I see the
    > > working solution.
    > >

    >
    > I'll see what I can do about that.


    When you make one, please make signiture per each document tree. So
    proofreading of script are done by each responsible.

    For example, following sections should be able to be signed by the
    different DDs.

    * release-notes
    * dselect-beginner
    * intro-i18n
    * project-history
    * debian-euro-support



    --
    To UNSUBSCRIBE, email to debian-doc-request@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  2. cvs_acls script?? Is this usable?

    Hi,

    On Sat, Feb 07, 2004 at 12:03:52AM +0100, Osamu Aoki wrote:
    > On Fri, Feb 06, 2004 at 11:30:04PM +0100, Francesco Paolo Lovergine wrote:
    > > On Fri, Feb 06, 2004 at 10:58:03PM +0100, Osamu Aoki wrote:
    > > > > Proposal:
    > > > >
    > > > > A nice script could be written to checksum scripts and create a
    > > > > signable list of trustable scripts on alioth.
    > > >
    > > > I thought about this route. But where and what permission to use to
    > > > store them. And where you keep these scripts. If these script are to
    > > > be kept in the CVS archive, this should be a group/project with
    > > > fewer member.
    > > >

    > >
    > > Ownership of the list is not essential.

    >
    > True.
    >
    > > Proper signing is a requirement to consider the list trustable. And
    > > the two scripts will be subject to changes rarely.

    >
    > Yes.
    >
    > > > > Then, another script on gluck could import only files in that list
    > > > > after proper checking. One of the PMs could so sign the list when all
    > > > > its files had been checked. This could ensure that only coherent and
    > > > > trustable scripts are used on gluck, and could avoid error-prone
    > > > > human-based copies.
    > > >
    > > > If you can make simple and clean script to all these without any
    > > > compication, that will be nice. But until then, 2 CVSROOT is the only
    > > > simple and sure solution. I am open for this fancy scheme if I see the
    > > > working solution.
    > > >

    > >
    > > I'll see what I can do about that.

    >
    > When you make one, please make signiture per each document tree. So
    > proofreading of script are done by each responsible.
    >
    > For example, following sections should be able to be signed by the
    > different DDs.
    >
    > * release-notes
    > * dselect-beginner
    > * intro-i18n
    > * project-history
    > * debian-euro-support


    By the way, does anyone used script cvs_acls explaned below.

    https://sourceforge.net/docman/displ...=1#docscvsacls

    This seems ready made script used in SF.NET CVS.

    This allow much more control.

    I see many CVS uses it by googling...


    --
    To UNSUBSCRIBE, email to debian-doc-request@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  3. Re: cvs_acls script?? Is this usable?

    On Sat, Feb 07, 2004 at 01:27:13AM +0100, Osamu Aoki wrote:
    > By the way, does anyone used script cvs_acls explained below.
    >
    > https://sourceforge.net/docman/displ...=1#docscvsacls
    >


    I am not very familiar with CVS but this looks interesting.

    I did some research on cvs_acls. It is found in contrib of cvs package
    /usr/share/doc/cvs/contrib/cvs_acls.gz. This looks like nice script to
    control the write access to the CVS archive.

    We can set access control to files using perl regrex expression, if I
    understood it right. For example we can easily set policy such as the
    guest users '.*-guest$' will not be allowed to commit any files matching
    '.*\/Makefies$', '.*\/makefies$', '.*\/GNUmakefile$', and '.*\/bin\/.*'
    just for HEAD branch with 4 line entries to the CVSROOT/avail file.[*1]

    This will make it very easy for me since most of fancy build scripts in
    debian-reference have been written by the non-DD "jens-guest".

    So by limiting only HEAD branch, it will be quite easy to communicate
    with him over cvs for the details of script while HEAD can only hold
    proofed scripts.

    Osamu

    [*1] This may not be enough to prevent the script attack for some
    sources.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)

    iD8DBQFAJe2x6A/EwagGHzIRAhpHAJwPm/Ylk7ekaJTKAasQSVPUJIjjQgCdFK7z
    kY2SXrGJwByJj2vM5p8I7kw=
    =tnHF
    -----END PGP SIGNATURE-----


  4. Re: maint-guide et other lost children

    Osamu Aoki writes:

    > On Thu, Feb 05, 2004 at 05:18:29PM -0500, Adam Di Carlo wrote:
    >> Can you explain why you don't consider developers-reference active?
    >>
    >> If it's lack of commits that seems rather hypocritical since I'm not
    >> even capable of doing them right now!

    >
    > I thought they are maintained here as the official upstream. Even if it
    > is not updated due to resource limitation, I think this source tree is
    > active as long as this is the upstream of key document.
    >
    > Dead tree is tree with nothing significant. Some tree has build-able
    > SGML files with no real content. I call them dead.
    >
    > Or am I wrong for assessing the situation?


    Completely wrong. DDP CVS *is* the upstream version. That's why I'm
    so screwed right now, since I don't have any way to update the package
    or even work on it with the benefit of CVS.

    How did you reach the conclusion it's a dead tree?

    --
    ......Adam Di Carlo....adam@debian.org.....


    --
    To UNSUBSCRIBE, email to debian-doc-request@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2