Loïc Minier
2007-Jan-22 16:45 UTC
[Secure-testing-team] Using a common repository for "embedded code copies" data
Hi there, I noticed that there are two sources for the "embedded code copies" data: - in the Debian Wiki: <http://wiki.debian.org/EmbeddedCodeCopies> - in the secure testing SVN: <http://svn.debian.org/wsvn/secure-testing/data/embedded-code-copies?op=file> Would it be possible for everybody to use the same repository? If it ends up being the SVN, could you please add Martin Pitt (mpitt on Alioth) and Kees Cook (I don''t whether he has an Alioth login) who updated the wiki.d.o page regularly and often prepare Ubuntu security uploads? (PS: please Cc: me on replies, I''m not subscribed) Thanks, -- Lo?c Minier <lool@dooz.org>
Kees Cook
2007-Jan-22 18:00 UTC
[Secure-testing-team] Re: Using a common repository for "embedded code copies" data
Hi Lo?c, On Mon, Jan 22, 2007 at 04:45:40PM +0100, Lo?c Minier wrote:> I noticed that there are two sources for the "embedded code copies" > data: > - in the Debian Wiki: > <http://wiki.debian.org/EmbeddedCodeCopies> > - in the secure testing SVN: > <http://svn.debian.org/wsvn/secure-testing/data/embedded-code-copies?op=file> > > Would it be possible for everybody to use the same repository? > > If it ends up being the SVN, could you please add Martin Pitt (mpitt on > Alioth) and Kees Cook (I don''t whether he has an Alioth login) who > updated the wiki.d.o page regularly and often prepare Ubuntu security > uploads?Ah! I didn''t even know about the SVN tree. My Alioth login is "keescook-guest", though I''d love to get a better one without the -guest part. :) I''m happy to use either repo. Does anyone have any suggestions on which is "better" or more complete? Thanks, -- Kees Cook @outflux.net
Stefan Fritsch
2007-Jan-22 18:49 UTC
[Secure-testing-team] Re: Using a common repository for "embedded code copies" data
Hi, On Monday 22 January 2007 17:43, Kees Cook wrote:> On Mon, Jan 22, 2007 at 04:45:40PM +0100, Lo?c Minier wrote: > > I noticed that there are two sources for the "embedded code > > copies" data: > > - in the Debian Wiki: > > <http://wiki.debian.org/EmbeddedCodeCopies> > > - in the secure testing SVN: > > > > <http://svn.debian.org/wsvn/secure-testing/data/embedded-code-cop > >ies?op=file> > > > > Would it be possible for everybody to use the same repository? > > > > If it ends up being the SVN, could you please add Martin Pitt > > (mpitt on Alioth) and Kees Cook (I don''t whether he has an Alioth > > login) who updated the wiki.d.o page regularly and often prepare > > Ubuntu security uploads? > > Ah! I didn''t even know about the SVN tree.And I didn''t know the wiki page. It seems to have started as a copy from the SVN list in 2006/01. I have updated the SVN list with the changes from the wiki. I somewhat prefer the SVN list (easier to change (for me ;) ), changes appear on d-t-s-commits, grepable), but wouldn''t mind the wiki either. More opinions? Cheers, Stefan
Loïc Minier
2007-Jan-22 19:05 UTC
[Secure-testing-team] Re: Using a common repository for "embedded code copies" data
On Mon, Jan 22, 2007, Moritz Muehlenhoff wrote:> We should use the SVN repo; the Wiki started from a a version of the SVN > tree anyway. Maybe we can auto-generate a HTML version from the SVN contents.Ok, I''ve deleted the Wiki page. I see you''re an admin for the alioth project, could you add mpitt and keescook-guest to the alioth group so that they get commit access? Thanks! -- Lo?c Minier <lool@dooz.org>
Moritz Muehlenhoff
2007-Jan-22 19:41 UTC
[Secure-testing-team] Re: Using a common repository for "embedded code copies" data
Kees Cook wrote:> On Mon, Jan 22, 2007 at 04:45:40PM +0100, Lo?c Minier wrote: > > I noticed that there are two sources for the "embedded code copies" > > data: > > - in the Debian Wiki: > > <http://wiki.debian.org/EmbeddedCodeCopies> > > - in the secure testing SVN: > > <http://svn.debian.org/wsvn/secure-testing/data/embedded-code-copies?op=file> > > > > Would it be possible for everybody to use the same repository? > > > > If it ends up being the SVN, could you please add Martin Pitt (mpitt on > > Alioth) and Kees Cook (I don''t whether he has an Alioth login) who > > updated the wiki.d.o page regularly and often prepare Ubuntu security > > uploads? > > Ah! I didn''t even know about the SVN tree. > > My Alioth login is "keescook-guest", though I''d love to get a better one > without the -guest part. :) > > I''m happy to use either repo. Does anyone have any suggestions on which > is "better" or more complete?We should use the SVN repo; the Wiki started from a a version of the SVN tree anyway. Maybe we can auto-generate a HTML version from the SVN contents. Cheers, Moritz
Neil McGovern
2007-Jan-24 21:55 UTC
[Secure-testing-team] Re: Using a common repository for "embedded code copies" data
On Mon, Jan 22, 2007 at 07:05:37PM +0100, Lo?c Minier wrote:> On Mon, Jan 22, 2007, Moritz Muehlenhoff wrote: > > We should use the SVN repo; the Wiki started from a a version of the SVN > > tree anyway. Maybe we can auto-generate a HTML version from the SVN contents. > > Ok, I''ve deleted the Wiki page. I see you''re an admin for the alioth > project, could you add mpitt and keescook-guest to the alioth group so > that they get commit access? >Both added. However, please, please read doc/narrative_introduction before editing any other files, as it could break the tracker horribly if there''s a syntax error :) Cheers, Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070124/c461145c/attachment.pgp
Florian Weimer
2007-Jan-25 15:47 UTC
[Secure-testing-team] Re: Using a common repository for "embedded code copies" data
* Neil McGovern:> However, please, please read doc/narrative_introduction before editing > any other files, as it could break the tracker horribly if there''s a > syntax error :)Running "make check" before commit might prevent that. The underlying Python script should have few external dependencies (python-apt seems to be required these days, though).
Micah Anderson
2007-Jan-26 09:39 UTC
[Secure-testing-team] Re: Using a common repository for "embedded code copies" data
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Florian Weimer wrote:> * Neil McGovern: > >> However, please, please read doc/narrative_introduction before editing >> any other files, as it could break the tracker horribly if there''s a >> syntax error :)Thats not really a concern if they are only editing the embedded-code-copies, as this is not processed. But if they are going to venture into helping with the tracking (I hope they do!), then definitely reading this document is a necessary prerequisite. micah -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFubq89n4qXRzy1ioRAsamAJ9D7xEluippu44g9zXvinriLjJDZwCfei0C ciLettXTC3ZdsuQ6s693plA=Vfy+ -----END PGP SIGNATURE-----
Kees Cook
2007-Jan-26 18:42 UTC
[Secure-testing-team] Re: Using a common repository for "embedded code copies" data
On Fri, Jan 26, 2007 at 01:24:29AM -0700, Micah Anderson wrote:> Thats not really a concern if they are only editing the > embedded-code-copies, as this is not processed. But if they are going to > venture into helping with the tracking (I hope they do!), then > definitely reading this document is a necessary prerequisite.I certainly hope to help out with the tracking. I''ll likely just watch for a while first. :) -- Kees Cook @outflux.net