Re: [XBoard-devel] [Fwd: Re: [gnu.org #175455] [Fwd: [Fwd: Project XBoar

xboard-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XBoard-devel] [Fwd: Re: [gnu.org #175455] [Fwd: [Fwd: Project XBoar

From:	Tim Mann
Subject:	Re: [XBoard-devel] [Fwd: Re: [gnu.org #175455] [Fwd: [Fwd: Project XBoard/Winboard alpha/beta directory]]]
Date:	Tue, 2 Mar 2004 23:29:41 -0800

On Sun, 29 Feb 2004 08:53:22 +0100, Daniel Mehrmann <address@hidden> wrote:
> - -------- Original Message --------
> Subject: Re: [gnu.org #175455] [Fwd: [Fwd: Project XBoard/Winboard
> alpha/beta directory]]
> Date: Sun, 29 Feb 2004 02:42:00 -0500
> From: Paul Fisher via RT <address@hidden>
> Reply-To: address@hidden
> To: address@hidden
> 
> "Daniel Mehrmann via RT" <address@hidden> writes:
> 
> | could we have a directory on your ftp-server for upload our test and
> | beta versions of XBoard/Winboard ?
> 
> xboard is already setup for GPG-signed uploads.  You're able to upload
> beta releases for distribution on alpha.gnu.org by sending uploads
> into the incoming/alpha directory of ftp-upload.gnu.org.
> 
> If you would like to add another person to the upload keyring for
> xboard, please send us his public key.

OK, right.  So the procedure and method of getting authorization for
uploading alpha/beta releases to alpha.gnu.org is the same as for
uploading final releases to ftp.gnu.org.  The GNU folks added a lot of
security to this procedure last year in order to make it hard for people
to upload bogus versions of things with trojans in them.  I've attached
a message about how it works.

I trust the other developers on the project and I'm willing to authorize
any of you who need to be able to upload releases.  This is kind of
heavyweight, though, so how about if I do it only for folks who want to
release something for use beyond just the developers ourselves?  If you
want this, send me your ASCII armored GnuPG public key (as discussed in
the attachment) in private mail, and I'll forward it on to the powers
that be.  Please do whatever you can to authenticate to me that it's
really you sending your key and not someone else pretending to be you.  :-)

Since this process is so heavyweight, let's not use it for developers
who just want to upload some work in progress for other developers to
try.  For that, I've just enabled anonymous ftp uploading to
mumblefrotz.org.  This is my home machine behind a cable modem, so from
your point of view, upload bandwidth will be good but download bandwidth
will be poor.  I think you will have to turn passive mode OFF for
transfers to work through my firewall.  Upload to the "upload" directory
and send xboard-devel a message giving the filename.

Hopefully no one will try to abuse my FTP server; if someone does, I
will have to turn it off again or twiddle the security settings to make
it harder to use.

-- 
Tim Mann  address@hidden  http://tim-mann.org/

--- Begin Message --- Subject: IMPORTANT: New automated upload procedures for {ftp,alpha}.gnu.org Date: Tue, 11 Nov 2003 12:01:08 -0500 User-agent: Mutt/1.5.4i

[ Please redirect this message to anyone who works with you as GNU
  Maintainer to help handle upload and releases of GNU software. ]

To All GNU Maintainers:

Paul Fisher, Karl Berry, and a host of others have implemented a new
system to handle uploads of GNU software to ftp.gnu.org in a secure way.

To begin this process, we need each GNU maintainer to send message,
preferably GPG-signed, to <address@hidden> that includes the
following:

  (a) name of package(s) that you are the maintainer for, and your
      preferred email address.

  (b) an ASCII armored copy of your GnuPG key, as an attachment.
      ("gpg --export -a YOUR_KEY_ID > mykey.asc" should give you this.)

  (c) a list of names and (preferred) email addresses of individuals you
      authorize to make releases for which packages (in the case that you
      don't make all releases yourself), if any.

  (d) ASCII armored copies of GnuPG keys for any individuals listed in
      (c).


We will acknowledge your message when we have added the proper GPG keys
as authorized to upload files for their corresponding packages.

Once you have received that acknowledgment, you will be able to do
unattended uploads using the following procedure:

   For each upload destined for ftp.gnu.org or alpha.gnu.org, three files
   (a triplet) need to be uploaded via ftp to the site,
   ftp-upload.gnu.org.

         (1) File to distributed (eg. foo.tar.gz)

         (2) Detached GPG binary signature for (1) (using gpg -b)
            (eg. foo.tar.gz.sig)

         (3) Clearsigned "directive" file (using gpg --clearsign)
             (eg. foo.tar.gz.directive.asc)

   The triplet should be uploaded via anonymous ftp to ftp-upload.gnu.org.
   If the upload is destine for ftp.gnu.org, then the triplet should be
   places in the /incoming/ftp directory.  If the upload is destine for
   alpha.gnu.org, then the triplet should be placed in the /incoming/alpha
   directory.

   Uploads are processed every five minutes.  (BTW, uploads that are in
   progress when the upload processing script is running are handled
   properly, so do not worry about the timing of your upload.)

   The directive file should contain one line (excluding the clearsigned
   data GPG puts in place), which specifies the directory where items (1)
   and (2) shall be placed.

   For example, foo.tar.gz.directive might contain the single line:

           directory: bar/v1

   This directory line indicates that foo.tar.gz and foo.tar.gz.sig are
   part of package "bar".  If you were to upload the three files to
   /incoming/ftp, and the system can positively authenticate the
   signatures, then the files foo.tar.gz and foo.tar.gz.sig will be placed
   in the directory "gnu/bar/v1" off of the "ftp.gnu.org" site.

   The directive file can be used to create currently non-existent
   directory trees, as long as they are under the package directory for
   your package (in the example above, that is "bar").


   Your designated upload email addresses (see (a) and (b) above) shall
   receive an email if there are any problems processing an upload for
   your package.  If you have difficulties processing an upload, please
   write to <address@hidden>.


NOTE: We had previously asked you to write to address@hidden because
of excessive amounts of spam (from SoBig) in our ftp-upload RT queue.  As
of today, that is NO LONGER NECESSARY, as a volunteer (thanks, Paul
Visscher) kindly clear out that spam.  Please resume using the ftp-upload
address for ALL MATTERS related to ftp uploads.


Finally, I want to thank each GNU maintainer for your patience during this
process.  I realize there is still some backlog of uploads and some md5sum
files from pre-August-1 files that are queued for us.  Now that we have
this process in place, we will turn our attention to clearing out that
backlog and hope to complete it soon.


If you have questions about this process, please contact us at
<address@hidden>.  Thanks again for your patience.

--
Bradley M. Kuhn, Executive Director
Free Software Foundation   |  Phone: +1-617-542-5942
59 Temple Place, Suite 330 |  Learn more about FSF and how you can help:
Boston, MA 02111-1307  USA |  http://svcs.affero.net/rm.php?r=bkuhn&p=FSF

pgpE7WMAKd1NE.pgp
Description: PGP signature

_______________________________________________

GNU Maintainers Announcement List address@hidden
http://mail.gnu.org/mailman/listinfo/gnu-prog

--- End Message ---

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [XBoard-devel] [Fwd: Re: [gnu.org #175455] [Fwd: [Fwd: Project XBoard/Winboard alpha/beta directory]]], Tim Mann <=

Prev by Date: Re: [XBoard-devel] Bugfix: [Fwd: [Bug-XBoard] [bugs #6908] Node count stops after about 4.3 billionnodes]
Next by Date: [XBoard-devel] Re: [Fwd: Re: [Bug-XBoard] Re: Winboard]
Previous by thread: Re: [XBoard-devel] Bugfix: [Fwd: [Bug-XBoard] [bugs #6908] Node count stops after about 4.3 billionnodes]
Next by thread: [XBoard-devel] Re: [Fwd: Re: [Bug-XBoard] Re: Winboard]
Index(es):
- Date
- Thread