Mailing List Archive: packages.gentoo.org testing

packages.gentoo.org testing

Sep 21, 2007, 5:04 AM

Post #1 of 4 (2411 views)

Hi guys:

I am sending this E-mail because I am after Tavis (taviso@gentoo.org). I'm
not able to get in touch with him, perhaps he's been busy or something. He
needs to give green-light for packages.gentoo.org to go live again.

gentoo-infra has sent hi, the details of the testing area (they are under
http-auth I believe). I don't have the passwords or anything unfortunately.

If someone else from gentoo-security can do the testing or find out where is
he, that would be great. It would be nice if we can close this bug this
weekend. The bug is assigned to taviso at the moment.

http://bugs.gentoo.org/show_bug.cgi?id=187971

Thanks a lot,

Arturo.
--
gentoo-security@gentoo.org mailing list

Re: packages.gentoo.org testing [ In reply to ]

falco at gentoo

Sep 23, 2007, 3:31 PM

Post #2 of 4 (2299 views)

Permalink

On Fri, 21 Sep 2007, Arturo Garcia wrote:

> Hi guys:
>
> I am sending this E-mail because I am after Tavis (taviso@gentoo.org). I'm
> not able to get in touch with him, perhaps he's been busy or something. He
> needs to give green-light for packages.gentoo.org to go live again.
>
> gentoo-infra has sent hi, the details of the testing area (they are under
> http-auth I believe). I don't have the passwords or anything unfortunately.
>
> If someone else from gentoo-security can do the testing or find out where is
> he, that would be great. It would be nice if we can close this bug this
> weekend. The bug is assigned to taviso at the moment.
>
> http://bugs.gentoo.org/show_bug.cgi?id=187971
>

Hi,

i belong to the security team but i'm not alone. The team can be reached
at security@gentoo.org . I don't know what has been agreed between infra
and Tavis, but if you want a review of the code by the security team, a
good way is to Cc security@. For whatever reason, security@ isn't CC'ed
on the bug you mention.

When we have the appropriate instructions/credentials we will be able to
start working on it.

--
Raphael Marichez aka Falco

Re: packages.gentoo.org testing [ In reply to ]

robbat2 at gentoo

Sep 23, 2007, 4:16 PM

Post #3 of 4 (2296 views)

Permalink

(Please CC me on responses)

On Mon, Sep 24, 2007 at 12:31:34AM +0200, Raphael Marichez wrote:
> > http://bugs.gentoo.org/show_bug.cgi?id=187971
> i belong to the security team but i'm not alone. The team can be reached
> at security@gentoo.org . I don't know what has been agreed between infra
> and Tavis, but if you want a review of the code by the security team, a
> good way is to Cc security@. For whatever reason, security@ isn't CC'ed
> on the bug you mention.
Raphael: solar asked taviso to audit the code, and then left comment #26
of bug #187971, on August 30th, to (seemingly) inform us that taviso had
agreed to do so.

> When we have the appropriate instructions/credentials we will be able to
> start working on it.
Taviso requested a htaccess locked copy of the site up, along with the
location of the code in CVS, both which I provided.

CVS: gentoo/src/packages BRANCH: v1_3
Testsite: http://packagestest.gentoo.org/ (pm in IRC for a login+password).

--
Robin Hugh Johnson
Gentoo Linux Developer & Infra Guy
E-Mail : robbat2@gentoo.org
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85

Re: packages.gentoo.org testing [ In reply to ]

falco at gentoo

Sep 24, 2007, 2:16 AM

Post #4 of 4 (2304 views)

Permalink

On Sun, 23 Sep 2007, Robin H. Johnson wrote:

> (Please CC me on responses)

> Raphael: solar asked taviso to audit the code, and then left comment #26
> of bug #187971, on August 30th, to (seemingly) inform us that taviso had
> agreed to do so.

more that 60 comments of that bug, i obviously haven't read all of them :)

> Taviso requested a htaccess locked copy of the site up,

indeed, it's more efficient by having both the source code and the
running application.

Thanks

--
Raphael Marichez aka Falco