[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: A few questions from a new DD

On Wed, 29 Feb 2012, Stefano Zacchiroli wrote:

> On Wed, Feb 29, 2012 at 02:01:00PM +0100, olivier sallou wrote:
> > I could fix the problem using the mail gateway, I was just surprised that
> > it does not appear in web interface, and I could not see in Debian wiki
> > that SSH key is mandatory for login.
> Whether it is the case or not (I don't remember either), please note
> that you're now in a perfect position to fix this!

DSA accept patches against welcome-message-800 (for DDs) or
welcome-message-60000 (for guest accounts).

The files can be found attached or in the userdir-ldap git, mirrored
at <URL:http://anonscm.debian.org/gitweb/?p=mirror/userdir-ldap.git>.

                           |  .''`.       ** Debian **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/
From: __WHOAMI__
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Subject: New Debian developer __ENCODED_REALNAME__
Cc: nm@debian.org, debian-admin@debian.org
Reply-To: nm@debian.org
Date: __DATE__
User-Agent: nm-create script run by __WHOAMI__

[ This is a long mail with important information, so please read it all
  carefully. ]

Dear __REALNAME__!

Your account '__LOGIN__' has just been created in the central LDAP
database of the Debian project.  Please note that it needs a bit of time
until this information is synced with all developer-accessible machines.
You should be able to login into debian.org machines after about 30-60
minutes.  If you applied for Debian Developer with uploading rights,
you should be able to upload packages already.

Email sent to <__LOGIN__@debian.org> will be forwarded to <__EMAIL__>,
to change this visit <URL:http://db.debian.org/forward.html>.
The Debian mail setup allows various per-user settings, like enabling
greylisting, sender-verify-callouts and per-user dns blocklists.
Please refer to <URL:http://db.debian.org/doc-mail.html> on how to change
these settings.  Some may also be exposed via the web interface behind

Your password to access db.debian.org can be found encrypted with your
PGP key and appended to this message.  It cannot be used to log into
our machines; see the paragraph on SSH keys below.

You now have access to various project machines, for a list of them take
a look at <URL:http://db.debian.org/machines.cgi>.
Please remember that you accepted the Debian Machine Usage Policy in
your NM process (available at <URL:http://www.debian.org/devel/dmup>).

If you need additional software installed on one of the machines (in the
host system) please contact debian-admin@lists.debian.org, but keep in
mind that not all software is available on all architectures.

On porter machines, the chroot environments can be entered with the
'dchroot' or the 'schroot' command, depending on setup; take a look at
the list of machines to know which are our porterboxes.  For
installation requests in porter chroots please follow the procedure
outlined at <URL:http://dsa.debian.org/doc/install-req/>.

You need to use ssh to log into the machines; telnet and rlogin are
disabled for security reasons.  On debian.org servers the only ssh
authentication method available is publickey.  The LDAP directory is
able to share RSA ssh keys among machines, please see
<URL:http://db.debian.org/doc-mail.html>.  Please be aware of the
security implications of using RSA authentication and ssh agents.  The
SSH fingerprints for all Debian machines can be looked up at
<URL:http://db.debian.org/machines.cgi> or a known_hosts file can be
downloaded from <URL:https://db.debian.org/debian_known_hosts>.

Debian secures some of it's websites using SSL. The SSL certificates
used are signed by the intermediate CA ca.debian.org. ca.debian.org
itself is signed by SPI CA which is part of the Debian package

To give you a quick overview here is a list of the most important
machines from the project you can access.  There is the main archive
server, but shell access to it is restricted for security reasons, so you
can only upload with anonymous FTP - please use the service name
ftp.upload.debian.org as the target for your uploads (so that we can
point that some place else when the archive system is down for
maintenance etc.).  A tool like dput or dupload can aid this

The project main shell server is located at ravel.debian.org.  This
machine is also reachable as people.debian.org.  If you want your own
Debian related site to appear behind
<URL:http://people.debian.org/~__LOGIN__/> then put it at this
machine in the directory ~/public_html/.

The machine hosting most of our VCS repositories
({svn,bzr,git,arch,hg}.debian.org) is alioth.debian.org. It's handled
by a separate team (admin@alioth.debian.org) as it allows login by
non-Debian developers. You probably already have a *-guest account
there.  Please refer to http://wiki.debian.org/AliothFAQ to learn
anything you need to know, including how to activate your account and
how to request the removal of your old -guest account.

There is one developer-only mailing list, debian-private.  You have been
subscribed to this list as <__PRIVATE__>, please respect the privacy of
this list and don't forward mail from it elsewhere.  This subscription, and
a lot of other data like your private information, can be changed at the
web interface available behind <URL:https://db.debian.org/>; just login
with the password information appended to this email.

The information stored here is used to maintain your accounts on various
Debian machines, and also to allow other developers and general users to
find out more about you.  Many of the fields are only visible to other
registered Debian developers.  This is also the only way to change your
password.  The passwd program does not work.

You can refer to http://wiki.debian.org/MigrateToDDAccount to find
additional notes to help you migrate your previous information to your
new account.

Before we go on with other important information let's remember the most
important documents from the NM process.  That you now got your account
doesn't mean to stop reading and checking them whenever you do packaging
or other Debian related work.

  o The Debian Social Contract

  o The Debian Policy Manual

  o The Debian Developer's reference

You can find much more information useful to developers at

Also, please subscribe to the mailing list debian-devel-announce, if you
haven't done so already.  All Debian developers are required to read
this list, as important announcements are made there. Changes to
Debian's infrastructure and maintenance of it are announced to the
debian-infrastructure-announce mailing list.

We strongly suggest that you use your __LOGIN__@debian.org address for
the maintainer field in your packages, because that one will be valid
as long as you are a Debian developer, even if you change jobs, leave
university or change Internet Service providers.  If you do so, please
add that address to your PGP/GPG key(s) (using `gpg --edit-key "YOUR
USER ID"') and send it to the keyring server at keyring.debian.org
with `gpg --keyserver keyring.debian.org --send-keys "YOUR USER ID"'.

We suggest that you subscribe to debian-mentors@lists.debian.org.
This list is for new maintainers who seek help with initial packaging
and other developer-related issues.  Those who prefer one-on-one help
can also post to the list, and an experienced developer may volunteer
to help you.  You can get online help on IRC, too, if you join the
channel #debian-devel or #debian-mentors on irc.debian.org.  Take a look
at the support section on <URL:http://www.debian.org/> in order to find
out more information.

If you have some spare time and want to contribute it to Debian you
may wish to take a look at the "Work-Needing and Prospective Packages",
(WNPP) that can be found at <URL:http://www.debian.org/devel/wnpp/>.

Welcome to the project!

Debian System Administrators on behalf of
The Debian New Maintainer Team

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Subject: Debian Guest Account for __ENCODED_REALNAME__
Cc: debian-admin@lists.debian.org
Reply-To: debian-admin@lists.debian.org
Date: __DATE__
User-Agent: Script run by __WHOAMI__

Dear __REALNAME__!

An account has been created for you on the Debian machine cluster. You can
use this account to help make software run properly on the Debian
distribution. The username for this account is '__LOGIN__'.

See <URL:http://db.debian.org/machines.cgi> for a list of machines that are
available.  The list of which machines you can access is user-dependent.
To find out which machines you have access to try running
    ldapsearch -LLL -b dc=debian,dc=org -x -h db.debian.org \
        uid=__LOGIN__ allowedHost

Requests for Debian software to be installed on the machines (either
in the host system or a chroot environment) should be directed at
debian-admin@lists.debian.org, see the instructions at
http://dsa.debian.org/doc/install-req/ for details.
Please note that not all software is available on all architectures.  The
chroot environments can be entered with the 'dchroot' command.

You should use ssh to log into the machines. See the host details on
db.debian.org for the ssh hostkey fingerprints for the servers you
access.  Our LDAP directory is able to share ssh RSA keys among
machines, please see <URL:http://db.debian.org/doc-mail.html> for
general documentation and for how to add ssh keys to the LDAP. Please be
aware of the security implications of using RSA authentication and ssh

Your password to access db.debian.org can be found encrypted with your
PGP key and appended to this message.  It cannot be used to log into
our machines; see the paragraph on SSH keys above.

After a short while this account will be expired, please contact DSA
if you need it for longer or wish to re-activate your account once
expired. This account is only to be used to help porting/improving free

Please note while technically there might be __LOGIN__@debian.org address
associated with this account we very much expect you to not use it.  Thanks.
Debian Administration


Reply to: