Re: Misc development news (#8)

[Peter Palfrader <weasel@debian.org>]

[d-a@ldo dropped]

On Sat, 31 May 2008, Steve Langasek wrote:

> I think this is a great example of why announcements like this should be
> sent to debian-devel-announce in the first place, instead of being relegated
> to the debian-infrastructure-announce list that most developers aren't
> subscribed to.

> - d-d-a is the list that all developers are supposed to be subscribed to,
>   which means that's the list where announcements of general interest
>   *should* go.

It's not development related tho.  And most people really don't need to
know it.  I suppose etc/motd will eventually be updated to point to it
also.

>                                     This is information that does need to go
> to /all/ developers, not just to the infrastructure-announce list

Well, you can't please all of them.  Frankly, I think most of the posts
to d-d-a have no place on that list in the first place.  If it's the
list DD are required to subscribe to we should try to also send stuff
there that they *read*.  I hardly read all of the posts sent there.

What's the number of affected DDs here?  10?  20?

I think dia was the appropriate for that mail.  The pointer in buxy's
mail was also fine, tho I wouldn't have placed it quite as prominently.

>   The use of ~user/.ssh/authorized_keys files has been disabled since
>   DSA1571 was announced.  While our initial plan was to allow them
>   again eventually some bad experience with DDs' key handling has
>   led us to reconsider that intent.
> 
> ... that means?  What bad key handling was seen that warrants such a policy
> change?

People submitting known bad keys to ldap and stuffing those in their
authorized_keys files also.  What else did you think it meant?

-- 
weasel