FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux General Discussion

 
 
LinkBack Thread Tools
 
Old 07-02-2012, 11:16 PM
Karol Babioch
 
Default /etc/os-release: Suggestions for improvements

Hi,

I've just recently learned about the relatively new file
"/etc/os-release" and have to say that I quite like it. The previous
situation was a mess at best, so this is a great way for unifying.
systemd is really great in that regard. To my great astonishment it was
already included into Arch about a month ago, see [1].

After looking at the file I have questions about some parameters. I know
this might seem to be very petty-minded, but somehow its important to
me. Maybe I'm just too perfectionistic about this.

First of all I'm wondering why HOME_URL is set to the plain HTTP version
of archlinux.org, whereas the other two links are set to the secure
HTTPS version. This doesn't seem to be consequent. The example shows
that Fedora is using the HTTPS version for both the HOME_URL as well as
the BUG_REPORT_URL.

After reading the appropriate man page (see [2]), I think the parameter
SUPPORT_URL is not appropriate. It is set to
"https://bbs.archlinux.org/". Personally I have some sort of a problem
with the fact that only the forums get mentioned as a source for
support. Personally I don't use the forums very often, but do make use
of the mailing lists and the *really* great wiki much more heavily.
Furthermore there are the various IRC channels, which probably are used
by some of you.

Unfortunately there doesn't seem to be some sort of a landing page,
summarizing all the different ways you can ask/look for help, e.g.
something like "https://www.archlinux.org/support/". Probably this would
be the best solution. It looks like Fedora isn't mentioning a support
URL at all, so maybe this would also be an option for us also?

Furthermore I'm wondering whether we should look into the Common
Platform Enumeration (CPE) specification (see [3]) in order to apply for
an entry. From what I can tell it doesn't cost anything, but you have to
contact the NVD CPE team, see [4]. Obviously this should be done by
someone officially connected to Arch Linux.

I don't want to leave behind any wrong impressions. I really appreciate
how fast Arch Linux is following along with the proposals from upstream,
but I do think we could be more consequent in this case.

I couldn't find any sort of discussions about this, so before submitting
any "patches" and/or reporting "bugs", I would like to ask you what you
think about all of this?

Best regards,
Karol Babioch

[1]
https://projects.archlinux.org/svntogit/packages.git/commit/trunk/os-release?h=packages/filesystem&id=91796a8c7e996bca5f55caee499075beefde cf99
[2] http://www.freedesktop.org/software/systemd/man/os-release.html
[3] http://cpe.mitre.org/specification/
[4] http://nvd.nist.gov/cpe.cfm
 
Old 07-03-2012, 08:28 AM
Thomas Bächler
 
Default /etc/os-release: Suggestions for improvements

Am 03.07.2012 01:16, schrieb Karol Babioch:
> First of all I'm wondering why HOME_URL is set to the plain HTTP version
> of archlinux.org, whereas the other two links are set to the secure
> HTTPS version. This doesn't seem to be consequent. The example shows
> that Fedora is using the HTTPS version for both the HOME_URL as well as
> the BUG_REPORT_URL.

The bbs and bug tracker are https-only. If you would go to the http
link, you would be redirected to https. A user cannot login on the main
website or send any sensitive information to it, so there is no need to
force it to https.

> After reading the appropriate man page (see [2]), I think the parameter
> SUPPORT_URL is not appropriate. It is set to
> "https://bbs.archlinux.org/". Personally I have some sort of a problem
> with the fact that only the forums get mentioned as a source for
> support.

Arch Linux is a community-supported OS, and the bbs is appropriate as a
support URL.

> Personally I don't use the forums very often, but do make use
> of the mailing lists and the *really* great wiki much more heavily.
> Furthermore there are the various IRC channels, which probably are used
> by some of you.
>
> Unfortunately there doesn't seem to be some sort of a landing page,
> summarizing all the different ways you can ask/look for help, e.g.
> something like "https://www.archlinux.org/support/". Probably this would
> be the best solution.

Not a bad idea at all. As always, you can send a patch against
https://projects.archlinux.org/archweb.git/ to include that landing page
or submit a bug to the "Web Sites" category via
https://bugs.archlinux.org/newtask/proj1.
 
Old 07-03-2012, 09:29 AM
Mateusz Loskot
 
Default /etc/os-release: Suggestions for improvements

On 3 July 2012 09:28, Thomas Bächler <thomas@archlinux.org> wrote:
> Am 03.07.2012 01:16, schrieb Karol Babioch:
>> After reading the appropriate man page (see [2]), I think the parameter
>> SUPPORT_URL is not appropriate. It is set to
>> "https://bbs.archlinux.org/". Personally I have some sort of a problem
>> with the fact that only the forums get mentioned as a source for
>> support.
>
> Arch Linux is a community-supported OS, and the bbs is appropriate as a
> support URL.

Arch Linux is a community-supported OS, and the mailing lists server is
appropriate as a support URL.

https://mailman.archlinux.org/mailman/listinfo/

Best regards,
--
Mateusz Loskot, http://mateusz.loskot.net
 
Old 07-03-2012, 10:51 AM
Karol Babioch
 
Default /etc/os-release: Suggestions for improvements

Hi,

Am 03.07.2012 10:28, schrieb Thomas Bächler:
> The bbs and bug tracker are https-only. If you would go to the http
> link, you would be redirected to https. A user cannot login on the main
> website or send any sensitive information to it, so there is no need to
> force it to https.

Personally, I'm a big fan of HTTPS, even for seemingly uncritical
things. Remember: HTTPS not only makes sure the channel is encrypted,
but a key point of the whole PKI infrastructure is to make sure it is
the right person/site/party to whom you are talking to. Otherwise you
wouldn't need a certificate signed by a known CA. Furthermore it is
always conceivable that some man-in-the-middle replaces the download
links (along with the hashes) and/or something like that. As you've got
a valid certificate obviously, I don't see a reason why not make use of it.

Taking Fedora as an example they have their HOME_URL set to the HTTPS
version here. When you got HTTPS Everywhere [1] installed, you only get
to see the HTTPS version of fedoraproject.org. For Arch Linux, although
part of the database of HTTPS Everywhere, this isn't the case. I can't
see any disadvantage to propose the use of HTTPS strongly, especially
because you've already got valid certificates.

> Arch Linux is a community-supported OS, and the bbs is appropriate as a
> support URL.

By now means I wanted to depreciate the forums. I just wanted to make
the point that there are more ways to ask for help and that we should
advertise them also.

> Not a bad idea at all. As always, you can send a patch against
> https://projects.archlinux.org/archweb.git/ to include that landing page
> or submit a bug to the "Web Sites" category via
> https://bugs.archlinux.org/newtask/proj1.
I've filed a feature request (#30518). Unfortunately I'm not familiar
with Django, so there is no way I could add this in a reasonable amount
of time. However it shouldn't take too long for someone who knows what
he is doing.

Best regards,
Karol Babioch

[1] https://www.eff.org/https-everywhere/
 
Old 07-03-2012, 11:08 AM
Thomas Bächler
 
Default /etc/os-release: Suggestions for improvements

Am 03.07.2012 12:51, schrieb Karol Babioch:
> Hi,
>
> Am 03.07.2012 10:28, schrieb Thomas Bächler:
>> The bbs and bug tracker are https-only. If you would go to the http
>> link, you would be redirected to https. A user cannot login on the main
>> website or send any sensitive information to it, so there is no need to
>> force it to https.
>
> Personally, I'm a big fan of HTTPS, even for seemingly uncritical
> things. Remember: HTTPS not only makes sure the channel is encrypted,
> but a key point of the whole PKI infrastructure is to make sure it is
> the right person/site/party to whom you are talking to. Otherwise you
> wouldn't need a certificate signed by a known CA. Furthermore it is
> always conceivable that some man-in-the-middle replaces the download
> links (along with the hashes) and/or something like that. As you've got
> a valid certificate obviously, I don't see a reason why not make use of it.

Those are all valid concerns. I don't know why this particular URL was
chosen.

I guess nobody has put nearly as much thought into this as you did.

> Taking Fedora as an example they have their HOME_URL set to the HTTPS
> version here. When you got HTTPS Everywhere [1] installed, you only get
> to see the HTTPS version of fedoraproject.org. For Arch Linux, although
> part of the database of HTTPS Everywhere, this isn't the case. I can't
> see any disadvantage to propose the use of HTTPS strongly, especially
> because you've already got valid certificates.

<ruleset name="Arch Linux">
<target host="archlinux.org"/>
<target host="*.archlinux.org"/>
<rule from="^http://archlinux.org/" to="https://www.archlinux.org/"/>
<rule from="^http://([^/:@.]+).archlinux.org/"
to="https://$1.archlinux.org/"/>
</ruleset>

I always get https by default here.

>> Not a bad idea at all. As always, you can send a patch against
>> https://projects.archlinux.org/archweb.git/ to include that landing page
>> or submit a bug to the "Web Sites" category via
>> https://bugs.archlinux.org/newtask/proj1.
> I've filed a feature request (#30518). Unfortunately I'm not familiar
> with Django, so there is no way I could add this in a reasonable amount
> of time. However it shouldn't take too long for someone who knows what
> he is doing.

Thanks.
 
Old 07-03-2012, 11:16 AM
Karol Babioch
 
Default /etc/os-release: Suggestions for improvements

Hi,

Am 03.07.2012 13:08, schrieb Thomas Bächler:
> Those are all valid concerns. I don't know why this particular URL was
> chosen.
>
> I guess nobody has put nearly as much thought into this as you did.

So you would appreciate it? I certainly can submit a patch for this one .

> <ruleset name="Arch Linux">
> <target host="archlinux.org"/>
> <target host="*.archlinux.org"/>
> <rule from="^http://archlinux.org/" to="https://www.archlinux.org/"/>
> <rule from="^http://([^/:@.]+).archlinux.org/"
> to="https://$1.archlinux.org/"/>
> </ruleset>
>
> I always get https by default here.

Yeah, you are right. Seems that I have mixed up something here. I was
playing around with HTTPS Everywhere and had it disabled for testing
purposes. Totally my fault, I'm sorry.

What about the CPE entry? Any interest in that? As said, this obviously
has to be done by someone officially connected to Arch Linux, but from
my understanding it shouldn't cost anything.

Best regards,
Karol Babioch
 
Old 07-03-2012, 11:35 AM
Tom Gundersen
 
Default /etc/os-release: Suggestions for improvements

Hi Karol,

Thanks for your input. I'm answering to your original email, but I
read the whole discussion...

On Tue, Jul 3, 2012 at 1:16 AM, Karol Babioch <karol@babioch.de> wrote:
> First of all I'm wondering why HOME_URL is set to the plain HTTP version
> of archlinux.org, whereas the other two links are set to the secure
> HTTPS version. This doesn't seem to be consequent. The example shows
> that Fedora is using the HTTPS version for both the HOME_URL as well as
> the BUG_REPORT_URL.

I changed this in svn, will be included in the next filesystem release.

> After reading the appropriate man page (see [2]), I think the parameter
> SUPPORT_URL is not appropriate. It is set to
> "https://bbs.archlinux.org/". Personally I have some sort of a problem
> with the fact that only the forums get mentioned as a source for
> support. Personally I don't use the forums very often, but do make use
> of the mailing lists and the *really* great wiki much more heavily.
> Furthermore there are the various IRC channels, which probably are used
> by some of you.
>
> Unfortunately there doesn't seem to be some sort of a landing page,
> summarizing all the different ways you can ask/look for help, e.g.
> something like "https://www.archlinux.org/support/". Probably this would
> be the best solution. It looks like Fedora isn't mentioning a support
> URL at all, so maybe this would also be an option for us also?

If and when such a page is created, I'll be happy to change the url to
point to it.

> Furthermore I'm wondering whether we should look into the Common
> Platform Enumeration (CPE) specification (see [3]) in order to apply for
> an entry. From what I can tell it doesn't cost anything, but you have to
> contact the NVD CPE team, see [4]. Obviously this should be done by
> someone officially connected to Arch Linux.

Why would we want this? I don't know much about it, so if there are
good reasons I'm interested to learn.

-t
 
Old 07-03-2012, 11:55 AM
Karol Babioch
 
Default /etc/os-release: Suggestions for improvements

Hi,

Am 03.07.2012 13:35, schrieb Tom Gundersen:
> Why would we want this? I don't know much about it, so if there are
> good reasons I'm interested to learn.

I don't know much about it either, just stumbled upon it by reading the
man page of "/etc/os-release". Looking at the database (see [1]), I
realized that the "big" distributions like Fedora, Debian, Ubuntu and
OpenSUSE are in the database, so my line of argumentation was something
like "Why not?" .

Basically it makes it look more professional as it could be used as a
reference for entries within CVE and things like that.

But I have to admit that this was just something I wanted to mention. I
by no means insist on that.

Best regards,
Karol Babioch

[1] http://web.nvd.nist.gov/view/cpe/search
 
Old 07-03-2012, 10:33 PM
Oon-Ee Ng
 
Default /etc/os-release: Suggestions for improvements

On Jul 3, 2012 7:16 AM, "Karol Babioch" <karol@babioch.de> wrote:

> After reading the appropriate man page (see [2]), I think the parameter
> SUPPORT_URL is not appropriate. It is set to
> "https://bbs.archlinux.org/". Personally I have some sort of a problem
> with the fact that only the forums get mentioned as a source for
> support. Personally I don't use the forums very often, but do make use
> of the mailing lists and the *really* great wiki much more heavily.
> Furthermore there are the various IRC channels, which probably are used
> by some of you.
>
I believe we had a discussion here about this a while back. The forums are
generally more accessible and "easier" to use. Also moderated unlike the
mailing list. As such it would always be appropriate for new users to be
sent there first, if for nothing else then simply to filter the trolls and
vampires out.
 
Old 07-05-2012, 03:25 AM
Devon Sawatzky
 
Default /etc/os-release: Suggestions for improvements

how about linking to a wiki page that lists and briefly explains each
support option, putting the forums first on the list? I'd do that myself,
but I'm still new to the Arch community and don't want to break all sorts
of rules without meaning to.

On Tue, Jul 3, 2012 at 5:33 PM, Oon-Ee Ng <ngoonee.talk@gmail.com> wrote:

> On Jul 3, 2012 7:16 AM, "Karol Babioch" <karol@babioch.de> wrote:
>
> > After reading the appropriate man page (see [2]), I think the parameter
> > SUPPORT_URL is not appropriate. It is set to
> > "https://bbs.archlinux.org/". Personally I have some sort of a problem
> > with the fact that only the forums get mentioned as a source for
> > support. Personally I don't use the forums very often, but do make use
> > of the mailing lists and the *really* great wiki much more heavily.
> > Furthermore there are the various IRC channels, which probably are used
> > by some of you.
> >
> I believe we had a discussion here about this a while back. The forums are
> generally more accessible and "easier" to use. Also moderated unlike the
> mailing list. As such it would always be appropriate for new users to be
> sent there first, if for nothing else then simply to filter the trolls and
> vampires out.
>
 

Thread Tools




All times are GMT. The time now is 10:09 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org