Osamu Aoki wrote:
> Hi,
>
> Recent openssl issue lead me to http://db.debian.org/password.html and
> made me wonder why script example uses DSA key while main text only
> talks about RSA key.

The text talks about RSA keys as they are preferred over DSA keys.

> | Alternatively, you can do without a password and use PGP to manipulate your
> | LDAP information through the mail gateway and use SSH RSA Authentication to
> | access the servers. To setup OpenSSH for RSA you need to first generate a
> | private RSA key using ssh-keygen and select a good passphrase for it. Then send
> | the public portion of the key to the LDAP directory:
> |
> | gpg --clearsign < ~/.ssh/id_dsa.pub | mail change@db.debian.org
> |
> | NB: Only version 2 RSA keys are accepted. Version 1 RSA keys (i.e. identity.pub
> | files) will not work.
>
>
> If main text is s/RSA/RSA/DSA/g , I understand script example but ...
>
> Is there any reason to use DSA key insted of RSA key(~/.ssh/id_rsa.pub) ?

On the contrary, it's better to use RSA keys as they can be bigger and
are faster.

Cheers

Luk


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Thu, 15 May 2008, Osamu Aoki wrote:

> Considering recent issues, http://db.debian.org/password.html requires
> updated as "s/id_dsa.pub/id_rsa.pub/".

My mail to d-i-a said that you need to use RSA keys. You have read
that, right?

The page on db.d.o will get updated eventually, for now think of it as
"You need to be at least this smart to get your key into LDAP".

weasel


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Thu, May 15, 2008 at 03:03:55PM +0200, Peter Palfrader <weasel@debian.org> wrote:
> On Thu, 15 May 2008, Osamu Aoki wrote:
>
> > Considering recent issues, http://db.debian.org/password.html requires
> > updated as "s/id_dsa.pub/id_rsa.pub/".
>
> My mail to d-i-a said that you need to use RSA keys. You have read
> that, right?

This mail should have been sent to d-d-a, really.

Mike


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Thu, 15 May 2008, Mike Hommey wrote:

> On Thu, May 15, 2008 at 03:03:55PM +0200, Peter Palfrader <weasel@debian.org> wrote:
> > On Thu, 15 May 2008, Osamu Aoki wrote:
> >
> > > Considering recent issues, http://db.debian.org/password.html requires
> > > updated as "s/id_dsa.pub/id_rsa.pub/".
> >
> > My mail to d-i-a said that you need to use RSA keys. You have read
> > that, right?
>
> This mail should have been sent to d-d-a, really.

No. the original mail to d-d-a explicitly said that all future mails,
especially this, will be posted to d-i-a.

dia is the correct mailinglist for this.

weasel


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Thu, May 15, 2008 at 05:11:30PM +0200, Peter Palfrader <weasel@debian.org> wrote:
> On Thu, 15 May 2008, Mike Hommey wrote:
>
> > On Thu, May 15, 2008 at 03:03:55PM +0200, Peter Palfrader <weasel@debian.org> wrote:
> > > On Thu, 15 May 2008, Osamu Aoki wrote:
> > >
> > > > Considering recent issues, http://db.debian.org/password.html requires
> > > > updated as "s/id_dsa.pub/id_rsa.pub/".
> > >
> > > My mail to d-i-a said that you need to use RSA keys. You have read
> > > that, right?
> >
> > This mail should have been sent to d-d-a, really.
>
> No. the original mail to d-d-a explicitly said that all future mails,
> especially this, will be posted to d-i-a.
>
> dia is the correct mailinglist for this.

I beg to differ. This particular mail is important enough to be sent to
d-d-a instead of d-i-a.

Mike


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Do, 15 Mai 2008, Mike Hommey wrote:
> I beg to differ. This particular mail is important enough to be sent to
> d-d-a instead of d-i-a.

I agree, dia is not what I would be subscribed to under normal
circumstances, and with all the caos that type of announce is for dda.

Best wishes

Norbert

-------------------------------------------------------------------------------
Dr. Norbert Preining <preining@logic.at> Vienna University of Technology
Debian Developer <preining@debian.org> Debian TeX Group
gpg DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094
-------------------------------------------------------------------------------
BISHOP'S CAUNDLE
An opening gambit before a game of chess whereby the missing pieces
are replaced by small ornaments from the mantelpiece.
--- Douglas Adams, The Meaning of Liff


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Thu, 15 May 2008, Norbert Preining wrote:

> On Do, 15 Mai 2008, Mike Hommey wrote:
> > I beg to differ. This particular mail is important enough to be sent to
> > d-d-a instead of d-i-a.
>
> I agree, dia is not what I would be subscribed to under normal
> circumstances, and with all the caos that type of announce is for dda.

Which is why the initial mail about the issue went to both. If you read
the first mail you will know where to find the rest. If you can't be
bothered to read carefully when asked to (and lots can't) then I cannot
help you.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Do, 15 Mai 2008, Peter Palfrader wrote:
> > > I beg to differ. This particular mail is important enough to be sent to
> > > d-d-a instead of d-i-a.
> >
> > I agree, dia is not what I would be subscribed to under normal
> > circumstances, and with all the caos that type of announce is for dda.
>
> Which is why the initial mail about the issue went to both. If you read
> the first mail you will know where to find the rest. If you can't be
> bothered to read carefully when asked to (and lots can't) then I cannot
> help you.

Come on, should I now subscribe to dia only for one (1!!) email (or
maybe 2) which are of general interest??

I did read the email, I saw the remark, and assumed that that was an
oversight ... my failure.

Best wishes

Norbert

-------------------------------------------------------------------------------
Dr. Norbert Preining <preining@logic.at> Vienna University of Technology
Debian Developer <preining@debian.org> Debian TeX Group
gpg DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094
-------------------------------------------------------------------------------
NANHORON (n. medical)
A tiny valve concealed in the inner ear which enables a deaf
grandmother to converse quite normally when she feels like it, but
which excludes completely anything that sounds like a request to help
with laying the table.
--- Douglas Adams, The Meaning of Liff


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Peter Palfrader skrev:

On Thu, 15 May 2008, Norbert Preining wrote:


On Do, 15 Mai 2008, Mike Hommey wrote:

I beg to differ. This particular mail is important enough to be sent to
d-d-a instead of d-i-a.

I agree, dia is not what I would be subscribed to under normal
circumstances, and with all the caos that type of announce is for dda.


Which is why the initial mail about the issue went to both. If you read
the first mail you will know where to find the rest. If you can't be
bothered to read carefully when asked to (and lots can't) then I cannot
help you.


Yes you can, by resending these mails of general interest to d-d-a.

DDs are required to subscribe to d-d-a and read it to keep informed. I
don't recall a requirement to subscribe to d-i-a, the Developer's
Reference doesn't even mention it. If you want all DDs to be aware of
something, send stuff to d-d-a. (I did read that the initial mail said
to look to d-i-a, but in that case, I'd rather miss your posts there,
and get the information from IRC or something instead, than actually
subscribing to yet another ML I don't really feel I need to add to my
already way too many mailfolders.)


Or, I suppose, you could send an URL to d-i-a's archived post to d-d-a,
that might be enough for those who don't have that much interest in
d-i-a (including me). (But then again, if you do that, you could as well
include the whole post...)


Perhaps someone should do that for everyone's benefit? Maybe even me, a
relatively peripheral DD?



--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Fri, May 16, 2008 at 08:41:25AM +0200, Norbert Preining wrote:
> On Do, 15 Mai 2008, Peter Palfrader wrote:
> > > > I beg to differ. This particular mail is important enough to be sent to
> > > > d-d-a instead of d-i-a.
> > >
> > > I agree, dia is not what I would be subscribed to under normal
> > > circumstances, and with all the caos that type of announce is for dda.
> >
> > Which is why the initial mail about the issue went to both. If you read
> > the first mail you will know where to find the rest. If you can't be
> > bothered to read carefully when asked to (and lots can't) then I cannot
> > help you.
>
> Come on, should I now subscribe to dia only for one (1!!) email (or
> maybe 2) which are of general interest??
>
No. If you are expecting something on the list but do not want to
subscribe, the list archives are always available:

http://lists.debian.org/debian-infrastructure-announce

Regards,

-Roberto

--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com