[clc-devel] Applying to be a package maintainer
I'd like to know how to apply to be a package maintainer. The MaintainerGuidlines document on the wiki is pretty vague on that. I'd also like to know how I register an account for the bug reporting system, or whether all bugs are supposed to be anonymous. Thanks, * Anthony
I'd like to know how to apply to be a package maintainer. The MaintainerGuidlines document on the wiki is pretty vague on that. Please let us know what parts are vague; we've tried to make it clear, but we tend to forget things we think are obvious, so we're happy to fix
Hi, On Sun, Aug 29, 2004 at 15:51:16 -0700, Anthony de Almeida Lopes wrote: those things. The process to apply is about the following: 1. package software, create ports, publish them, maintain them 2. Read http://clc.morpheus.net:6999/clc/wiki?p=MaintainerGuidelines and see whether you agree to the rules and requirements metioned there; also read the CLC package guidelines, available through the "Documents" section of the CLC webpage, and validate your ports against them. 3. Send an application to clc-devel@lists.berlios.de, containing "links to packages the applicant did, and a list of packages she/he'd like to maintain. It's best to send an URL to some ports the applicant made". We also like to know who we're dealing with, so some notes about you are definitely appreciated. There are some examples in the mailing list archive at https://lists.berlios.de/pipermail/clc-devel/ After that, some maintainers will look into the ports and advocate for the applicant if they think he/she is a good match, or give some tips how to improve them to fit
I'd also like to know how I register an account for the bug reporting system, or whether all bugs are supposed to be anonymous. For now, we've never had someone asking for an account, but if you plan to do a lot of bug reporting, this could be arranged. Anonymous reporting is fine though.
Hope this helps, Regards, Johannes -- Johannes Winkelmann mailto:jw@tks6.net Bern, Switzerland http://jw.tks6.net
Yes, I meat that it just doesn't say where to apply to. I ended up sending an e-mail to Per Liden and this mailing list. That's all. About the bug reporting system... The reason I asked about an account is because bugzilla usually requires one and it sends you updates when people reassign, close as duplicate, close as fixed, etc. a bug. Also sometimes I find out more information, or a solution of my own. Anyway, it's not necessary, but you'd definitely get more information out of people if you could ask them for clarification or something. Oh and I forgot to say (in my application I sumbitted a few minutes ago) that I did read the MaintainerGuidlines and agree to them. I wanted to make a note too, that I will do my best to mantain my ports. For the gcc- ssp I will have to follow what gcc CRUX has in ports as well as what patch Etoh has out and for gaim I'd have to follow both Gaim and the corresponding gaim-encrption plugin. Okay, class in 10 minutes. Have a good one. * tony
Hi,
I'd like to know how to apply to be a package maintainer. The MaintainerGuidlines document on the wiki is pretty vague on that. Please let us know what parts are vague; we've tried to make it clear, but we tend to forget things we think are obvious, so we're happy to fix
On Sun, Aug 29, 2004 at 15:51:16 -0700, Anthony de Almeida Lopes wrote: those things.
The process to apply is about the following:
1. package software, create ports, publish them, maintain them 2. Read http://clc.morpheus.net:6999/clc/wiki?p=MaintainerGuidelines and see whether you agree to the rules and requirements metioned there; also read the CLC package guidelines, available through the "Documents" section of the CLC webpage, and validate your ports against them. 3. Send an application to clc-devel@lists.berlios.de, containing "links to packages the applicant did, and a list of packages she/he'd like to maintain. It's best to send an URL to some ports the applicant made".
We also like to know who we're dealing with, so some notes about you are definitely appreciated. There are some examples in the mailing list archive at https://lists.berlios.de/pipermail/clc-devel/
After that, some maintainers will look into the ports and advocate for the applicant if they think he/she is a good match, or give some tips how to improve them to fit
I'd also like to know how I register an account for the bug reporting system, or whether all bugs are supposed to be anonymous. For now, we've never had someone asking for an account, but if you plan to do a lot of bug reporting, this could be arranged. Anonymous reporting is fine though.
Hope this helps, Regards, Johannes -- Johannes Winkelmann mailto:jw@tks6.net Bern, Switzerland http://jw.tks6.net _______________________________________________ clc-devel mailing list clc-devel@lists.berlios.de http://lists.berlios.de/mailman/listinfo/clc-devel
-- * * * Anthony de Almeida Lopes guerrilla_thought@gmx.de AIM: whatsheon * * * "And someone else might feel something scratching in his mouth. he goes to the mirror opens his mouth: and his tongue is an enormous, live centipede, rubbing its legs together and scraping his palate. He'd like to spit it out, but the centipede is part of him and he will to tear it out with his own hands..." -- Jean Paul Sartre * * * NEU: Bis zu 10 GB Speicher f�r e-mails & Dateien! 1 GB bereits bei GMX FreeMail http://www.gmx.net/de/go/mail
Oops thought I sent this to the list too... Alright, let me qualify first before I talk about ports. For the last 3 months I've been using my own distribution of Linux made. I don't know whether a lot of linux-from- scratch people can say that or not, but I'm pretty proud of it. You can find some documents on it here: http://sonic.net/~someone/slothware/. I have two people that mirror it if you want to actually look at what I have. Before I rolled my own distribution I used gentoo since about 2001 or so, when it first showed up. I am familiar with port systems. Like I said, I used gentoo, I use OpenBSD and NetBSD's pkgsrc was my original ports system for Slothware (my distribution). I've also worked with the GAR ports system as well (not my favorite). I, with a few others, do my best in #linux-help to help out "newbies." I have a fairly solid understanding of how the original UNIX kernel and the Linux kernel work. In particular, I've studied the virtual memory subsystem, the filesystem and ELF. I'm familiar with gcc and the linkers. I haven't put out any massive projects, aside from Slothware, but I continue continue to learn about and use C, assembly and bash (my favorite languages) as time goes by. Most importantly of all; what I don't know, I can learn. Personally? I'm a computer science major and will be doing the computer systems program at either U.C. Berekely or Davis Right now I'm finishing up General education at Santa Rosa Junior College (in northern California). You can see my class schedule here: http://www.sonic.net/ ~someone/classes.html. I guess you can find a picture of me here: http://sonic.net/~someone/photos/. I'm 21 years old, dedicated to computers and school. Right now I'd have to say my interests are still in security, assembly, and studying the Linux kernel. Okay, let's get back to ports. Stack-smashing protector isn't exactly a simple matter, but I can point you at some documents you might want to look at: http://www.trl.ibm.com/projects/security/ssp/node1.html and http://immunix.org/StackGuard/usenixsc98.pdf The first is what I'm porting and the second, the pdf, is the original proposal for the work, back in 1998. Basically, what you want to know, is it does a good job "preventing" buffer overflows. It is by no means the solution to all security problems. Please read this document http://pax.grsecurity.net/docs/pax.txt . Some security is better than no security. This deals with the problem at a source level, when you compile code with SSP, the binary produced will actually differ between that and what would normally come out. It's not a Non-Executable stack implementation but gives, reorders the layout of the process in memory (the stack rest of the stack comes after the return address) and it puts a little barrier there as well. Anyway, please read the first document at least if you're interested. Is this a port that people need? Let me put it this way; if you're running a sevrer, I'd highly recommend it (as well as PaX and some kind of MAC.) It's pretty widley used right now. Check out the gentoo hardened project http://hardened.gentoo.org. It's also become default in a few distributions of gcc. People do use it. I should note that it will only protect the executables and libraries that you compile with it. If an executable uses a shared object that is compiled with ssp, that code will be protected but the main applications will not be. This doesn't get rid of the buffer overflow itself but "prevents" it from doing much of anything. I have a preliminary port of gcc-ssp here: http://sonic.net/~someone/files/gcc-ssp.tar.bz2 It's not finished right now, I'd advise against using it with ccache right now, although I do use it for everything it needs some more testing. The other thing I'm interest in porting right now is gaim-encryption (see: http://gaim-encryption.sourceforge.net) which is just a method of encrypting conversation over AOL's instant messaging network via gaim (see http://gaim.sourceforge.net), a very popular IM client for Linux. I will check out the 'unmaintained' section of the CRUX ports tree as well. Please let me know what else you want to know about me or if you have any other questions. Sorry if this sounds kind of resume-ish. Have a good day, I'm off to school now. * tony On Mon, 2004-08-30 at 12:05 +0200, Johannes Winkelmann wrote:
Hi,
I'd like to know how to apply to be a package maintainer. The MaintainerGuidlines document on the wiki is pretty vague on that. Please let us know what parts are vague; we've tried to make it clear, but we tend to forget things we think are obvious, so we're happy to fix
On Sun, Aug 29, 2004 at 15:51:16 -0700, Anthony de Almeida Lopes wrote: those things.
The process to apply is about the following:
1. package software, create ports, publish them, maintain them 2. Read http://clc.morpheus.net:6999/clc/wiki?p=MaintainerGuidelines and see whether you agree to the rules and requirements metioned there; also read the CLC package guidelines, available through the "Documents" section of the CLC webpage, and validate your ports against them. 3. Send an application to clc-devel@lists.berlios.de, containing "links to packages the applicant did, and a list of packages she/he'd like to maintain. It's best to send an URL to some ports the applicant made".
We also like to know who we're dealing with, so some notes about you are definitely appreciated. There are some examples in the mailing list archive at https://lists.berlios.de/pipermail/clc-devel/
After that, some maintainers will look into the ports and advocate for the applicant if they think he/she is a good match, or give some tips how to improve them to fit
I'd also like to know how I register an account for the bug reporting system, or whether all bugs are supposed to be anonymous. For now, we've never had someone asking for an account, but if you plan to do a lot of bug reporting, this could be arranged. Anonymous reporting is fine though.
Hope this helps, Regards, Johannes
Hi Anthony, On Tue, Aug 31, 2004 at 09:57:32 -0700, Anthony de Almeida Lopes wrote:
Oops thought I sent this to the list too...
Alright, let me qualify first before I talk about ports. For the last 3 months I've been using my own distribution of Linux made. [..·]
I have a preliminary port of gcc-ssp here: http://sonic.net/~someone/files/gcc-ssp.tar.bz2 It's not finished right now, I'd advise against using it with ccache right now, although I do use it for everything it needs some more testing.
The other thing I'm interest in porting right now is gaim-encryption (see: http://gaim-encryption.sourceforge.net) which is just a method of encrypting conversation over AOL's instant messaging network via gaim (see http://gaim.sourceforge.net), a very popular IM client for Linux. I'd suggest you set up a personal ports repository and start to maintain those ports for a while. This might be one of the points where our maintainer guidelines are unclear, but for now we try to select maintainers which have some experience with maintainance of CRUX ports and CRUX in general. While you seem qualified to reach that, we can hardly judge your capabilities by a single port you call preliminary, and ideas for ports you'd like to do. I also had the impression that you just started with CRUX.
A few notes on your port: - the header should only contain a single URL tag - there are some files missing in your source line: - protector.dif - protectoronly.dif - protector.c and protector.h - ccache-gcc-ssp ccache-g++-ssp Fixing the later will allow you to refer to those file using a correct path; for now, your Pkgfile accesses files outside the work directory of a port, which will fail if the pkgmk work directory is different from the port's base directory. Furthermore, I'm not sure if it it's possible to have source files in a directory, but this is of course easily changed. So please continue to build ports, publish them and maintain them for a while, and once you're familiar with CRUX and the things surrounding it (CLC etc.) feel free to apply again here. If you have further questions, feel free to ask; there's also an IRC channel where many of the guys from CLC can be found: it's #crux on irc.freenode.net. Kind regards, Johannes P.S. Please don't CC me when replying to the list -- Johannes Winkelmann mailto:jw@tks6.net Bern, Switzerland http://jw.tks6.net
participants (2)
-
Anthony de Almeida Lopes -
Johannes Winkelmann