This site is now 100% read-only, and retired.

XML logo

Reasons to upgrade to Etch
Posted by Steve on Wed 24 Jan 2007 at 16:56

I'm still wanting to keep Sarge upon this host for at least a few weeks after the release of Etch, but I'm getting too many reasons to upgrade:

GPG Packages

If I upgrade to Etch I can use the GPG interface from Perl to automatically sign all outgoing mails. (e.g. comment notifications, new account notices, etc)

This doesn't have a whole lot of use, but it would be neat and something that would (hopefully?) increase peoples GPG use.

I could even encrypt messages to users if they wanted that and uploaded a key.

Rails Packages

I've been slowly growing to like Rails over the past week or two - and after writing a replacement bookmarking application to replace my PHP-based bookmarks I'm keen to use it for real.

But Rails on Sarge is .. non-easy.

I'm sure there are more reasons than that too - but I can't think of them right now.

 

Comments on this Entry

Re: Reasons to upgrade to Etch
Posted by dkg (216.254.xx.xx) on Wed 24 Jan 2007 at 21:02
[ View Weblogs ]
I've done one live server in-place sarge-to-etch upgrade so far (and a couple experimental upgrades), and i found the process already pretty smooth.

gpg-encrypted mails, autogenerated by the yawns webapp, would be a great feature. If you could give the webapp itself its own GPG key (with a published signature by you, presumably), that would be even better.

[ Parent ]

Re: Reasons to upgrade to Etch
Posted by Steve (80.68.xx.xx) on Thu 25 Jan 2007 at 09:41
[ View Weblogs ]

I've done a couple of trial upgrades using Xen and found it pretty simple too, it is more that I wish to be running stable security-supported software and I don't want any sudden suprises.

The plan for signatures was to sign with a new key and sign that myself, and offer it to other people for signing in the future.

I'd like to allow users to upload their own key if they wished - although short of encrypted mails I haven't thought much about how they could be used. It does strike me as a little curious that Slashdot allows you to upload one but doesn't actually use it for anything - by contrast Livejournal allows you to upload a key if you mail a special address with a signed message you can make new updates. So perhaps something like that will be done.

Steve

[ Parent ]

Re: Reasons to upgrade to Etch
Posted by suspended user k2 (69.157.xx.xx) on Thu 25 Jan 2007 at 03:50
[ View Weblogs ]

I have been looking at the rc bugs graph* since the last 2-3 months and from the (immediate) trends it looks as if Etch release might see the lights of day in June at the earliest. If you want to wait for the release, we have a lot of time to discuss the advantages ;)

Steve do you think there would be any advantage of getting a secure certificate from cacert.org than generating one yourself. The one advantage I see is that it will be from a trusted CA (they say Debian already has it, and Mozilla will add it too) and hence won't pop open the dialogs which come up for non-trusted certificates.

And as I usual a feature request: an indicator for new articles since the user last visited (for registered users). I could try making an icon for that :)

* - Is there a way to get the graph data and apply some extrapolation techniques? -- k2

[ Parent ]

Re: Reasons to upgrade to Etch
Posted by Steve (80.68.xx.xx) on Thu 25 Jan 2007 at 09:48
[ View Weblogs ]

If the CACert certificate is installed by browsers then it might make more sense to use that in the future. My impression was that it wasn't and that was just an aim they had.

To be honest right now I assume that most people who wanted to use SSL are doing so, so they have accepted the existing certificate. When it comes to expiry time next year I'll reassess things but probably not switch until then.

The notification is a good one, although I'm not 100% sure how to code for it. I'd have to record last-login-time, or something similar. I'll think about it.

Thanks for another good suggestion :)

Steve

[ Parent ]

Re: Reasons to upgrade to Etch
Posted by suspended user k2 (132.216.xx.xx) on Thu 25 Jan 2007 at 19:40
[ View Weblogs ]
"New" notification - I think that would require recording the time for any link clicked by the user while logged on(last page visited). That is because if the cookie doesn't expire, the user stays logged on for ever during the same browser session.

Log-off time could also work as one could just compare log-off times with article times. But that would only work if all users are kicked off (logged off automatically) after a certain time of inactivity. That was the reason of the first idea - last page visited.

--
k2

[ Parent ]