Date: Fri, 20 Nov 2009 18:52:26 +0200 From: Manolis Kiagias <manolis@FreeBSD.org> To: Giorgos Keramidas <keramida@FreeBSD.org> Cc: Tom Rhodes <trhodes@FreeBSD.org>, "doc@FreeBSD.org" <doc@FreeBSD.org>, Gabor PALI <pgj@FreeBSD.org>, Gabor Kovesdan <gabor@FreeBSD.org>, Rene Ladan <rene@FreeBSD.org>, Manolis Kiagias <manolis@FreeBSD.org> Subject: Re: [RFC] Article on freebsd-update-server Message-ID: <4B06C94A.30600@FreeBSD.org> In-Reply-To: <87ws1luqmx.fsf@kobe.laptop> References: <4B05BA06.3010303@FreeBSD.org> <87ws1luqmx.fsf@kobe.laptop>
next in thread | previous in thread | raw e-mail | index | archive | help
Giorgos Keramidas wrote:
> <SNIP> - All changes look fine up to this point
> : <note>
> : - <para>Note down the generated KeyPrint; this value is entered into
> : - <filename>/etc/freebsd-update.conf</filename> for binary
> : - updates.</para>
> : + <para>Keep a note of the generated key fingerpring. This value is
> : + entered into <filename>/etc/freebsd-update.conf</filename> for
> : + binary updates.</para>
> : </note>
>
> There are various places that the article refers to "KeyPrint". I think it
> means "key fingerpring", but I am not sure. If that's what the real meaning
> should be, please use "key fingerprint".
>
>
Probably, but we need some input from Jason here. I assume you are right.
> : <screen>Mon Aug 24 17:54:07 PDT 2009 Extracting world+src for FreeBSD/amd64 7.2-RELEASE
> : @@ -411,10 +428,7 @@ to sign the release.</screen>
> : file named <filename>USAGE</filename>. Execute
> : <filename>scripts/approve.sh</filename>, as directed. This will sign
> : the release, and move components into a staging area suitable for
> : - uploading. It is important to make sure that your key is mounted
> : - during this process. A simple <command>df</command> will show if it
> : - is mounted. If not mounted, mount the key with the passphrase supplied
> : - when creating it earlier.</para>
> : + uploading.</para>
>
> I don't know where the key mounting bits come from. It seems to refer to
> those FreeBSD installations where PGP keys are stored in removable media, like
> a USB flash disk. Why do we have to explicitly mention this here? After all,
> we don't describe how gpg-agent(1) works, or how seahorse(1) integrates PGP
> with Gnome, or any other case of the dozens of PGP setups possible...
>
>
Same here, I am not really sure what the key mounting refers to.
> : @@ -524,9 +547,11 @@ Wed Aug 26 12:50:07 PDT 2009 Cleaning st
> : <note>
> : <para>When running a patch level build, we are assuming that previous
> : patches are in place. When a patch build is run, it will run all
> : - patches less than or equal to the number specified. Beyond this,
> : - you will have to take appropriate measures to verify authenticity
> : - of the patch.</para>
> : + patches less than or equal to the number specified.</para>
> : +
> : + <para><emphasis>It is up to the administrator of the freebsd-update
> : + server to take appropriate measures to verify the authenticity of
> : + every patch.</emphasis></para>
>
> I think we ought to emphasize a bit the part about patch authenticity, but I
> am not sure if I chose the right way to do this.
>
>
Or maybe use <warning> around it?
> : - <para>Follow the same process as noted before for appoving a build.</para>
> : + <para>Follow the same process as noted before for approving a build:</para>
>
> Typo.
>
> There are more changes, in the attached patch. Most of them are attempts to
> improve the wording of various small parts of the article. Please see the
> attached diff for all of them.
>
>
The patch has been applied, the new version is available in mercurial
and also uploaded again to freefall.
> One more important detail. We are still discussing at doceng@ how we can
> bring the final article into CVS. So, please hold from committing this, until
> we have resolved all the remaining details.
>
>
Yes, I am aware of this.
Jason has thought of something like this (copied from email):
<sect1 id="afterword">
<title>Afterword</title>
<para>This <ulink
url="http://www.experts-exchange.com/articles/OS/Unix/BSD/FreeBSD/Build-Your-Own-FreeBSD-Update-Server.html">FreeBSD
Update </ulink> article was originally published at <ulink
url="http://www.experts-exchange.com">Experts-Exchange</ulink>.</para>;
</sect1>
and I thought we could turn this into something like "Acknowledgements
/ Further Reading" section (will probably need to be expanded a bit).
Does this make any sense?
> I'm sure that a lot of people will love reading an article that describes in
> detail how to set up a local freebsd-update server. Thanks for all the work
> done so far on what seems to be an excellent article! :-D
>
And we thank you for the thorough review :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B06C94A.30600>