I have mentioned a few times in the past that I am planning to move LDAP and other privileged services over to tycho (aka x1.xwin.org), to get it off the machine we have around 300 accounts on. To that end, I've been writing 'ill', a mail interface for administration. It's Python-powered, and categorised into project managers, and account managers. All project managers can submit requests for account creation, which are then approved (which is expected to be largely a rubber stamp, as it is today) by the account managers. This offers two really compelling advantages over the current situation: we don't need to grant people root for just creating accounts (there are far too many sudoers currently, for any system; not a slight on anyone at all, just a reflection on the fact that no project needs seventeen administrators).

Combined with moving the LDAP server somewhere else, this should hopefully allow us to scale far beyond where we are -- including into the realm of translators, which has sort of been pending getting the box far more secure than it is today.

All of the links to http://cvs.cairographics.org on the cairo website were broken. Fortunately, /etc/viewcvs/viewcvs.conf is under revision control, so it was easy to see that in the cairo-general section "default_root = cairo" had been changed to "default_root = /". But that change hadn't been committed so I don't have anyone to blame at this point.

Today, with the very, very able assistance of James Henstridge, I upgraded ViewCVS. James set upstream up in a vendor branch that we can check out, make our own modifications in HEAD, etc. Some stuff *may* be broken, but it should be just fine. Thanks James! -daniels

Upgraded bugzilla from 2.18.rc2 to 2.18.rc3.

Adam, cvs is on hold because we run it read-only, and we need a patch to shut it up on read-only mode (lest clients get confused and disconnect), so I put in that patch and drag it repeatedly through security updates. Ugh. -daniels

Been doing some repocopies in the dri project for bsd-core. I don't think I've broken anything, but I'm not quite done yet. --anholt

Wow. newaliases on gabe has been segfaulting for quite some time now, so Pasc Hakim, myself and Adam Conrad settled down to take a proper look at it just before. After a crazy amount of debugging various insane problems and a mindnumbing time spent on deep excursions through gdb, we finally tracked down the issue (ldap must not be in alias_databases, only alias_maps) through a hell of a lot of guesswork (not after significant debugging), and thus the problem was solved. The new accessibility list should now have all its aliases present.

This one was especially bizzare to track down: some unknown function somewhere was getting called and overflowing like crazy, so the third letter of /etc/postfix/ldap-aliases.cf was getting corrupted; either to /emc/postfix/ldap-aliases.cf or /eoc/postfix/ldap-aliases.cf. But it's all fixed now, and man was that insane. Postfix got upgraded to 2.1.5-1.0.1 somewhere along the way, and also a standard upgrade with new versions of tla, debconf, blah, blah. Phew! -daniels

There's now an Accessibility list on fd.o. Some more random account creation, with people being added to new groups and folks getting some cvs accounts. Seems we might've missed someone for months too, sorry about that! Accounts created today:

• clahey added to dbus group
• newren account created and added to icccm-extensions, startup-notification group

Otherwise, looks like accounts creation should be sped up, and who has an easy fix for the cvsweb issue? Where the silly message You don't have permission to access /doc/viewcvs/images/logo.png on this server. appears. As an example, look at the broken logo here, where it says Powered by ViewCVS. The path exists, already... --byte

Copied some sis stuff missed in the previous repocopies.

Gave Planet some love -- fixed Mike A. Harris's feed, and removed rml's as primates.ximian.com was timing out. Also made the admin feed not look like crap by not escaping the HTML. Novel! -daniels

Welcome to the fd.o admin blog. Here, we will announce impending downtime, actions taken, anything of interest admin-related. It is syndicated by RSS and Atom. Enjoy!
-d

Yet another apt-get upgrade. Everything updated, except for cvs (which was on hold, does anyone happen to know why?) and mailman (which I've put on hold because the preinst script is braindead... I have pasc looking into this). Things seem reasonably sane, but if something suddenly seems broken, feel free to blame new versions (and mail me to complain).

... Adam (adconrad)

Added another pub key for joukj at his request (access to the previous machine is limited). I wish I had a procedure for deciding when to accept emailed requests for stuff like this.

Matthias Clasen has his fd.o account working now, with commit access to mime. He's a Red Hatter, and while he already had an account, we just had to fix his authorized_keys file, and add him to a new group. And no, we don't have an admin blackhole :P --byte

Then added him to shared-mime-info and xdgmime as well

Added a new Mesa/DRI developer, Dieter Nuetzel. He's been finding breakages in DRI stuff for far too long and is being punished appropriately.

Added Fabio Massimo Di Nitto, X co-maintainer for both Ubuntu and Debian, to the xorg group to commit random build fixes, and changes to the Debian section, et al. -daniels