Skip to main content

Alpha This is a new website theme. Help me improve it and give your feedback (opens in a new tab).

Planet Debian

Free Software Efforts (2015W51)

For the last week I have been stuck in England. For the vast majority of that time, I’ve had nothing to do except work on Debian and this blog post documents some of the things I worked on.

Obviously spending a whole week on Debian, there’s going to be some packaging involved. The following packages got new versions in unstable this last week:

  • cowdancer
  • debian-installer-launcher
  • chirp
  • python-flask-rdf

Packaging updates were one of the simpler tasks tackled this week though. I spent a lot of time this week on Debian Live along with others in the # debian-live IRC channel. Over the last week we achieved a number of things, possibly the most important being that all the generic live support packages (i.e. live-boot, live-config and live-tools) have now been converted into native packages, have their VCS repositories hosted on Alioth and have seen a good number of patches merged from the BTS and from the old patch system. All future patches will be managed via the BTS for Debian Live, as with other Debian projects.

YubiKey + udev follow-ups

In my previous post, I talked about the udev hack I had used with the YubiKey and how it was not the correct way to do things. I recieved a lot of feedback on this post, and here I’m hoping to summarise what the correct way to do it is.

The rule I was originally using was:

SUBSYSTEMS=="usb", ATTRS{idVendor}=="1050",ATTRS{idProduct}=="0111", OWNER="irl"

The problem with this rule was that it always made my own username the owner of the YubiKey. For my use on my laptop, this was fine, as I’m the only user ever logged into my laptop, but this is not the right way to do this.

YubiKey NEO as an OpenPGP token

I was first interested in the idea of using a smartcard to store OpenPGP subkeys when I joined the Free Software Foundation Europe as a Fellow and recieved my FSFE Fellowship Card. By performing all cryptographic operations on the smartcard it would remove almost all the routes by which the secret key material could be compromised as the host operating system never has access to that secret material.

I decided that this was something I wanted to try out and I purchased two Cherry G83-6644 keyboards. One of the nice things I noticed about this product was that it was both FIPS 201 approved and GOST R approved. If both the Americans and the Russians could agree it was a good keyboard, it had a good chance of being a good keyboard.

Contact