[Ach] next (physical) meet up : Monday, 20th of Jan 19:30 CET
L. Aaron Kaplan
kaplan at cert.at
Fri Jan 17 21:34:53 CET 2014
Hi ,
comments inline
On Jan 17, 2014, at 8:46 PM, Tobias Pape <Das.Linux at gmx.de> wrote:
>
> On 17.01.2014, at 20:08, L. Aaron Kaplan <kaplan at cert.at> wrote:
>
>>
>> On Jan 17, 2014, at 6:44 PM, Aaron Zauner <azet at azet.org> wrote:
>>
>>>
>>>
>>> L. Aaron Kaplan wrote:
>>>> Anything else? If you want something on the agenda, please tell me or reply to this mail.
>>> Merging sebix's pull request :)
>>>
>>
>> Yes!! But we both said we'd finally do that this weekend, right :)
>>
>> It's sort of important to get this in before we merge in other PRs.
>
> I have looked at it.
> I have no comments content wise but regarding the listings-handling.
> sebix has (and I had tried myself) tried to avoid the perl preprocessing.
> While he got further than me, I would be reluctant to his approach for a few reasons.
>
> 1. The method requires a manual framing, as the manually inserted cipherstring
> messes with listings.sty’s box-size calculation. On its own, this is not as
> big a problem, but it has an ugly side effect (see first attachment, frame.png)
>
> 2. The line-broken cipher sting copies as
> -->8---
> SSLCipherSuite 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRS
> A+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LO
> W:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED
> --8<---
> Which is a bit problematic, intended and automatic line breaks are indistinguishable.
> You can define explicit eol-markers, but they end up in the copy-paste text.
> (For example, the popular hooked arrow would spill in the copied cipher string)
>
> I would recommend an easily distinguishable end-of-line + beginning-of-line marker
> (see 2nd attachment, redbackslash.png), which would copy as
> -->8---
> SSLCipherSuite 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA\ \+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128\ \:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!\ \ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'
> --8<---
> Note that
> * the entire line is on one line,
> * the explicit line-start and line-end markers are unambiguous and
> * can be easily search-replaced (eg s/\\\ \\//g)
>
>
> I am not opposed to the change but I would nevertheless prepare another pr that
> * makes this red-backslash thing
> * explains it in the intro section
> * Removes all listings from the .tex files and includes them manually (eg, as apache.conf)
> * side effect: people browsing the github page can directly look at
> the config files.
>
Upon first inspection that sounds like an further even greater improvement.
So far the feedback that I got (and experienced myself) is that the recommendations are not so bad (yes, they can be improved for sure) but that the copy & pasting is actually extremely cumbersome.
> * If applicable, do the automatic generation/replacement in the config files (not the .tex files)
> * probably with sed, as I don’t really know perl, and it can be done in the makefile directly.
If you show me what you want to do exactly in sed, I can easily rewrite that in perl/python. Or we stick with sed. Whatever gets the job done :)
> * side effect 2: the people could download the correct config files directly, no need for copy and paste
> (but we would have to version them :( )
>
That would be amazing.
> Sorry for the long text, i had no time writing a shorter one
:)
>
> Best
> -Tobias
>
>
>
> <frame.png><redbackslash.png>
---
// L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
// CERT Austria - http://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20140117/4d4c611e/attachment.sig>
More information about the Ach
mailing list