Discussion:
[privoxy-devel] Move from Sourceforge
Ian Silvester
2015-10-29 18:58:01 UTC
Permalink
Hi all,

I have today learnt that Sourceforge is blocked by uBlock's default
ruleset, ostensibly because of the unpleasant badware they push
aggressively when one downloads any genuine files.

I was in discussion with the author of a fairly good security guide for
OS X who currently promotes the Homebrew installer for Privoxy. This is
inferior to ours for a number of reasons, not least that Privoxy is
executed using the interative user account that was used when installing
it. He is however unwilling to alter his guide to promote the 'official'
binary package due to the problem detailed in the first paragraph.

I think the time has come for us to move, no? Fabian I know you've
already put some thought into this - do you have a preferred project
host, going forward?

All input welcome, however a priori I would have thought github would be
the obvious choice?

Cheers,

Ian
--
My PGP public key
<http://diem.serveftp.net:8080/IanSilvesterPGPPublicKey.asc>.
Fabian Keil
2015-10-30 14:36:03 UTC
Permalink
Post by Ian Silvester
I have today learnt that Sourceforge is blocked by uBlock's default
ruleset, ostensibly because of the unpleasant badware they push
aggressively when one downloads any genuine files.
I was in discussion with the author of a fairly good security guide for
OS X who currently promotes the Homebrew installer for Privoxy. This is
inferior to ours for a number of reasons, not least that Privoxy is
executed using the interative user account that was used when installing
it. He is however unwilling to alter his guide to promote the 'official'
binary package due to the problem detailed in the first paragraph.
Given that the OS X packages come with OpenPGP signatures
(a security guide could mention) that seems to be a strange
position to me.

Anyway, it if helps, we could also make the OS X binaries available
from the hidden service page (http://jvauzb4sb3bwlsnc.onion/) which is
outside SourceForge's control and provides end-to-end encryption (on top
of the signature files).
Post by Ian Silvester
I think the time has come for us to move, no? Fabian I know you've
already put some thought into this - do you have a preferred project
host, going forward?
As far as I'm concerned, moving away from SF is long overdue.

Unfortunately my impression is that self-hosting is currently the only
long-term option as all the project hosting services I'm aware of seem
to fail to satisfy most of the requirements from:
http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/TODO?view=markup#l413

After talking to various self-hosting developers, I believe the
requirements could be mostly met by using Bugzilla for bug reports,
Mailman for mailing lists, Gitolite and Gitweb for version control stuff
and nginx (or Privoxy itself) as webserver.

If there are better options, I'd be interested to hear about them.

If nobody objects, I can try to get things moving by looking for a hoster
that is willing to sponsor (at least) one server in exchange for being
mentioned on the website and a contract with SPI Inc. or Zwiebelfreunde e.V.
to get the tax benefits.
Post by Ian Silvester
All input welcome, however a priori I would have thought github would be
the obvious choice?
In my obviously biased opinion, Github is a pretty poor choice for a
free software project with a reasonable amount of users with strong
feelings about (software) freedom, privacy and security.

Github seems to fail at requirements 2 (a show stopper for me), 4, 5,
6, 7, 8 and 9 and I'm unsure about the remaining ones. IIRC, Github also
lacks support for commit mails with diffs included.

Having said that, there's no reason why all the Privoxy-related things
have to be hosted on the same hosting service.

If you are comfortable with using Github for Mac OS X development
and none of the other OS X developers and contributors object,
you could migrate the OS X stuff at your earliest convenience
(and migrate again if/when Github starts to follow SF's "lead"
or better options become available).

After all, Github currently isn't worse than SF and OS X users
are unlikely to complain about Github being a proprietary service
anyway ...

Fabian
Ian Silvester
2015-10-30 19:18:01 UTC
Permalink
Post by Fabian Keil
Post by Ian Silvester
I have today learnt that Sourceforge is blocked by uBlock's default
ruleset, ostensibly because of the unpleasant badware they push
aggressively when one downloads any genuine files.
I was in discussion with the author of a fairly good security guide for
OS X who currently promotes the Homebrew installer for Privoxy. This is
inferior to ours for a number of reasons, not least that Privoxy is
executed using the interative user account that was used when installing
it. He is however unwilling to alter his guide to promote the 'official'
binary package due to the problem detailed in the first paragraph.
Given that the OS X packages come with OpenPGP signatures
(a security guide could mention) that seems to be a strange
position to me.
As I understand it it's that if readers have followed his guide they'll
have installed uBlock and hence would be blocked from visiting
Sourceforge at all.
Post by Fabian Keil
Anyway, it if helps, we could also make the OS X binaries available
from the hidden service page (http://jvauzb4sb3bwlsnc.onion/) which is
outside SourceForge's control and provides end-to-end encryption (on top
of the signature files).
This doesn't route for me - I assume it depends upon Tor? As you'll know
OS X users are (typically) non-technical and won't have Tor configured.
I consider myself fairly technically adept and yet I don't use Tor.

I'll consider temporarily hosting the OS X binary packages myself for
those who won't or can't visit Sourceforge.
Post by Fabian Keil
Post by Ian Silvester
I think the time has come for us to move, no? Fabian I know you've
already put some thought into this - do you have a preferred project
host, going forward?
As far as I'm concerned, moving away from SF is long overdue.
Unfortunately my impression is that self-hosting is currently the only
long-term option as all the project hosting services I'm aware of seem
http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/TODO?view=markup#l413
After talking to various self-hosting developers, I believe the
requirements could be mostly met by using Bugzilla for bug reports,
Mailman for mailing lists, Gitolite and Gitweb for version control stuff
and nginx (or Privoxy itself) as webserver.
If there are better options, I'd be interested to hear about them.
If nobody objects, I can try to get things moving by looking for a hoster
that is willing to sponsor (at least) one server in exchange for being
mentioned on the website and a contract with SPI Inc. or Zwiebelfreunde e.V.
to get the tax benefits.
I agree with this approach entirely. You are right in the TODO wishlist,
and self-hosting would seem the only way to ensure a secure and safe
future for the project.
Post by Fabian Keil
Post by Ian Silvester
All input welcome, however a priori I would have thought github would be
the obvious choice?
In my obviously biased opinion, Github is a pretty poor choice for a
free software project with a reasonable amount of users with strong
feelings about (software) freedom, privacy and security.
Github seems to fail at requirements 2 (a show stopper for me), 4, 5,
6, 7, 8 and 9 and I'm unsure about the remaining ones. IIRC, Github also
lacks support for commit mails with diffs included.
Having said that, there's no reason why all the Privoxy-related things
have to be hosted on the same hosting service.
If you are comfortable with using Github for Mac OS X development
and none of the other OS X developers and contributors object,
you could migrate the OS X stuff at your earliest convenience
(and migrate again if/when Github starts to follow SF's "lead"
or better options become available).
After all, Github currently isn't worse than SF and OS X users
are unlikely to complain about Github being a proprietary service
anyway ...
On reflection I'd prefer not to fragment our offering. Please delegate
any setup items to me that you need to once the host is chosen; I'm keen
to help share the load in any way I feasibly can.

Cheers,

Ian
Post by Fabian Keil
Fabian
------------------------------------------------------------------------------
_______________________________________________
Ijbswa-developers mailing list
https://lists.sourceforge.net/lists/listinfo/ijbswa-developers
--
My PGP public key
<http://diem.serveftp.net:8080/IanSilvesterPGPPublicKey.asc>.
Fabian Keil
2015-10-31 19:14:04 UTC
Permalink
Post by Ian Silvester
Post by Fabian Keil
Post by Ian Silvester
I have today learnt that Sourceforge is blocked by uBlock's default
ruleset, ostensibly because of the unpleasant badware they push
aggressively when one downloads any genuine files.
I was in discussion with the author of a fairly good security guide for
OS X who currently promotes the Homebrew installer for Privoxy. This is
inferior to ours for a number of reasons, not least that Privoxy is
executed using the interative user account that was used when installing
it. He is however unwilling to alter his guide to promote the 'official'
binary package due to the problem detailed in the first paragraph.
Given that the OS X packages come with OpenPGP signatures
(a security guide could mention) that seems to be a strange
position to me.
As I understand it it's that if readers have followed his guide they'll
have installed uBlock and hence would be blocked from visiting
Sourceforge at all.
I see.
Post by Ian Silvester
Post by Fabian Keil
Anyway, it if helps, we could also make the OS X binaries available
from the hidden service page (http://jvauzb4sb3bwlsnc.onion/) which is
outside SourceForge's control and provides end-to-end encryption (on top
of the signature files).
This doesn't route for me - I assume it depends upon Tor?
You assume correctly.
Post by Ian Silvester
I'll consider temporarily hosting the OS X binary packages myself for
those who won't or can't visit Sourceforge.
Sounds good to me. If uBlock doesn't block SourceForge IP addresses
as well, we could additionally put the files on the website or add
a redirect from there to your system.

[...]
Post by Ian Silvester
Post by Fabian Keil
If you are comfortable with using Github for Mac OS X development
and none of the other OS X developers and contributors object,
you could migrate the OS X stuff at your earliest convenience
(and migrate again if/when Github starts to follow SF's "lead"
or better options become available).
After all, Github currently isn't worse than SF and OS X users
are unlikely to complain about Github being a proprietary service
anyway ...
On reflection I'd prefer not to fragment our offering. Please delegate
any setup items to me that you need to once the host is chosen; I'm keen
to help share the load in any way I feasibly can.
Great. Thanks for the offer.

Fabian
Ian Silvester
2015-10-31 22:38:19 UTC
Permalink
Okay,

So the latest OS X and iOS binary installers are now mirrored at:

http://www.silvester.org.uk/privoxy_installers/

If you think it useful for me to also mirror the source tarball and
latest binaries for other platforms just say the word. I'm also happy
for the www.privoxy.org 'Download recent releases' link to redirect here.


Cheers,

Ian
Post by Fabian Keil
Post by Ian Silvester
Post by Fabian Keil
Post by Ian Silvester
I have today learnt that Sourceforge is blocked by uBlock's default
ruleset, ostensibly because of the unpleasant badware they push
aggressively when one downloads any genuine files.
I was in discussion with the author of a fairly good security guide for
OS X who currently promotes the Homebrew installer for Privoxy. This is
inferior to ours for a number of reasons, not least that Privoxy is
executed using the interative user account that was used when installing
it. He is however unwilling to alter his guide to promote the 'official'
binary package due to the problem detailed in the first paragraph.
Given that the OS X packages come with OpenPGP signatures
(a security guide could mention) that seems to be a strange
position to me.
As I understand it it's that if readers have followed his guide they'll
have installed uBlock and hence would be blocked from visiting
Sourceforge at all.
I see.
Post by Ian Silvester
Post by Fabian Keil
Anyway, it if helps, we could also make the OS X binaries available
from the hidden service page (http://jvauzb4sb3bwlsnc.onion/) which is
outside SourceForge's control and provides end-to-end encryption (on top
of the signature files).
This doesn't route for me - I assume it depends upon Tor?
You assume correctly.
Post by Ian Silvester
I'll consider temporarily hosting the OS X binary packages myself for
those who won't or can't visit Sourceforge.
Sounds good to me. If uBlock doesn't block SourceForge IP addresses
as well, we could additionally put the files on the website or add
a redirect from there to your system.
[...]
Post by Ian Silvester
Post by Fabian Keil
If you are comfortable with using Github for Mac OS X development
and none of the other OS X developers and contributors object,
you could migrate the OS X stuff at your earliest convenience
(and migrate again if/when Github starts to follow SF's "lead"
or better options become available).
After all, Github currently isn't worse than SF and OS X users
are unlikely to complain about Github being a proprietary service
anyway ...
On reflection I'd prefer not to fragment our offering. Please delegate
any setup items to me that you need to once the host is chosen; I'm keen
to help share the load in any way I feasibly can.
Great. Thanks for the offer.
Fabian
------------------------------------------------------------------------------
_______________________________________________
Ijbswa-developers mailing list
https://lists.sourceforge.net/lists/listinfo/ijbswa-developers
--
My PGP public key
<http://diem.serveftp.net:8080/IanSilvesterPGPPublicKey.asc>.
Fabian Keil
2015-11-03 17:43:56 UTC
Permalink
Post by Ian Silvester
http://www.silvester.org.uk/privoxy_installers/
Great.
Post by Ian Silvester
If you think it useful for me to also mirror the source tarball and
latest binaries for other platforms just say the word. I'm also happy
for the www.privoxy.org 'Download recent releases' link to redirect here.
I suspect that the source tarball is mainly downloaded automatically
(so mirroring may not be noticed), but the Windows binaries are probably
mostly downloaded manually.

Simply redirecting the "Download recent releases" link would probably
confuse less technical users, however we could replace it with a text
like:

| Privoxy downloads are available at SourceForge(link), if you are
| not comfortable with downloading binaries from SourceForge, please
| use of these mirrors: (link to your website), (link to the hidden
| service) etc.

Fabian
Ian Silvester
2015-11-03 18:05:34 UTC
Permalink
That sounds like an ideal compromise Fabian, however I'll first alter
the URL to simply:

http://www.silvester.org.uk/privoxy/

and add directories for the rest of the installers and the source tarball for the sake of completeness.

I'll let you know once that alteration is complete.

Cheers,

Ian
Post by Fabian Keil
Post by Ian Silvester
http://www.silvester.org.uk/privoxy_installers/
Great.
Post by Ian Silvester
If you think it useful for me to also mirror the source tarball and
latest binaries for other platforms just say the word. I'm also happy
for the www.privoxy.org 'Download recent releases' link to redirect here.
I suspect that the source tarball is mainly downloaded automatically
(so mirroring may not be noticed), but the Windows binaries are probably
mostly downloaded manually.
Simply redirecting the "Download recent releases" link would probably
confuse less technical users, however we could replace it with a text
| Privoxy downloads are available at SourceForge(link), if you are
| not comfortable with downloading binaries from SourceForge, please
| use of these mirrors: (link to your website), (link to the hidden
| service) etc.
Fabian
------------------------------------------------------------------------------
_______________________________________________
Ijbswa-developers mailing list
https://lists.sourceforge.net/lists/listinfo/ijbswa-developers
--
My PGP public key
<http://diem.serveftp.net:8080/IanSilvesterPGPPublicKey.asc>.
Ian Silvester
2015-11-04 02:32:56 UTC
Permalink
Okay, directory name changed and all other latest binaries uploaded -
ready to be listed on www.privoxy.org at your leisure.

Cheers,

Ian
Post by Ian Silvester
That sounds like an ideal compromise Fabian, however I'll first alter
http://www.silvester.org.uk/privoxy/
and add directories for the rest of the installers and the source tarball for the sake of completeness.
I'll let you know once that alteration is complete.
Cheers,
Ian
Post by Fabian Keil
Post by Ian Silvester
http://www.silvester.org.uk/privoxy_installers/
Great.
Post by Ian Silvester
If you think it useful for me to also mirror the source tarball and
latest binaries for other platforms just say the word. I'm also happy
for thewww.privoxy.org 'Download recent releases' link to redirect here.
I suspect that the source tarball is mainly downloaded automatically
(so mirroring may not be noticed), but the Windows binaries are probably
mostly downloaded manually.
Simply redirecting the "Download recent releases" link would probably
confuse less technical users, however we could replace it with a text
| Privoxy downloads are available at SourceForge(link), if you are
| not comfortable with downloading binaries from SourceForge, please
| use of these mirrors: (link to your website), (link to the hidden
| service) etc.
Fabian
------------------------------------------------------------------------------
_______________________________________________
Ijbswa-developers mailing list
https://lists.sourceforge.net/lists/listinfo/ijbswa-developers
--
My PGP public key
<http://diem.serveftp.net:8080/IanSilvesterPGPPublicKey.asc>.
------------------------------------------------------------------------------
_______________________________________________
Ijbswa-developers mailing list
https://lists.sourceforge.net/lists/listinfo/ijbswa-developers
--
My PGP public key
<http://diem.serveftp.net:8080/IanSilvesterPGPPublicKey.asc>.
Fabian Keil
2015-11-06 14:10:54 UTC
Permalink
Post by Ian Silvester
Okay, directory name changed and all other latest binaries uploaded -
ready to be listed on www.privoxy.org at your leisure.
Done.

Fabian
Fabian Keil
2016-02-04 16:35:34 UTC
Permalink
Post by Fabian Keil
Post by Ian Silvester
I think the time has come for us to move, no? Fabian I know you've
already put some thought into this - do you have a preferred project
host, going forward?
As far as I'm concerned, moving away from SF is long overdue.
Unfortunately my impression is that self-hosting is currently the only
long-term option as all the project hosting services I'm aware of seem
http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/TODO?view=markup#l413
After talking to various self-hosting developers, I believe the
requirements could be mostly met by using Bugzilla for bug reports,
Mailman for mailing lists, Gitolite and Gitweb for version control stuff
and nginx (or Privoxy itself) as webserver.
If there are better options, I'd be interested to hear about them.
If nobody objects, I can try to get things moving by looking for a hoster
that is willing to sponsor (at least) one server in exchange for being
mentioned on the website and a contract with SPI Inc. or Zwiebelfreunde e.V.
to get the tax benefits.
I recently got the authcode for privoxy.org from Andreas and requested
a transfer to me yesterday, which should be executed within the next
couple of days.

The domain is not transferred to SPI directly because several mails
about the transfer to the SPI board and my previous technical contact
have gotten no personal reply (yet) and the fact that I can't currently
modify the DNS settings blocks the migration.

I hope that the domain can be transferred to SPI (or maybe Zwiebelfreunde e.V)
in the future, but this can wait until the service migration is done.

Fabian
Fabian Keil
2016-02-17 10:51:25 UTC
Permalink
Post by Fabian Keil
Post by Fabian Keil
Post by Ian Silvester
I think the time has come for us to move, no? Fabian I know you've
already put some thought into this - do you have a preferred project
host, going forward?
As far as I'm concerned, moving away from SF is long overdue.
Unfortunately my impression is that self-hosting is currently the only
long-term option as all the project hosting services I'm aware of seem
http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/TODO?view=markup#l413
After talking to various self-hosting developers, I believe the
requirements could be mostly met by using Bugzilla for bug reports,
Mailman for mailing lists, Gitolite and Gitweb for version control stuff
and nginx (or Privoxy itself) as webserver.
If there are better options, I'd be interested to hear about them.
If nobody objects, I can try to get things moving by looking for a hoster
that is willing to sponsor (at least) one server in exchange for being
mentioned on the website and a contract with SPI Inc. or Zwiebelfreunde e.V.
to get the tax benefits.
I recently got the authcode for privoxy.org from Andreas and requested
a transfer to me yesterday, which should be executed within the next
couple of days.
There has been a delay or two but everything seems to be sorted out now
and the new time frame is "5 business days starting from 16-2-2016".
We'll see ...

Fabian

Loading...