In the past I've worked on a set of scripts to identify potential for improvement of the supply chain within our build service. For now RPM files can be scanned for unused signature files that are available upstream and look for potentially unused https:// links, although they are available.
These scripts work on a prototype-basis, but there is a lot of follow-up work to do, e.g.:
There is a tool called caff, which is the de-facto standard when dealing with keysigning (on a large scale, e.g. after a key signing party). This tool hasn't been touch in years, is written and configured in Perl (hence cannot be read and/or maintained :smile:) and is not easy to package, because of a lot of dependencies, etc. It is not even available in our default repositories (at least for Tumbleweed). In general there seems to be a certain kind of frustration with this software, but there is no real alternative available yet.
Ideally the new toolset should allow to organize a complete keysigning party, e.g. it should assist the organizer with:
over 3 years
8 hacker ♥️.
Has no hacker:
I'm currently using urlwatch to watch for new releases in upstream projects. It monitors the output of a URL and notifies you about any changes. This works fine for URLs, but there is currently no official support for GitHub. Due to the nature of the GitHub webpages, there is a some change each time you access the page and it is difficult to come up with the right set of filters.
Since there is an official API that can be used to ask for changes in a particular repository, it would be nice if urlwatch had support for it. I've worked on a prototype in the past, but never came around to cleaning it up, and making it configurable through urlwatch's configuration files. Upstream is interested in this feature and is willing to merge it.
Since I'm a little bit of a drone-a-matic myself, and I enjoy flying around with drones, I propose to fly around/above the SUSE building, record some footage, and make a cool promo video out of it.
We could potentially use this footage (together with some recordings from inside the building taken by hand) as a promotion for the company and show others (via social media, etc.) how cool of a place SUSE and the Nürnberg office actually is.
5 hacker ♥️.
Has no hacker:
A good way of getting to know a new programming language is... writing some code. So although there are some good IRC bouncers, like ZNC, we want to write another one just for learning.
But why an IRC bouncer? Because it is not rocket science, but it implies network communication (acting as client and as server at the same time), handling concurrent connections... in a few words: it sounds fun.
I'd like to write a webservice comparable e.g. to Evernote or NextCloud. Emphasis of the project is that the server only provides storage for the actual data and keys; en- and decryption is to be performed by the client.
Optionally capabilities for sharing data with other users should be included.
From a user perspective there are many ways to secure email communication with pgp. Especially the key handling is still challenging non tekkis.
This project investigates processes techniques that are easier to handle for users by introducing hardware tokens for storing the private key.