[PATCH 0/2] Openssh service patches

[PATCH 0/2] Openssh service patches

[Clément Lassieur]

The first patch adds PAM to OpenSSH service, and enables it by default.

This allows to log in (with a public key) if the account is locked.
Otherwise, one would have to set up a password manually or, say, put '*' in
/etc/shadow (with 'usermod -p').  It matters because accounts created by
GuixSD are locked.

Whether to enable it by default is debatable because it is disabled upstream,
but it is enabled on every distribution I had a look at.

The relevant part of the documentation is:

--8<---------------cut here---------------start------------->8---
UsePAM  Enables the Pluggable Authentication Module interface.  If set to
        yes this will enable PAM authentication using
        ChallengeResponseAuthentication and PasswordAuthentication in
        addition to PAM account and session module processing for all
        authentication types.

        Because PAM challenge-response authentication usually serves an
        equivalent role to password authentication, you should disable
        either PasswordAuthentication or ChallengeResponseAuthentication.

        If UsePAM is enabled, you will not be able to run sshd(8) as a
        non-root user.  The default is no.
--8<---------------cut here---------------end--------------->8---

It also explains why I set ChallengeResponseAuthentication to 'no' by default.

The second patch removes the 'RSAAuthentication' option, which causes warnings
because it is deprecated.

Clément Lassieur (2):
  services: openssh: Use PAM in sshd by default.
  services: openssh: remove deprecated 'RSAAuthentication' option.

 gnu/services/ssh.scm | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

-- 
2.11.1

[PATCH 1/2] services: openssh: Use PAM in sshd by default.

[Clément Lassieur]

* gnu/services/ssh.scm: (%openssh-pam-services): New variable.
  (openssh-service-type): Use it to extend PAM-ROOT-SERVICE-TYPE.
  (<openssh-configuration>)[challenge-response-authentication?]: New field.
  (<openssh-configuration>)[use-pam?]: New field.
  (openssh-config-file): Add them.
---
 gnu/services/ssh.scm | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 58c35c9f5..7d6abcd33 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -278,7 +278,12 @@ The other options should be self-descriptive."
   (x11-forwarding?       openssh-configuration-x11-forwarding? ;Boolean
                          (default #f))
   (protocol-number       openssh-configuration-protocol-number ;integer
-                         (default 2)))
+                         (default 2))
+  (challenge-response-authentication?
+   openssh-configuration-challenge-response-authentication?  ;Boolean
+   (default #f))
+  (use-pam?              openssh-configuration-use-pam?  ;Boolean
+                         (default #t)))
 
 (define %openssh-accounts
   (list (user-group (name "sshd") (system? #t))
@@ -334,6 +339,13 @@ The other options should be self-descriptive."
                        "yes" "no"))
          (format port "PidFile ~a\n"
                  #$(openssh-configuration-pid-file config))
+         (format port "ChallengeResponseAuthentication ~a\n"
+                 #$(if (openssh-configuration-challenge-response-authentication?
+                        config)
+                       "yes" "no"))
+         (format port "UsePAM ~a\n"
+                 #$(if (openssh-configuration-use-pam? config)
+                       "yes" "no"))
          #t))))
 
 (define (openssh-shepherd-service config)
@@ -354,11 +366,16 @@ The other options should be self-descriptive."
                                              #:pid-file #$pid-file))
          (stop #~(make-kill-destructor)))))
 
+(define %openssh-pam-services
+  (list (unix-pam-service "sshd")))
+
 (define openssh-service-type
   (service-type (name 'openssh)
                 (extensions
                  (list (service-extension shepherd-root-service-type
                                           openssh-shepherd-service)
+                       (service-extension pam-root-service-type
+                                          (const %openssh-pam-services))
                        (service-extension activation-service-type
                                           openssh-activation)
                        (service-extension account-service-type
-- 
2.11.1

[PATCH 2/2] services: openssh: remove deprecated 'RSAAuthentication' option.

[Clément Lassieur]

* gnu/services/ssh.scm (openssh-config-file): Remove it.
  (<openssh-configuration>)[rsa-authentication?]: Remove it.
---
 gnu/services/ssh.scm | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 7d6abcd33..876caf6d5 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -273,8 +273,6 @@ The other options should be self-descriptive."
                             (default #t))
   (public-key-authentication? openssh-configuration-public-key-authentication?
                               (default #t))                         ;Boolean
-  (rsa-authentication?   openssh-configuration-rsa-authentication?  ;Boolean
-                         (default #t))
   (x11-forwarding?       openssh-configuration-x11-forwarding? ;Boolean
                          (default #f))
   (protocol-number       openssh-configuration-protocol-number ;integer
@@ -331,9 +329,6 @@ The other options should be self-descriptive."
          (format port "PubkeyAuthentication ~a\n"
                  #$(if (openssh-configuration-public-key-authentication? config)
                        "yes" "no"))
-         (format port "RSAAuthentication ~a\n"
-                 #$(if (openssh-configuration-rsa-authentication? config)
-                       "yes" "no"))
          (format port "X11Forwarding ~a\n"
                  #$(if (openssh-configuration-x11-forwarding? config)
                        "yes" "no"))
-- 
2.11.1

Re: [PATCH 0/2] Openssh service patches

[ng0]

On 17-02-17 17:37:06, Clément Lassieur wrote:
> The first patch adds PAM to OpenSSH service, and enables it by default.

Definitely a good idea. If this is applied I think it should be
communicated if it breaks peoples configurations. On the other hand,
guix reconfigure lint already complains if an option is no longer
present.
I think notifying about certain changes if they break previous
configurations is nice to have (but not mandatory, just the way I would do it).
 
The code looks reasonable, I haven't applied the changes to review it.

> This allows to log in (with a public key) if the account is locked.
> Otherwise, one would have to set up a password manually or, say, put '*' in
> /etc/shadow (with 'usermod -p').  It matters because accounts created by
> GuixSD are locked.
> 
> Whether to enable it by default is debatable because it is disabled upstream,
> but it is enabled on every distribution I had a look at.
> 
> The relevant part of the documentation is:
> 
> --8<---------------cut here---------------start------------->8---
> UsePAM  Enables the Pluggable Authentication Module interface.  If set to
>         yes this will enable PAM authentication using
>         ChallengeResponseAuthentication and PasswordAuthentication in
>         addition to PAM account and session module processing for all
>         authentication types.
> 
>         Because PAM challenge-response authentication usually serves an
>         equivalent role to password authentication, you should disable
>         either PasswordAuthentication or ChallengeResponseAuthentication.
> 
>         If UsePAM is enabled, you will not be able to run sshd(8) as a
>         non-root user.  The default is no.
> --8<---------------cut here---------------end--------------->8---
> 
> It also explains why I set ChallengeResponseAuthentication to 'no' by default.
> 
> The second patch removes the 'RSAAuthentication' option, which causes warnings
> because it is deprecated.
> 
> Clément Lassieur (2):
>   services: openssh: Use PAM in sshd by default.
>   services: openssh: remove deprecated 'RSAAuthentication' option.
> 
>  gnu/services/ssh.scm | 24 ++++++++++++++++++------
>  1 file changed, 18 insertions(+), 6 deletions(-)
> 
> -- 
> 2.11.1
> 
> 

-- 
ng0 -- https://www.inventati.org/patternsinthechaos/

Re: [PATCH 0/2] Openssh service patches

[Julien Lepiller]

On Fri, 17 Feb 2017 17:18:33 +0000
ng0 <contact.ng0@cryptolab.net> wrote:

> On 17-02-17 17:37:06, Clément Lassieur wrote:
> > The first patch adds PAM to OpenSSH service, and enables it by
> > default.  
> 
> Definitely a good idea. If this is applied I think it should be
> communicated if it breaks peoples configurations. On the other hand,
> guix reconfigure lint already complains if an option is no longer
> present.
> I think notifying about certain changes if they break previous
> configurations is nice to have (but not mandatory, just the way I
> would do it). 
> The code looks reasonable, I haven't applied the changes to review it.

I haven't applied it either, but it looks good, thank you :)

Could you also document the new fields and remove the documentation for
the old one?

> 
> > This allows to log in (with a public key) if the account is locked.
> > Otherwise, one would have to set up a password manually or, say,
> > put '*' in /etc/shadow (with 'usermod -p').  It matters because
> > accounts created by GuixSD are locked.
> > 
> > Whether to enable it by default is debatable because it is disabled
> > upstream, but it is enabled on every distribution I had a look at.
> > 
> > The relevant part of the documentation is:
> > 
> > --8<---------------cut here---------------start------------->8---
> > UsePAM  Enables the Pluggable Authentication Module interface.  If
> > set to yes this will enable PAM authentication using
> >         ChallengeResponseAuthentication and PasswordAuthentication
> > in addition to PAM account and session module processing for all
> >         authentication types.
> > 
> >         Because PAM challenge-response authentication usually
> > serves an equivalent role to password authentication, you should
> > disable either PasswordAuthentication or
> > ChallengeResponseAuthentication.
> > 
> >         If UsePAM is enabled, you will not be able to run sshd(8)
> > as a non-root user.  The default is no.
> > --8<---------------cut here---------------end--------------->8---
> > 
> > It also explains why I set ChallengeResponseAuthentication to 'no'
> > by default.
> > 
> > The second patch removes the 'RSAAuthentication' option, which
> > causes warnings because it is deprecated.
> > 
> > Clément Lassieur (2):
> >   services: openssh: Use PAM in sshd by default.
> >   services: openssh: remove deprecated 'RSAAuthentication' option.
> > 
> >  gnu/services/ssh.scm | 24 ++++++++++++++++++------
> >  1 file changed, 18 insertions(+), 6 deletions(-)
> > 
> > -- 
> > 2.11.1
> > 
> >   
> 

[PATCH 1/2] services: openssh: Enable PAM.

[Clément Lassieur]

* gnu/services/ssh.scm: (%openssh-pam-services): New variable.
  (openssh-service-type): Use it to extend PAM-ROOT-SERVICE-TYPE.
  (<openssh-configuration>)[challenge-response-authentication?]: New field.
  (<openssh-configuration>)[use-pam?]: New field.
  (openssh-config-file): Add them.
* doc/guix.texi (Networking Services): Document them.
---
 doc/guix.texi        | 16 ++++++++++++++++
 gnu/services/ssh.scm | 19 ++++++++++++++++++-
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 6cdb5e592..22eef3a64 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -9163,6 +9163,22 @@ enabled---in other words, @command{ssh} options @option{-X} and
 
 @item @code{protocol-number} (default: @code{2})
 The SSH protocol number to use.
+
+@item @code{challenge-response-authentication?} (default: @code{#f})
+Specifies whether challenge response authentication is allowed (e.g. via
+PAM).
+
+@item @code{use-pam?} (default: @code{#t})
+Enables the Pluggable Authentication Module interface.  If set to
+@code{#t}, this will enable PAM authentication using
+@code{challenge-response-authentication?} and
+@code{password-authentication?}, in addition to PAM account and session
+module processing for all authentication types.
+
+Because PAM challenge response authentication usually serves an
+equivalent role to password authentication, you should disable either
+@code{challenge-response-authentication?} or
+@code{password-authentication?}.
 @end table
 @end deftp
 
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 58c35c9f5..7d6abcd33 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -278,7 +278,12 @@ The other options should be self-descriptive."
   (x11-forwarding?       openssh-configuration-x11-forwarding? ;Boolean
                          (default #f))
   (protocol-number       openssh-configuration-protocol-number ;integer
-                         (default 2)))
+                         (default 2))
+  (challenge-response-authentication?
+   openssh-configuration-challenge-response-authentication?  ;Boolean
+   (default #f))
+  (use-pam?              openssh-configuration-use-pam?  ;Boolean
+                         (default #t)))
 
 (define %openssh-accounts
   (list (user-group (name "sshd") (system? #t))
@@ -334,6 +339,13 @@ The other options should be self-descriptive."
                        "yes" "no"))
          (format port "PidFile ~a\n"
                  #$(openssh-configuration-pid-file config))
+         (format port "ChallengeResponseAuthentication ~a\n"
+                 #$(if (openssh-configuration-challenge-response-authentication?
+                        config)
+                       "yes" "no"))
+         (format port "UsePAM ~a\n"
+                 #$(if (openssh-configuration-use-pam? config)
+                       "yes" "no"))
          #t))))
 
 (define (openssh-shepherd-service config)
@@ -354,11 +366,16 @@ The other options should be self-descriptive."
                                              #:pid-file #$pid-file))
          (stop #~(make-kill-destructor)))))
 
+(define %openssh-pam-services
+  (list (unix-pam-service "sshd")))
+
 (define openssh-service-type
   (service-type (name 'openssh)
                 (extensions
                  (list (service-extension shepherd-root-service-type
                                           openssh-shepherd-service)
+                       (service-extension pam-root-service-type
+                                          (const %openssh-pam-services))
                        (service-extension activation-service-type
                                           openssh-activation)
                        (service-extension account-service-type
-- 
2.11.1

[PATCH 2/2] services: openssh: Remove deprecated 'RSAAuthentication' option.

[Clément Lassieur]

* gnu/services/ssh.scm (openssh-config-file): Remove it.
  (<openssh-configuration>)[rsa-authentication?]: Remove it.
* doc/guix.texi (Networking Services): Remove it.
---
 doc/guix.texi        | 5 -----
 gnu/services/ssh.scm | 5 -----
 2 files changed, 10 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 22eef3a64..54d4bab89 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -9151,11 +9151,6 @@ false, users have to use other authentication method.
 Authorized public keys are stored in @file{~/.ssh/authorized_keys}.
 This is used only by protocol version 2.
 
-@item @code{rsa-authentication?} (default: @code{#t})
-When true, users may log in using pure RSA authentication.  When false,
-users have to use other means of authentication.  This is used only by
-protocol 1.
-
 @item @code{x11-forwarding?} (default: @code{#f})
 When true, forwarding of X11 graphical client connections is
 enabled---in other words, @command{ssh} options @option{-X} and
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 7d6abcd33..876caf6d5 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -273,8 +273,6 @@ The other options should be self-descriptive."
                             (default #t))
   (public-key-authentication? openssh-configuration-public-key-authentication?
                               (default #t))                         ;Boolean
-  (rsa-authentication?   openssh-configuration-rsa-authentication?  ;Boolean
-                         (default #t))
   (x11-forwarding?       openssh-configuration-x11-forwarding? ;Boolean
                          (default #f))
   (protocol-number       openssh-configuration-protocol-number ;integer
@@ -331,9 +329,6 @@ The other options should be self-descriptive."
          (format port "PubkeyAuthentication ~a\n"
                  #$(if (openssh-configuration-public-key-authentication? config)
                        "yes" "no"))
-         (format port "RSAAuthentication ~a\n"
-                 #$(if (openssh-configuration-rsa-authentication? config)
-                       "yes" "no"))
          (format port "X11Forwarding ~a\n"
                  #$(if (openssh-configuration-x11-forwarding? config)
                        "yes" "no"))
-- 
2.11.1

Re: [PATCH 2/2] services: openssh: Remove deprecated 'RSAAuthentication' option.

[Ricardo Wurmus]

Clément Lassieur <clement@lassieur.org> writes:

> * gnu/services/ssh.scm (openssh-config-file): Remove it.
>   (<openssh-configuration>)[rsa-authentication?]: Remove it.
> * doc/guix.texi (Networking Services): Remove it.
> ---
>  doc/guix.texi        | 5 -----
>  gnu/services/ssh.scm | 5 -----
>  2 files changed, 10 deletions(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index 22eef3a64..54d4bab89 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -9151,11 +9151,6 @@ false, users have to use other authentication method.
>  Authorized public keys are stored in @file{~/.ssh/authorized_keys}.
>  This is used only by protocol version 2.
>
> -@item @code{rsa-authentication?} (default: @code{#t})
> -When true, users may log in using pure RSA authentication.  When false,
> -users have to use other means of authentication.  This is used only by
> -protocol 1.
> -

Is it still possible to make SSH use protocol 1 or has this feature
disappeared?  If it is still possible I think we should not remove this
option.

--
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net

Re: [PATCH 2/2] services: openssh: Remove deprecated 'RSAAuthentication' option.

[Clément Lassieur]

Ricardo Wurmus <rekado@elephly.net> writes:
> Clément Lassieur <clement@lassieur.org> writes:
>
>> * gnu/services/ssh.scm (openssh-config-file): Remove it.
>>   (<openssh-configuration>)[rsa-authentication?]: Remove it.
>> * doc/guix.texi (Networking Services): Remove it.
>> ---
>>  doc/guix.texi        | 5 -----
>>  gnu/services/ssh.scm | 5 -----
>>  2 files changed, 10 deletions(-)
>>
>> diff --git a/doc/guix.texi b/doc/guix.texi
>> index 22eef3a64..54d4bab89 100644
>> --- a/doc/guix.texi
>> +++ b/doc/guix.texi
>> @@ -9151,11 +9151,6 @@ false, users have to use other authentication method.
>>  Authorized public keys are stored in @file{~/.ssh/authorized_keys}.
>>  This is used only by protocol version 2.
>>
>> -@item @code{rsa-authentication?} (default: @code{#t})
>> -When true, users may log in using pure RSA authentication.  When false,
>> -users have to use other means of authentication.  This is used only by
>> -protocol 1.
>> -
>
> Is it still possible to make SSH use protocol 1 or has this feature
> disappeared?  If it is still possible I think we should not remove this
> option.

Quote from https://www.openssh.com/releasenotes.html (about OpenSSH
7.4/7.4p1, which is the one we use):

    * This release removes server support for the SSH v.1 protocol.

So I think it is not possible anymore.

Re: [PATCH 2/2] services: openssh: Remove deprecated 'RSAAuthentication' option.

[ng0]

On 17-02-18 19:32:15, Clément Lassieur wrote:
> Ricardo Wurmus <rekado@elephly.net> writes:
> > Clément Lassieur <clement@lassieur.org> writes:
> >
> >> * gnu/services/ssh.scm (openssh-config-file): Remove it.
> >>   (<openssh-configuration>)[rsa-authentication?]: Remove it.
> >> * doc/guix.texi (Networking Services): Remove it.
> >> ---
> >>  doc/guix.texi        | 5 -----
> >>  gnu/services/ssh.scm | 5 -----
> >>  2 files changed, 10 deletions(-)
> >>
> >> diff --git a/doc/guix.texi b/doc/guix.texi
> >> index 22eef3a64..54d4bab89 100644
> >> --- a/doc/guix.texi
> >> +++ b/doc/guix.texi
> >> @@ -9151,11 +9151,6 @@ false, users have to use other authentication method.
> >>  Authorized public keys are stored in @file{~/.ssh/authorized_keys}.
> >>  This is used only by protocol version 2.
> >>
> >> -@item @code{rsa-authentication?} (default: @code{#t})
> >> -When true, users may log in using pure RSA authentication.  When false,
> >> -users have to use other means of authentication.  This is used only by
> >> -protocol 1.
> >> -
> >
> > Is it still possible to make SSH use protocol 1 or has this feature
> > disappeared?  If it is still possible I think we should not remove this
> > option.
> 
> Quote from https://www.openssh.com/releasenotes.html (about OpenSSH
> 7.4/7.4p1, which is the one we use):
> 
>     * This release removes server support for the SSH v.1 protocol.
> 
> So I think it is not possible anymore.
> 

As this discussion is around openssh service and you are moving some
pieces in there around:
To me it looks as if we currently have no way to make sure that
 " Subsystem sftp /path/to/lib/ssh/sftp-server " is enabled
in the sshd_config (needed for sshfs to function), is this correct?

It would be good to add the 3 or 4 lines needed for this option as well,
defaulting to #f. I won't add this as I'd prefer to wait until you're
done. If you feel like this adds not much workload to the patchset, it
would be very much appreciated as an additional patch.

[PATCH 0/4] Openssh service patches

[Clément Lassieur]

Here is an updated version of the patch series.  It containes minor changes plus:

  - removal of deprecated 'Protocol' option,
  - PrintLastLog fix,
  - addition of 'subsystems' option (as suggested by ng0, see below).

ng0, could you please test the 'Subsystem' patch? (I didn't test it.)
Actually, I'm not sure it's worth adding, since the Match directive (which is
often used along the Subsystem directive) is unsupported by the Openssh
service.

Comments are welcome!
Clément

Clément Lassieur (4):
  services: openssh: Enable PAM.
  services: openssh: Remove deprecated options.
  services: openssh: Fix 'PrintLastLog' default behaviour.
  services: openssh: Add 'subsystems' option.

 doc/guix.texi        | 45 ++++++++++++++++++++----
 gnu/services/ssh.scm | 98 +++++++++++++++++++++++++++++++++-------------------
 2 files changed, 101 insertions(+), 42 deletions(-)

-- 
2.11.1

[PATCH 1/4] services: openssh: Enable PAM.

[Clément Lassieur]

* gnu/services/ssh.scm: (%openssh-pam-services): New variable.
  (openssh-service-type): Use it to extend PAM-ROOT-SERVICE-TYPE.
  (<openssh-configuration>)[challenge-response-authentication?]: New field.
  (<openssh-configuration>)[use-pam?]: New field.
  (openssh-config-file): Add them.
* doc/guix.texi (Networking Services): Document them.
---
 doc/guix.texi        | 16 ++++++++++++++++
 gnu/services/ssh.scm | 17 ++++++++++++++++-
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 6cdb5e592..22eef3a64 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -9163,6 +9163,22 @@ enabled---in other words, @command{ssh} options @option{-X} and
 
 @item @code{protocol-number} (default: @code{2})
 The SSH protocol number to use.
+
+@item @code{challenge-response-authentication?} (default: @code{#f})
+Specifies whether challenge response authentication is allowed (e.g. via
+PAM).
+
+@item @code{use-pam?} (default: @code{#t})
+Enables the Pluggable Authentication Module interface.  If set to
+@code{#t}, this will enable PAM authentication using
+@code{challenge-response-authentication?} and
+@code{password-authentication?}, in addition to PAM account and session
+module processing for all authentication types.
+
+Because PAM challenge response authentication usually serves an
+equivalent role to password authentication, you should disable either
+@code{challenge-response-authentication?} or
+@code{password-authentication?}.
 @end table
 @end deftp
 
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 58c35c9f5..78641f526 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -278,7 +278,11 @@ The other options should be self-descriptive."
   (x11-forwarding?       openssh-configuration-x11-forwarding? ;Boolean
                          (default #f))
   (protocol-number       openssh-configuration-protocol-number ;integer
-                         (default 2)))
+                         (default 2))
+  (challenge-response-authentication? openssh-challenge-response-authentication?
+                                      (default #f)) ;Boolean
+  (use-pam?              openssh-configuration-use-pam?
+                         (default #t))) ;Boolean
 
 (define %openssh-accounts
   (list (user-group (name "sshd") (system? #t))
@@ -334,6 +338,12 @@ The other options should be self-descriptive."
                        "yes" "no"))
          (format port "PidFile ~a\n"
                  #$(openssh-configuration-pid-file config))
+         (format port "ChallengeResponseAuthentication ~a\n"
+                 #$(if (openssh-challenge-response-authentication? config)
+                       "yes" "no"))
+         (format port "UsePAM ~a\n"
+                 #$(if (openssh-configuration-use-pam? config)
+                       "yes" "no"))
          #t))))
 
 (define (openssh-shepherd-service config)
@@ -354,11 +364,16 @@ The other options should be self-descriptive."
                                              #:pid-file #$pid-file))
          (stop #~(make-kill-destructor)))))
 
+(define %openssh-pam-services
+  (list (unix-pam-service "sshd")))
+
 (define openssh-service-type
   (service-type (name 'openssh)
                 (extensions
                  (list (service-extension shepherd-root-service-type
                                           openssh-shepherd-service)
+                       (service-extension pam-root-service-type
+                                          (const %openssh-pam-services))
                        (service-extension activation-service-type
                                           openssh-activation)
                        (service-extension account-service-type
-- 
2.11.1

Re: [PATCH 1/4] services: openssh: Enable PAM.

[Clément Lassieur]

Clément Lassieur <clement@lassieur.org> writes:

> * gnu/services/ssh.scm: (%openssh-pam-services): New variable.
>   (openssh-service-type): Use it to extend PAM-ROOT-SERVICE-TYPE.
>   (<openssh-configuration>)[challenge-response-authentication?]: New field.
>   (<openssh-configuration>)[use-pam?]: New field.
>   (openssh-config-file): Add them.
> * doc/guix.texi (Networking Services): Document them.

'make check-system TESTS="openssh"' fails because of this patch.  Access
denied.  I'll have a look at it.

[PATCH] services: openssh: Enable PAM.

[Clément Lassieur]

* gnu/services/ssh.scm: (openssh-pam-services): New procedure.
  (openssh-service-type): Use it to extend PAM-ROOT-SERVICE-TYPE.
  (<openssh-configuration>)[challenge-response-authentication?]: New field.
  (<openssh-configuration>)[use-pam?]: New field.
  (openssh-config-file): Add them.
* doc/guix.texi (Networking Services): Document them.
---

This fixes the tests.

 doc/guix.texi        | 16 ++++++++++++++++
 gnu/services/ssh.scm | 21 ++++++++++++++++++++-
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 6cdb5e592..22eef3a64 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -9163,6 +9163,22 @@ enabled---in other words, @command{ssh} options @option{-X} and
 
 @item @code{protocol-number} (default: @code{2})
 The SSH protocol number to use.
+
+@item @code{challenge-response-authentication?} (default: @code{#f})
+Specifies whether challenge response authentication is allowed (e.g. via
+PAM).
+
+@item @code{use-pam?} (default: @code{#t})
+Enables the Pluggable Authentication Module interface.  If set to
+@code{#t}, this will enable PAM authentication using
+@code{challenge-response-authentication?} and
+@code{password-authentication?}, in addition to PAM account and session
+module processing for all authentication types.
+
+Because PAM challenge response authentication usually serves an
+equivalent role to password authentication, you should disable either
+@code{challenge-response-authentication?} or
+@code{password-authentication?}.
 @end table
 @end deftp
 
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 58c35c9f5..027e0d00a 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -278,7 +278,11 @@ The other options should be self-descriptive."
   (x11-forwarding?       openssh-configuration-x11-forwarding? ;Boolean
                          (default #f))
   (protocol-number       openssh-configuration-protocol-number ;integer
-                         (default 2)))
+                         (default 2))
+  (challenge-response-authentication? openssh-challenge-response-authentication?
+                                      (default #f)) ;Boolean
+  (use-pam?              openssh-configuration-use-pam?
+                         (default #t))) ;Boolean
 
 (define %openssh-accounts
   (list (user-group (name "sshd") (system? #t))
@@ -334,6 +338,12 @@ The other options should be self-descriptive."
                        "yes" "no"))
          (format port "PidFile ~a\n"
                  #$(openssh-configuration-pid-file config))
+         (format port "ChallengeResponseAuthentication ~a\n"
+                 #$(if (openssh-challenge-response-authentication? config)
+                       "yes" "no"))
+         (format port "UsePAM ~a\n"
+                 #$(if (openssh-configuration-use-pam? config)
+                       "yes" "no"))
          #t))))
 
 (define (openssh-shepherd-service config)
@@ -354,11 +364,20 @@ The other options should be self-descriptive."
                                              #:pid-file #$pid-file))
          (stop #~(make-kill-destructor)))))
 
+(define (openssh-pam-services config)
+  "Return a list of <pam-services> for sshd with CONFIG."
+  (list (unix-pam-service
+         "sshd"
+         #:allow-empty-passwords?
+         (openssh-configuration-allow-empty-passwords? config))))
+
 (define openssh-service-type
   (service-type (name 'openssh)
                 (extensions
                  (list (service-extension shepherd-root-service-type
                                           openssh-shepherd-service)
+                       (service-extension pam-root-service-type
+                                          openssh-pam-services)
                        (service-extension activation-service-type
                                           openssh-activation)
                        (service-extension account-service-type
-- 
2.11.1

Re: [PATCH] services: openssh: Enable PAM.

[Danny Milosavljevic]

LGTM!

[PATCH 2/4] services: openssh: Remove deprecated options.

[Clément Lassieur]

* gnu/services/ssh.scm (openssh-config-file): Remove them.
  (<openssh-configuration>)[rsa-authentication?]: Remove it.
  (<openssh-configuration>)[protocol-number]: Remove it.
* doc/guix.texi (Networking Services): Remove them.
---
 doc/guix.texi        |  8 --------
 gnu/services/ssh.scm | 10 ----------
 2 files changed, 18 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 22eef3a64..fdfb88046 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -9151,19 +9151,11 @@ false, users have to use other authentication method.
 Authorized public keys are stored in @file{~/.ssh/authorized_keys}.
 This is used only by protocol version 2.
 
-@item @code{rsa-authentication?} (default: @code{#t})
-When true, users may log in using pure RSA authentication.  When false,
-users have to use other means of authentication.  This is used only by
-protocol 1.
-
 @item @code{x11-forwarding?} (default: @code{#f})
 When true, forwarding of X11 graphical client connections is
 enabled---in other words, @command{ssh} options @option{-X} and
 @option{-Y} will work.
 
-@item @code{protocol-number} (default: @code{2})
-The SSH protocol number to use.
-
 @item @code{challenge-response-authentication?} (default: @code{#f})
 Specifies whether challenge response authentication is allowed (e.g. via
 PAM).
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 78641f526..fe4598927 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -273,12 +273,8 @@ The other options should be self-descriptive."
                             (default #t))
   (public-key-authentication? openssh-configuration-public-key-authentication?
                               (default #t))                         ;Boolean
-  (rsa-authentication?   openssh-configuration-rsa-authentication?  ;Boolean
-                         (default #t))
   (x11-forwarding?       openssh-configuration-x11-forwarding? ;Boolean
                          (default #f))
-  (protocol-number       openssh-configuration-protocol-number ;integer
-                         (default 2))
   (challenge-response-authentication? openssh-challenge-response-authentication?
                                       (default #f)) ;Boolean
   (use-pam?              openssh-configuration-use-pam?
@@ -311,9 +307,6 @@ The other options should be self-descriptive."
    #~(call-with-output-file #$output
        (lambda (port)
          (display "# Generated by 'openssh-service'.\n" port)
-         (format port "Protocol ~a\n"
-                 #$(if (eq? (openssh-configuration-protocol-number config) 1)
-                       "1" "2"))
          (format port "Port ~a\n"
                  #$(number->string (openssh-configuration-port-number config)))
          (format port "PermitRootLogin ~a\n"
@@ -330,9 +323,6 @@ The other options should be self-descriptive."
          (format port "PubkeyAuthentication ~a\n"
                  #$(if (openssh-configuration-public-key-authentication? config)
                        "yes" "no"))
-         (format port "RSAAuthentication ~a\n"
-                 #$(if (openssh-configuration-rsa-authentication? config)
-                       "yes" "no"))
          (format port "X11Forwarding ~a\n"
                  #$(if (openssh-configuration-x11-forwarding? config)
                        "yes" "no"))
-- 
2.11.1

Re: [PATCH 2/4] services: openssh: Remove deprecated options.

[Danny Milosavljevic]

LGTM! 

[PATCH 3/4] services: openssh: Fix 'PrintLastLog' default behaviour.

[Clément Lassieur]

* gnu/services/ssh.scm (openssh-config-file): Add 'pring-last-log?' option.
  (<openssh-configuration>)[print-last-log?]: Add it.
  (openssh-activation): Touch /var/log/lastlog.
* doc/guix.texi (Networking Services): Document 'pring-last-log?'.

Before that, the service did not work as expected because /var/log/lastlog did
not exist.
---
 doc/guix.texi        |  4 ++++
 gnu/services/ssh.scm | 13 +++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/doc/guix.texi b/doc/guix.texi
index fdfb88046..db0bf0f9b 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -9171,6 +9171,10 @@ Because PAM challenge response authentication usually serves an
 equivalent role to password authentication, you should disable either
 @code{challenge-response-authentication?} or
 @code{password-authentication?}.
+
+@item @code{print-last-log?} (default: @code{#t})
+Specifies whether @command{sshd} should print the date and time of the
+last user login when a user logs in interactively.
 @end table
 @end deftp
 
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index fe4598927..9e1449743 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -278,6 +278,8 @@ The other options should be self-descriptive."
   (challenge-response-authentication? openssh-challenge-response-authentication?
                                       (default #f)) ;Boolean
   (use-pam?              openssh-configuration-use-pam?
+                         (default #t)) ;Boolean
+  (print-last-log?       openssh-configuration-print-last-log?
                          (default #t))) ;Boolean
 
 (define %openssh-accounts
@@ -297,6 +299,14 @@ The other options should be self-descriptive."
       (mkdir-p "/etc/ssh")
       (mkdir-p (dirname #$(openssh-configuration-pid-file config)))
 
+      (define (touch file-name)
+        (call-with-output-file file-name (const #t)))
+
+      (let ((lastlog "/var/log/lastlog"))
+        (when #$(openssh-configuration-print-last-log? config)
+          (unless (file-exists? lastlog)
+            (touch lastlog))))
+
       ;; Generate missing host keys.
       (system* (string-append #$openssh "/bin/ssh-keygen") "-A")))
 
@@ -334,6 +344,9 @@ The other options should be self-descriptive."
          (format port "UsePAM ~a\n"
                  #$(if (openssh-configuration-use-pam? config)
                        "yes" "no"))
+         (format port "PrintLastLog ~a\n"
+                 #$(if (openssh-configuration-print-last-log? config)
+                       "yes" "no"))
          #t))))
 
 (define (openssh-shepherd-service config)
-- 
2.11.1

Re: [PATCH 3/4] services: openssh: Fix 'PrintLastLog' default behaviour.

[Danny Milosavljevic]

Hi,

On Tue, 21 Feb 2017 00:53:54 +0100
Clément Lassieur <clement@lassieur.org> wrote:

> * gnu/services/ssh.scm (openssh-config-file): Add 'pring-last-log?' option.
                                                         ^ typo

>   (<openssh-configuration>)[print-last-log?]: Add it.
>   (openssh-activation): Touch /var/log/lastlog.

Indentation is too much here.

> * doc/guix.texi (Networking Services): Document 'pring-last-log?'.
                                                       ^ typo

> +      (let ((lastlog "/var/log/lastlog"))
> +        (when #$(openssh-configuration-print-last-log? config)
> +          (unless (file-exists? lastlog)
> +            (touch lastlog))))
> +

Hmm. What about the permissions? Are they OK?

Otherwise LGTM!

Re: [PATCH 3/4] services: openssh: Fix 'PrintLastLog' default behaviour.

[Clément Lassieur]

Danny Milosavljevic <dannym@scratchpost.org> writes:

> Hi,
>
> On Tue, 21 Feb 2017 00:53:54 +0100
> Clément Lassieur <clement@lassieur.org> wrote:
>
>> * gnu/services/ssh.scm (openssh-config-file): Add 'pring-last-log?' option.
>                                                          ^ typo

Done.

>>   (<openssh-configuration>)[print-last-log?]: Add it.
>>   (openssh-activation): Touch /var/log/lastlog.
>
> Indentation is too much here.

Done, on other patches too.

>> * doc/guix.texi (Networking Services): Document 'pring-last-log?'.
>                                                        ^ typo

Done.

>> +      (let ((lastlog "/var/log/lastlog"))
>> +        (when #$(openssh-configuration-print-last-log? config)
>> +          (unless (file-exists? lastlog)
>> +            (touch lastlog))))
>> +
>
> Hmm. What about the permissions? Are they OK?

The permissions are OK (644, root:root).

> Otherwise LGTM!

Thank you!

I'll answer this with the three openssh updated patches.

[PATCH 1/3] services: openssh: Enable PAM.

[Clément Lassieur]

* gnu/services/ssh.scm: (openssh-pam-services): New procedure.
(openssh-service-type): Use it to extend PAM-ROOT-SERVICE-TYPE.
(<openssh-configuration>)[challenge-response-authentication?]: New field.
(<openssh-configuration>)[use-pam?]: New field.
(openssh-config-file): Add them.
* doc/guix.texi (Networking Services): Document them.
---
 doc/guix.texi        | 16 ++++++++++++++++
 gnu/services/ssh.scm | 21 ++++++++++++++++++++-
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index be11096a4..e07c2437a 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -9170,6 +9170,22 @@ enabled---in other words, @command{ssh} options @option{-X} and
 
 @item @code{protocol-number} (default: @code{2})
 The SSH protocol number to use.
+
+@item @code{challenge-response-authentication?} (default: @code{#f})
+Specifies whether challenge response authentication is allowed (e.g. via
+PAM).
+
+@item @code{use-pam?} (default: @code{#t})
+Enables the Pluggable Authentication Module interface.  If set to
+@code{#t}, this will enable PAM authentication using
+@code{challenge-response-authentication?} and
+@code{password-authentication?}, in addition to PAM account and session
+module processing for all authentication types.
+
+Because PAM challenge response authentication usually serves an
+equivalent role to password authentication, you should disable either
+@code{challenge-response-authentication?} or
+@code{password-authentication?}.
 @end table
 @end deftp
 
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 7b2d4a8f0..d5942e6e5 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -277,7 +277,11 @@ The other options should be self-descriptive."
   (x11-forwarding?       openssh-configuration-x11-forwarding? ;Boolean
                          (default #f))
   (protocol-number       openssh-configuration-protocol-number ;integer
-                         (default 2)))
+                         (default 2))
+  (challenge-response-authentication? openssh-challenge-response-authentication?
+                                      (default #f)) ;Boolean
+  (use-pam?              openssh-configuration-use-pam?
+                         (default #t))) ;Boolean
 
 (define %openssh-accounts
   (list (user-group (name "sshd") (system? #t))
@@ -333,6 +337,12 @@ The other options should be self-descriptive."
                        "yes" "no"))
          (format port "PidFile ~a\n"
                  #$(openssh-configuration-pid-file config))
+         (format port "ChallengeResponseAuthentication ~a\n"
+                 #$(if (openssh-challenge-response-authentication? config)
+                       "yes" "no"))
+         (format port "UsePAM ~a\n"
+                 #$(if (openssh-configuration-use-pam? config)
+                       "yes" "no"))
          #t))))
 
 (define (openssh-shepherd-service config)
@@ -353,11 +363,20 @@ The other options should be self-descriptive."
                                              #:pid-file #$pid-file))
          (stop #~(make-kill-destructor)))))
 
+(define (openssh-pam-services config)
+  "Return a list of <pam-services> for sshd with CONFIG."
+  (list (unix-pam-service
+         "sshd"
+         #:allow-empty-passwords?
+         (openssh-configuration-allow-empty-passwords? config))))
+
 (define openssh-service-type
   (service-type (name 'openssh)
                 (extensions
                  (list (service-extension shepherd-root-service-type
                                           openssh-shepherd-service)
+                       (service-extension pam-root-service-type
+                                          openssh-pam-services)
                        (service-extension activation-service-type
                                           openssh-activation)
                        (service-extension account-service-type
-- 
2.12.0

[PATCH 2/3] services: openssh: Remove deprecated options.

[Clément Lassieur]

* gnu/services/ssh.scm (openssh-config-file): Remove them.
(<openssh-configuration>)[rsa-authentication?]: Remove it.
(<openssh-configuration>)[protocol-number]: Remove it.
* doc/guix.texi (Networking Services): Remove them.
---
 doc/guix.texi        |  8 --------
 gnu/services/ssh.scm | 10 ----------
 2 files changed, 18 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index e07c2437a..0d57cde2c 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -9158,19 +9158,11 @@ false, users have to use other authentication method.
 Authorized public keys are stored in @file{~/.ssh/authorized_keys}.
 This is used only by protocol version 2.
 
-@item @code{rsa-authentication?} (default: @code{#t})
-When true, users may log in using pure RSA authentication.  When false,
-users have to use other means of authentication.  This is used only by
-protocol 1.
-
 @item @code{x11-forwarding?} (default: @code{#f})
 When true, forwarding of X11 graphical client connections is
 enabled---in other words, @command{ssh} options @option{-X} and
 @option{-Y} will work.
 
-@item @code{protocol-number} (default: @code{2})
-The SSH protocol number to use.
-
 @item @code{challenge-response-authentication?} (default: @code{#f})
 Specifies whether challenge response authentication is allowed (e.g. via
 PAM).
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index d5942e6e5..d0eb043c1 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -272,12 +272,8 @@ The other options should be self-descriptive."
                             (default #t))
   (public-key-authentication? openssh-configuration-public-key-authentication?
                               (default #t))                         ;Boolean
-  (rsa-authentication?   openssh-configuration-rsa-authentication?  ;Boolean
-                         (default #t))
   (x11-forwarding?       openssh-configuration-x11-forwarding? ;Boolean
                          (default #f))
-  (protocol-number       openssh-configuration-protocol-number ;integer
-                         (default 2))
   (challenge-response-authentication? openssh-challenge-response-authentication?
                                       (default #f)) ;Boolean
   (use-pam?              openssh-configuration-use-pam?
@@ -310,9 +306,6 @@ The other options should be self-descriptive."
    #~(call-with-output-file #$output
        (lambda (port)
          (display "# Generated by 'openssh-service'.\n" port)
-         (format port "Protocol ~a\n"
-                 #$(if (eq? (openssh-configuration-protocol-number config) 1)
-                       "1" "2"))
          (format port "Port ~a\n"
                  #$(number->string (openssh-configuration-port-number config)))
          (format port "PermitRootLogin ~a\n"
@@ -329,9 +322,6 @@ The other options should be self-descriptive."
          (format port "PubkeyAuthentication ~a\n"
                  #$(if (openssh-configuration-public-key-authentication? config)
                        "yes" "no"))
-         (format port "RSAAuthentication ~a\n"
-                 #$(if (openssh-configuration-rsa-authentication? config)
-                       "yes" "no"))
          (format port "X11Forwarding ~a\n"
                  #$(if (openssh-configuration-x11-forwarding? config)
                        "yes" "no"))
-- 
2.12.0

Re: [PATCH 2/3] services: openssh: Remove deprecated options.

[Danny Milosavljevic]

LGTM!

Re: [PATCH 2/3] services: openssh: Remove deprecated options.

[Leo Famulari]

On Fri, Mar 03, 2017 at 11:16:53AM +0100, Danny Milosavljevic wrote:
> LGTM!

+1

[PATCH 3/3] services: openssh: Fix 'PrintLastLog' default behaviour.

[Clément Lassieur]

* gnu/services/ssh.scm (openssh-config-file): Add 'print-last-log?' option.
(<openssh-configuration>)[print-last-log?]: Add it.
(openssh-activation): Touch /var/log/lastlog.
* doc/guix.texi (Networking Services): Document 'print-last-log?'.

Before that, the service did not work as expected because /var/log/lastlog did
not exist.
---
 doc/guix.texi        |  4 ++++
 gnu/services/ssh.scm | 13 +++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/doc/guix.texi b/doc/guix.texi
index 0d57cde2c..f45da4562 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -9178,6 +9178,10 @@ Because PAM challenge response authentication usually serves an
 equivalent role to password authentication, you should disable either
 @code{challenge-response-authentication?} or
 @code{password-authentication?}.
+
+@item @code{print-last-log?} (default: @code{#t})
+Specifies whether @command{sshd} should print the date and time of the
+last user login when a user logs in interactively.
 @end table
 @end deftp
 
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index d0eb043c1..5645bcfa0 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -277,6 +277,8 @@ The other options should be self-descriptive."
   (challenge-response-authentication? openssh-challenge-response-authentication?
                                       (default #f)) ;Boolean
   (use-pam?              openssh-configuration-use-pam?
+                         (default #t)) ;Boolean
+  (print-last-log?       openssh-configuration-print-last-log?
                          (default #t))) ;Boolean
 
 (define %openssh-accounts
@@ -296,6 +298,14 @@ The other options should be self-descriptive."
       (mkdir-p "/etc/ssh")
       (mkdir-p (dirname #$(openssh-configuration-pid-file config)))
 
+      (define (touch file-name)
+        (call-with-output-file file-name (const #t)))
+
+      (let ((lastlog "/var/log/lastlog"))
+        (when #$(openssh-configuration-print-last-log? config)
+          (unless (file-exists? lastlog)
+            (touch lastlog))))
+
       ;; Generate missing host keys.
       (system* (string-append #$openssh "/bin/ssh-keygen") "-A")))
 
@@ -333,6 +343,9 @@ The other options should be self-descriptive."
          (format port "UsePAM ~a\n"
                  #$(if (openssh-configuration-use-pam? config)
                        "yes" "no"))
+         (format port "PrintLastLog ~a\n"
+                 #$(if (openssh-configuration-print-last-log? config)
+                       "yes" "no"))
          #t))))
 
 (define (openssh-shepherd-service config)
-- 
2.12.0

Re: [PATCH 3/3] services: openssh: Fix 'PrintLastLog' default behaviour.

[Danny Milosavljevic]

LGTM!

By the way everyone, can we eventually put 'touch into a common module? By now lots of files reimplement it.

Re: [PATCH 3/3] services: openssh: Fix 'PrintLastLog' default behaviour.

[Leo Famulari]

On Fri, Mar 03, 2017 at 11:19:06AM +0100, Danny Milosavljevic wrote:
> LGTM!

+1

Re: [PATCH 1/3] services: openssh: Enable PAM.

[Danny Milosavljevic]

LGTM!

Re: [PATCH 1/3] services: openssh: Enable PAM.

[Leo Famulari]

On Fri, Mar 03, 2017 at 11:16:24AM +0100, Danny Milosavljevic wrote:
> LGTM!

+1

Re: [PATCH 1/3] services: openssh: Enable PAM.

[Danny Milosavljevic]

All 3 committed to master (as commits f895dce41b5495849a7e26fef747db14f6dd4ef0, 1806a670f06bd745e7e3744046f50bb6f9113d26, 563c5d42c954eacc54151d46a04ae14b9dbb1a10).

[PATCH 4/4] services: openssh: Add 'subsystems' option.

[Clément Lassieur]

* gnu/services/ssh.scm (openssh-config-file): Add it.
  (<openssh-configuration>)[subsystems]: Add it.
* doc/guix.texi (Networking Services): Document it.
---
 doc/guix.texi        | 19 +++++++++++++
 gnu/services/ssh.scm | 80 +++++++++++++++++++++++++++++-----------------------
 2 files changed, 64 insertions(+), 35 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index db0bf0f9b..69ff33149 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -9175,6 +9175,25 @@ equivalent role to password authentication, you should disable either
 @item @code{print-last-log?} (default: @code{#t})
 Specifies whether @command{sshd} should print the date and time of the
 last user login when a user logs in interactively.
+
+@item @code{subsystems} (default: @code{'()})
+Configures external subsystems (e.g. file transfer daemon).
+
+This is a list of two-element tuples, where each tuple contains the
+subsystem name and a command (with optional arguments) to execute upon
+subsystem request.
+
+The command @command{sftp-server} implements the SFTP file transfer
+subsystem.
+@example
+'(("sftp" "/usr/libexec/sftp-server"))
+@end example
+
+Alternately the name @command{internal-sftp} implements an in-process
+SFTP server.
+@example
+'(("sftp" "internal-sftp"))
+@end example
 @end table
 @end deftp
 
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 9e1449743..054743d11 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -280,7 +280,9 @@ The other options should be self-descriptive."
   (use-pam?              openssh-configuration-use-pam?
                          (default #t)) ;Boolean
   (print-last-log?       openssh-configuration-print-last-log?
-                         (default #t))) ;Boolean
+                         (default #t)) ;Boolean
+  (subsystems            openssh-configuration-subsystems
+                         (default '()))) ;List of two-element tuples
 
 (define %openssh-accounts
   (list (user-group (name "sshd") (system? #t))
@@ -314,40 +316,48 @@ The other options should be self-descriptive."
   "Return the sshd configuration file corresponding to CONFIG."
   (computed-file
    "sshd_config"
-   #~(call-with-output-file #$output
-       (lambda (port)
-         (display "# Generated by 'openssh-service'.\n" port)
-         (format port "Port ~a\n"
-                 #$(number->string (openssh-configuration-port-number config)))
-         (format port "PermitRootLogin ~a\n"
-                 #$(match (openssh-configuration-permit-root-login config)
-                     (#t "yes")
-                     (#f "no")
-                     ('without-password "without-password")))
-         (format port "PermitEmptyPasswords ~a\n"
-                 #$(if (openssh-configuration-allow-empty-passwords? config)
-                       "yes" "no"))
-         (format port "PasswordAuthentication ~a\n"
-                 #$(if (openssh-configuration-password-authentication? config)
-                       "yes" "no"))
-         (format port "PubkeyAuthentication ~a\n"
-                 #$(if (openssh-configuration-public-key-authentication? config)
-                       "yes" "no"))
-         (format port "X11Forwarding ~a\n"
-                 #$(if (openssh-configuration-x11-forwarding? config)
-                       "yes" "no"))
-         (format port "PidFile ~a\n"
-                 #$(openssh-configuration-pid-file config))
-         (format port "ChallengeResponseAuthentication ~a\n"
-                 #$(if (openssh-challenge-response-authentication? config)
-                       "yes" "no"))
-         (format port "UsePAM ~a\n"
-                 #$(if (openssh-configuration-use-pam? config)
-                       "yes" "no"))
-         (format port "PrintLastLog ~a\n"
-                 #$(if (openssh-configuration-print-last-log? config)
-                       "yes" "no"))
-         #t))))
+   #~(begin
+       (use-modules (ice-9 match))
+       (call-with-output-file #$output
+         (lambda (port)
+           (display "# Generated by 'openssh-service'.\n" port)
+           (format port "Port ~a\n"
+                   #$(number->string
+                      (openssh-configuration-port-number config)))
+           (format port "PermitRootLogin ~a\n"
+                   #$(match (openssh-configuration-permit-root-login config)
+                       (#t "yes")
+                       (#f "no")
+                       ('without-password "without-password")))
+           (format port "PermitEmptyPasswords ~a\n"
+                   #$(if (openssh-configuration-allow-empty-passwords? config)
+                         "yes" "no"))
+           (format port "PasswordAuthentication ~a\n"
+                   #$(if (openssh-configuration-password-authentication? config)
+                         "yes" "no"))
+           (format port "PubkeyAuthentication ~a\n"
+                   #$(if (openssh-configuration-public-key-authentication?
+                          config)
+                         "yes" "no"))
+           (format port "X11Forwarding ~a\n"
+                   #$(if (openssh-configuration-x11-forwarding? config)
+                         "yes" "no"))
+           (format port "PidFile ~a\n"
+                   #$(openssh-configuration-pid-file config))
+           (format port "ChallengeResponseAuthentication ~a\n"
+                   #$(if (openssh-challenge-response-authentication? config)
+                         "yes" "no"))
+           (format port "UsePAM ~a\n"
+                   #$(if (openssh-configuration-use-pam? config)
+                         "yes" "no"))
+           (format port "PrintLastLog ~a\n"
+                   #$(if (openssh-configuration-print-last-log? config)
+                         "yes" "no"))
+           (for-each
+            (match-lambda
+              ((name command) (format port "Subsystem\t~a\t~a\n" name command)))
+            '#$(openssh-configuration-subsystems config))
+           #t)))))
 
 (define (openssh-shepherd-service config)
   "Return a <shepherd-service> for openssh with CONFIG."
-- 
2.11.1

Re: [PATCH 4/4] services: openssh: Add 'subsystems' option.

[Danny Milosavljevic]

Hi,

On Tue, 21 Feb 2017 00:53:55 +0100
Clément Lassieur <clement@lassieur.org> wrote:
> +This is a list of two-element tuples, 

list of pairs.

>where each tuple contains the

each pair

> +subsystem name and a command (with optional arguments) to execute upon
> +subsystem request.
> +
> +The command @command{sftp-server} implements the SFTP file transfer
> +subsystem.
> +@example
> +'(("sftp" "/usr/libexec/sftp-server"))

Hmm, that is a list in there, not a two-element tuple:

scheme@(guile-user)> (car '(("A" "B")))
$1 = ("A" "B")
scheme@(guile-user)> (car (car '(("A" "B"))))
$3 = "A"
scheme@(guile-user)> (cdr (car '(("A" "B"))))
$2 = ("B")  <---- should be "B" without the parens for tuples

So I suggest either fix the example to be a pair ("sftp" . "/usr/libexec/sftp-server") or fix the docs.

Re: [PATCH 4/4] services: openssh: Add 'subsystems' option.

[Clément Lassieur]

Hi Danny,

Danny Milosavljevic <dannym@scratchpost.org> writes:

> Hi,
>
> On Tue, 21 Feb 2017 00:53:55 +0100
> Clément Lassieur <clement@lassieur.org> wrote:
>> +This is a list of two-element tuples, 
>
> list of pairs.
>
>>where each tuple contains the
>
> each pair
>
>> +subsystem name and a command (with optional arguments) to execute upon
>> +subsystem request.
>> +
>> +The command @command{sftp-server} implements the SFTP file transfer
>> +subsystem.
>> +@example
>> +'(("sftp" "/usr/libexec/sftp-server"))
>
> Hmm, that is a list in there, not a two-element tuple:
>
> scheme@(guile-user)> (car '(("A" "B")))
> $1 = ("A" "B")
> scheme@(guile-user)> (car (car '(("A" "B"))))
> $3 = "A"
> scheme@(guile-user)> (cdr (car '(("A" "B"))))
> $2 = ("B")  <---- should be "B" without the parens for tuples
>
> So I suggest either fix the example to be a pair ("sftp" . "/usr/libexec/sftp-server") or fix the docs.

Ok.  I'll correct this later, for now I don't want to push this patch,
I'm waiting for a confirmation from ng0.

Thanks for the review!

Re: [PATCH 4/4] services: openssh: Add 'subsystems' option.

[ng0]

On 17-03-02 22:00:47, Clément Lassieur wrote:
> Hi Danny,
> 
> Danny Milosavljevic <dannym@scratchpost.org> writes:
> 
> > Hi,
> >
> > On Tue, 21 Feb 2017 00:53:55 +0100
> > Clément Lassieur <clement@lassieur.org> wrote:
> >> +This is a list of two-element tuples, 
> >
> > list of pairs.
> >
> >>where each tuple contains the
> >
> > each pair
> >
> >> +subsystem name and a command (with optional arguments) to execute upon
> >> +subsystem request.
> >> +
> >> +The command @command{sftp-server} implements the SFTP file transfer
> >> +subsystem.
> >> +@example
> >> +'(("sftp" "/usr/libexec/sftp-server"))
> >
> > Hmm, that is a list in there, not a two-element tuple:
> >
> > scheme@(guile-user)> (car '(("A" "B")))
> > $1 = ("A" "B")
> > scheme@(guile-user)> (car (car '(("A" "B"))))
> > $3 = "A"
> > scheme@(guile-user)> (cdr (car '(("A" "B"))))
> > $2 = ("B")  <---- should be "B" without the parens for tuples
> >
> > So I suggest either fix the example to be a pair ("sftp" . "/usr/libexec/sftp-server") or fix the docs.
> 
> Ok.  I'll correct this later, for now I don't want to push this patch,
> I'm waiting for a confirmation from ng0.
> 
> Thanks for the review!
> 

Okay, I've tried to figure out what the correct patches are but now that
I know the fact that subsystems was left out later (or my tree view is
wrong) is strange.

What I take from the discussion is, all is good to go except for
subsystems. I'm okay with reviewing subsystems as an individual patch
later on. For me this works. Push the 3 patches, and send the subsystems
one later as a new discussion-bug.

Re: [PATCH 4/4] services: openssh: Add 'subsystems' option.

[Danny Milosavljevic]

Hi ng0,

On Sun, 5 Mar 2017 14:50:26 +0000
ng0 <contact.ng0@cryptolab.net> wrote:

> What I take from the discussion is, all is good to go except for
> subsystems. I'm okay with reviewing subsystems as an individual patch
> later on. For me this works. Push the 3 patches, and send the subsystems
> one later as a new discussion-bug.

The 3 were pushed to master.

Patch 4 not yet. So let's discuss.

I have no preference for pairs or lists - it's just that the documentation should say what it actually expects - because the user has to write the form differently:

  Pair: '(a . b)

  List: '(a b)

Those are not compatible with each other.

(I think as the patch is written now it expects lists)

And I'm against calling pairs "two-element tuple"s. It reminds me of these math joke equations which write the value 2 in a really complicated way (but correctly) :)

And lists are definitely not two-element tuples. That would be seriously confusing.

What do you think?

Re: [PATCH 4/4] services: openssh: Add 'subsystems' option.

[Clément Lassieur]

> Hi ng0,
>
> On Sun, 5 Mar 2017 14:50:26 +0000
> ng0 <contact.ng0@cryptolab.net> wrote:
>
>> What I take from the discussion is, all is good to go except for
>> subsystems. I'm okay with reviewing subsystems as an individual patch
>> later on. For me this works. Push the 3 patches, and send the subsystems
>> one later as a new discussion-bug.
>
> The 3 were pushed to master.
>
> Patch 4 not yet. So let's discuss.
>
> I have no preference for pairs or lists - it's just that the
> documentation should say what it actually expects - because the user
> has to write the form differently:

Hi Danny,

I think there is a misunderstanding.  I didn't want to push this because
it was not tested, and because subsystems are often useless without
Match, and Match is unsupported.  The pair/list thing is not the
problem.

And I was waiting for ng0 to test, because he asked for this patch (see
http://lists.gnu.org/archive/html/guix-devel/2017-02/msg00906.html), so
I thought he was able to test.

If ng0 still needs the patch and confirms that it works well, I'm
willing to update it.  Otherwise, let's drop it.

Sorry for the confusion.
Clément

Re: [PATCH 4/4] services: openssh: Add 'subsystems' option.

[Ludovic Courtès]

Hi Clément,

Clément Lassieur <clement@lassieur.org> skribis:

> I think there is a misunderstanding.  I didn't want to push this because
> it was not tested, and because subsystems are often useless without
> Match, and Match is unsupported.  The pair/list thing is not the
> problem.
>
> And I was waiting for ng0 to test, because he asked for this patch (see
> http://lists.gnu.org/archive/html/guix-devel/2017-02/msg00906.html), so
> I thought he was able to test.
>
> If ng0 still needs the patch and confirms that it works well, I'm
> willing to update it.  Otherwise, let's drop it.

The patch looks like a useful addition.  It would be sad to drop it, no?

If you could add a test to (gnu tests ssh) that would be perfect, but
otherwise it LGTM.  Perhaps the default value for ‘subsystems’ should
include internal-sftp though, as users probably expect sftp to just work.

I don’t have any issue with using two-element lists; I think the syntax
for pairs can be a bit confusing for newcomers to it’s probably better
to avoid it in service configuration.

Thanks,
Ludo’.

Re: [PATCH 4/4] services: openssh: Add 'subsystems' option.

[ng0]

Ludovic Courtès transcribed 1.1K bytes:
> Hi Clément,
> 
> Clément Lassieur <clement@lassieur.org> skribis:
> 
> > I think there is a misunderstanding.  I didn't want to push this because
> > it was not tested, and because subsystems are often useless without
> > Match, and Match is unsupported.  The pair/list thing is not the
> > problem.
> >
> > And I was waiting for ng0 to test, because he asked for this patch (see
> > http://lists.gnu.org/archive/html/guix-devel/2017-02/msg00906.html), so
> > I thought he was able to test.
> >
> > If ng0 still needs the patch and confirms that it works well, I'm
> > willing to update it.  Otherwise, let's drop it.
> 
> The patch looks like a useful addition.  It would be sad to drop it, no?
> 
> If you could add a test to (gnu tests ssh) that would be perfect, but
> otherwise it LGTM.  Perhaps the default value for ‘subsystems’ should
> include internal-sftp though, as users probably expect sftp to just work.
> 
> I don’t have any issue with using two-element lists; I think the syntax
> for pairs can be a bit confusing for newcomers to it’s probably better
> to avoid it in service configuration.
> 
> Thanks,
> Ludo’.
> 

I'm taking a break currently and only deal with planing things or
documenting work and future Guix related work, so I won't test this in
the next 1 or 2 weeks.
I am fairly sure that sshfs still needs this.

ps Clément: 'them'/'they' are pronouns if you don't know the gender and/or
prefered pronoun of a person :)

Re: [PATCH 4/4] services: openssh: Add 'subsystems' option.

[Clément Lassieur]

ng0 <contact.ng0@cryptolab.net> writes:

> Ludovic Courtès transcribed 1.1K bytes:
>> Hi Clément,
>> 
>> Clément Lassieur <clement@lassieur.org> skribis:
>> 
>> > I think there is a misunderstanding.  I didn't want to push this because
>> > it was not tested, and because subsystems are often useless without
>> > Match, and Match is unsupported.  The pair/list thing is not the
>> > problem.
>> >
>> > And I was waiting for ng0 to test, because he asked for this patch (see
>> > http://lists.gnu.org/archive/html/guix-devel/2017-02/msg00906.html), so
>> > I thought he was able to test.
>> >
>> > If ng0 still needs the patch and confirms that it works well, I'm
>> > willing to update it.  Otherwise, let's drop it.
>> 
>> The patch looks like a useful addition.  It would be sad to drop it, no?
>> 
>> If you could add a test to (gnu tests ssh) that would be perfect, but
>> otherwise it LGTM.  Perhaps the default value for ‘subsystems’ should
>> include internal-sftp though, as users probably expect sftp to just work.
>> 
>> I don’t have any issue with using two-element lists; I think the syntax
>> for pairs can be a bit confusing for newcomers to it’s probably better
>> to avoid it in service configuration.
>> 
>> Thanks,
>> Ludo’.
>> 
>
> I'm taking a break currently and only deal with planing things or
> documenting work and future Guix related work, so I won't test this in
> the next 1 or 2 weeks.
> I am fairly sure that sshfs still needs this.
>
> ps Clément: 'them'/'they' are pronouns if you don't know the gender and/or
> prefered pronoun of a person :)

Oh, I apologize.

Re: [PATCH 4/4] services: openssh: Add 'subsystems' option.

[John Darrington]

[-- Attachment #1: Type: text/plain, Size: 666 bytes --]

On Thu, Mar 16, 2017 at 08:45:27PM +0000, ng0 wrote:

     ps Cl??ment: 'them'/'they' are pronouns if you don't know the gender and/or
     prefered pronoun of a person :)


... according to some. -  but most linguists, and many orators (the president of 
the Free Software Foundation being one of them) consider this to be a misuse of 
the English language and refuse to (mis)use these words for such a purpose.

J'
     

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

grammar usage (was: Re: [PATCH 4/4] services: openssh: Add 'subsystems' option.)

[ng0]

John Darrington transcribed 1.1K bytes:
> On Thu, Mar 16, 2017 at 08:45:27PM +0000, ng0 wrote:
> 
>      ps Cl??ment: 'them'/'they' are pronouns if you don't know the gender and/or
>      prefered pronoun of a person :)
> 
> 
> ... according to some. -  but most linguists, and many orators (the president of 
> the Free Software Foundation being one of them) consider this to be a misuse of 
> the English language and refuse to (mis)use these words for such a purpose.
> 
> J'
>      
> 
> -- 
> Avoid eavesdropping.  Send strong encrypted email.
> PGP Public key ID: 1024D/2DE827B3 
> fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
> See http://sks-keyservers.net or any PGP keyserver for public key.
> 

You keep mentioning this every time it comes up. It's annoying, really.
Linguists aren't the central authority of a language.
If it's bothering you that much, this is on topic as it is in the
documentation of Guix, and there are several ways to express gender
neutral pronouns in some languages. "According to linguists" what a
larger group of people in Germany uses is also a misuse of the language.
Do they care? No.

Re: grammar usage (was: Re: [PATCH 4/4] services: openssh: Add 'subsystems' option.)

[John Darrington]

[-- Attachment #1: Type: text/plain, Size: 2480 bytes --]

On Fri, Mar 17, 2017 at 11:08:04AM +0000, ng0 wrote:
     John Darrington transcribed 1.1K bytes:
     > On Thu, Mar 16, 2017 at 08:45:27PM +0000, ng0 wrote:
     > 
     >      ps Cl??ment: 'them'/'they' are pronouns if you don't know the gender and/or
     >      prefered pronoun of a person :)
     > 
     > 
     > ... according to some. -  but most linguists, and many orators (the president of 
     > the Free Software Foundation being one of them) consider this to be a misuse of 
     > the English language and refuse to (mis)use these words for such a purpose.
     > 
     > J'
     >      
     > 
     > -- 
     > Avoid eavesdropping.  Send strong encrypted email.
     > PGP Public key ID: 1024D/2DE827B3 
     > fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
     > See http://sks-keyservers.net or any PGP keyserver for public key.
     > 
     
     You keep mentioning this every time it comes up. It's annoying, really.
     Linguists aren't the central authority of a language.

1.  Yes.  I have mentioned it several times when the subject has been brought up,
and I see no reason why I shouldn't do so the next time it is brought up.

2.  If you find it annoying then - DON'T BRING IT UP.

3.  You are right that linguists are not an authority - I never claimed that
so please don't make a strawman out of that.

     If it's bothering you that much, this is on topic as it is in the
     documentation of Guix, and there are several ways to express gender
     neutral pronouns in some languages. 

4.  So when using those languages I will be all in favour of people using
the correct word for that language.

	"According to linguists" what a
     larger group of people in Germany uses is also a misuse of the language.
     Do they care? No.

5.  That is unfortunate.  As a resident in Germany whose first language is
not German, sometimes I make mistakes when speaking German.  When I do - and
when people take the time to correct me - then I am always grateful to them.
Conversly, I often correct Germans who make mistakes in their English.  Most
appreciate the help - some, like you say, don't care.  But guess what: Das ist
mir Scheissegal!

J'


-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

Re: grammar usage (was: Re: [PATCH 4/4] services: openssh: Add 'subsystems' option.)

[ng0]

John Darrington transcribed 2.9K bytes:
> On Fri, Mar 17, 2017 at 11:08:04AM +0000, ng0 wrote:
>      John Darrington transcribed 1.1K bytes:
>      > On Thu, Mar 16, 2017 at 08:45:27PM +0000, ng0 wrote:
>      > 
>      >      ps Cl??ment: 'them'/'they' are pronouns if you don't know the gender and/or
>      >      prefered pronoun of a person :)
>      > 
>      > 
>      > ... according to some. -  but most linguists, and many orators (the president of 
>      > the Free Software Foundation being one of them) consider this to be a misuse of 
>      > the English language and refuse to (mis)use these words for such a purpose.
>      > 
>      > J'
>      >      
>      > 
>      > -- 
>      > Avoid eavesdropping.  Send strong encrypted email.
>      > PGP Public key ID: 1024D/2DE827B3 
>      > fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
>      > See http://sks-keyservers.net or any PGP keyserver for public key.
>      > 
>      
>      You keep mentioning this every time it comes up. It's annoying, really.
>      Linguists aren't the central authority of a language.
> 
> 1.  Yes.  I have mentioned it several times when the subject has been brought up,
> and I see no reason why I shouldn't do so the next time it is brought up.
> 
> 2.  If you find it annoying then - DON'T BRING IT UP.
> 
>
> 3.  You are right that linguists are not an authority - I never claimed that
> so please don't make a strawman out of that.
> 
>      If it's bothering you that much, this is on topic as it is in the
>      documentation of Guix, and there are several ways to express gender
>      neutral pronouns in some languages. 
> 
> 4.  So when using those languages I will be all in favour of people using
> the correct word for that language.
> 
> 	"According to linguists" what a
>      larger group of people in Germany uses is also a misuse of the language.
>      Do they care? No.
> 
> 5.  That is unfortunate.  As a resident in Germany whose first language is
> not German, sometimes I make mistakes when speaking German.  When I do - and
> when people take the time to correct me - then I am always grateful to them.
> Conversly, I often correct Germans who make mistakes in their English.  Most
> appreciate the help - some, like you say, don't care.  But guess what: Das ist
> mir Scheissegal!
> 
> J'
> 
> 
> -- 
> Avoid eavesdropping.  Send strong encrypted email.
> PGP Public key ID: 1024D/2DE827B3 
> fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
> See http://sks-keyservers.net or any PGP keyserver for public key.
> 

Respecting people is more important than correct grammar.

My choice of pronoun for myself is they/them. I'm not picking strawman
arguments here, all I wanted to express is that it is impolite and
disrespectful against everybody to keep correcting them.
Especially if english is your native language.

Re: grammar usage (was: Re: [PATCH 4/4] services: openssh: Add 'subsystems' option.)

[John Darrington]

[-- Attachment #1: Type: text/plain, Size: 724 bytes --]

On Fri, Mar 17, 2017 at 10:42:10AM +0000, ng0 wrote:
     
     Respecting people is more important than correct grammar.

I agree.  So please afford me a little respect.
     
     My choice of pronoun for myself is they/them. I'm not picking strawman
     arguments here, all I wanted to express is that it is impolite and
     disrespectful against everybody to keep correcting them.

Did you notice that this last sentence of yours is correcting an assertion of mine?

J'



-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

Re: grammar usage

[Andy Wingo]

Hello John,

Misgendering a guix contributor is rude.  On the grand scale of things
it is worse than what you perceive to be misuse of language.  Continuing
to advocate for your idea on what good English is is unwelcome behavior,
especially when this advocacy ignores the issue of misgendering.

Andy

Re: grammar usage

[John Darrington]

[-- Attachment #1: Type: text/plain, Size: 1778 bytes --]

On Fri, Mar 17, 2017 at 11:57:09AM +0100, Andy Wingo wrote:
     Hello John,

Hello Andy,
     
     Misgendering a guix contributor is rude.  

If deliberate, I agree that misgendering anyone, guix contributor or not, would 
be rude.  So I have never done so.

     On the grand scale of things it is worse than what you perceive to be misuse of language.  

I don't know what you mean by "it" in the above sentence.  If you mean rudeness,
then I agree.  If you mean an inadvertent misgendering of a person then I do not.
Sometime ago, due to a misunderstanding I received a series of emails addressing
me as Frau Darrington.  I did not feel offended or insulted at all, and I cannot
imagine anyone would feel that way.

     Continuing to advocate for your idea on what good English is is unwelcome behavior,

Perhaps.  But why is it only advocacy of *my* opinion which is unwelcome whereas
that of others is perfectly acceptable?  I feel that I am being victimised here.

     especially when this advocacy ignores the issue of misgendering.

That opinion I do reject.    I think that the occasional, inadvertent reference 
to a person with a pronoun of the incorrect gender scores very low on the scale
of world problems.  It is certainly no worse that refering to that person with
a pronoun of the wrong grammatical number.

I'm sorry that we cannot agree on this subject, but as it is orthogonal to the
remit of this mailing list, I suggest that we drop the subject and not bring
it up again.

J'

     

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

Re: grammar usage

[Andy Wingo]

Hi,

I agree that we need to drop this subject.  This will be my last mail in
this thread as well.

On Fri 17 Mar 2017 12:12, John Darrington <john@darrington.wattle.id.au> writes:

> Sometime ago, due to a misunderstanding I received a series of emails
> addressing me as Frau Darrington.  I did not feel offended or insulted
> at all, and I cannot imagine anyone would feel that way.

I understand you feel this way, however to others the effect is
important.  To trans and non-binary people, being at the receiving end
of a stream of misgenderings (intentional or not) is a constant
irritation, reminding them that they are not welcome in that part of the
world.  We want Guix to be welcoming to everyone, so we should be
attentive to hints about what pronoun people would like others to use
when referring to them.

> Why is it only advocacy of *my* opinion which is unwelcome whereas
> that of others is perfectly acceptable?  I feel that I am being
> victimised here.

To create a welcoming environment for more people and especially people
who are marginalized, we must make some behaviors unwelcome.  In this
case, advocating this opinion of what is correct English contributes to
the marginalization of trans and non-binary people, and for that reason
I think it is appropriate for the Guix project to discourage this
behavior in its spaces.

Andy

Re: grammar usage

[Ricardo Wurmus]

Andy Wingo <wingo@igalia.com> writes:

[…]

> I understand you feel this way, however to others the effect is
> important.  To trans and non-binary people, being at the receiving end
> of a stream of misgenderings (intentional or not) is a constant
> irritation, reminding them that they are not welcome in that part of the
> world.  We want Guix to be welcoming to everyone, so we should be
> attentive to hints about what pronoun people would like others to use
> when referring to them.
>
>> Why is it only advocacy of *my* opinion which is unwelcome whereas
>> that of others is perfectly acceptable?  I feel that I am being
>> victimised here.
>
> To create a welcoming environment for more people and especially people
> who are marginalized, we must make some behaviors unwelcome.  In this
> case, advocating this opinion of what is correct English contributes to
> the marginalization of trans and non-binary people, and for that reason
> I think it is appropriate for the Guix project to discourage this
> behavior in its spaces.

Thank you, Andy.  I agree with everything you wrote, in particular how
this relates to our goal of creating a welcoming environment, which is a
main task for maintainers.

-- 
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net

Re: grammar usage

[John Darrington]

[-- Attachment #1: Type: text/plain, Size: 720 bytes --]

On Fri, Mar 17, 2017 at 02:58:43PM +0100, Ricardo Wurmus wrote:
     
     Thank you, Andy.  I agree with everything you wrote, in particular how
     this relates to our goal of creating a welcoming environment, which is a
     main task for maintainers.
     

I am all for creating a welcoming environment.  Unfortunately I do
not think making reproachful, judgemental, censorious, or sanctimonious
comments to anyone whose opinions differ from one's own achieves this.

J'

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

Re: grammar usage

[Mathieu Lirzin]

Hello Ricardo,

Ricardo Wurmus <rekado@elephly.net> writes:

> Andy Wingo <wingo@igalia.com> writes:
>
> […]
>
>> I understand you feel this way, however to others the effect is
>> important.  To trans and non-binary people, being at the receiving end
>> of a stream of misgenderings (intentional or not) is a constant
>> irritation, reminding them that they are not welcome in that part of the
>> world.  We want Guix to be welcoming to everyone, so we should be
>> attentive to hints about what pronoun people would like others to use
>> when referring to them.
>>
>>> Why is it only advocacy of *my* opinion which is unwelcome whereas
>>> that of others is perfectly acceptable?  I feel that I am being
>>> victimised here.
>>
>> To create a welcoming environment for more people and especially people
>> who are marginalized, we must make some behaviors unwelcome.  In this
>> case, advocating this opinion of what is correct English contributes to
>> the marginalization of trans and non-binary people, and for that reason
>> I think it is appropriate for the Guix project to discourage this
>> behavior in its spaces.
>
> Thank you, Andy.  I agree with everything you wrote, in particular how
> this relates to our goal of creating a welcoming environment, which is a
> main task for maintainers.

Could you tell us what this maintainer task consist of?

Thanks.

-- 
Mathieu Lirzin
GPG: F2A3 8D7E EB2B 6640 5761  070D 0ADE E100 9460 4D37

Re: grammar usage

[Ludovic Courtès]

Hi Mathieu,

Mathieu Lirzin <mthl@gnu.org> skribis:

> Ricardo Wurmus <rekado@elephly.net> writes:

[...]

>> Thank you, Andy.  I agree with everything you wrote, in particular how
>> this relates to our goal of creating a welcoming environment, which is a
>> main task for maintainers.
>
> Could you tell us what this maintainer task consist of?

In a project like this, a large part of the maintainer’s time is spent
“dealing with people.”

When someone comes to us and puts energy into improving the project, we
maintainers want to welcome them and show our gratitude.  We also want
to make sure this space remains welcoming to anyone and that those
willing to help the project do not feel excluded.

HTH,
Ludo’.

Re: grammar usage

[ng0]

John Darrington transcribed 2.2K bytes:
> On Fri, Mar 17, 2017 at 11:57:09AM +0100, Andy Wingo wrote:
>      Hello John,
> 
> Hello Andy,
>      
>      Misgendering a guix contributor is rude.  
> 
> If deliberate, I agree that misgendering anyone, guix contributor or not, would 
> be rude.  So I have never done so.
> 
>      On the grand scale of things it is worse than what you perceive to be misuse of language.  
> 
> I don't know what you mean by "it" in the above sentence.  If you mean rudeness,
> then I agree.  If you mean an inadvertent misgendering of a person then I do not.
> Sometime ago, due to a misunderstanding I received a series of emails addressing
> me as Frau Darrington.  I did not feel offended or insulted at all, and I cannot
> imagine anyone would feel that way.
> 
>      Continuing to advocate for your idea on what good English is is unwelcome behavior,
> 
> Perhaps.  But why is it only advocacy of *my* opinion which is unwelcome whereas
> that of others is perfectly acceptable?  I feel that I am being victimised here.
> 
>      especially when this advocacy ignores the issue of misgendering.
> 
> That opinion I do reject.    I think that the occasional, inadvertent reference 
> to a person with a pronoun of the incorrect gender scores very low on the scale
> of world problems.  It is certainly no worse that refering to that person with
> a pronoun of the wrong grammatical number.
> 
> I'm sorry that we cannot agree on this subject, but as it is orthogonal to the
> remit of this mailing list, I suggest that we drop the subject and not bring
> it up again.
> 
> J'
> 
>      
> 
> -- 
> Avoid eavesdropping.  Send strong encrypted email.
> PGP Public key ID: 1024D/2DE827B3 
> fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
> See http://sks-keyservers.net or any PGP keyserver for public key.
> 

For the record, as this is public and I can point to it as a case for
others: Please search Duckduckgo/searx/Google for either of
"cis-privileges", "cis privileges" "cisgender privilege" and
educate yourselves about it.
This is my last answer to this subthread.

Thanks Andy.

Re: grammar usage (was: Re: [PATCH 4/4] services: openssh: Add 'subsystems' option.)

[Tobias Geerinckx-Rice]

[-- Attachment #1.1: Type: text/plain, Size: 1185 bytes --]

No.

John, I find you very rude in this thread. Please stop dismissing as
‘reproachful, judgemental, censorious, or sanctimonious’ anyone who
dares correct your unsolicited incorrections. Yelling ‘DON'T BRING IT
UP’ when they address your behaviour isn't helping your case either.

Everyone's allowing themselves one sneaky reply. Here's mine.

On 17/03/17 06:36, John Darrington wrote:
> ... according to some.

According to the vast majority of contemporary English speakers.
This is not a matter of opinion.

‘They’ has been in common use as a gender-neutral singular pronoun for
centuries. The (pseudo-)linguistic case against it remains as
unconvincing today as it was then.

> but most linguists, and many orators (the president of the Free 
> Software Foundation being one of them) consider this to be a misuse 
> of the English language and refuse to (mis)use these words for such
> a purpose.

They then promptly, disingenuously, linguistically, and politically
misuse English in order to thrust masculinity upon people against their
will, or by default. I find the whole ruse tiringly transparent.

Kind regards,

T(hey, btw) G-R


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 476 bytes --]

Re: grammar usage (was: Re: [PATCH 4/4] services: openssh: Add 'subsystems' option.)

[John Darrington]

[-- Attachment #1: Type: text/plain, Size: 1611 bytes --]

On Fri, Mar 17, 2017 at 05:13:49PM +0100, Tobias Geerinckx-Rice wrote:
     No.
     
     John, I find you very rude in this thread. Please stop dismissing as
     ???reproachful, judgemental, censorious, or sanctimonious??? anyone who
     dares correct your unsolicited incorrections. Yelling ???DON'T BRING IT
     UP??? when they address your behaviour isn't helping your case either.

I would point out that I did not raise this issue.  I have taken great pains to 
avoid rudeness in this thread.  Suggesting that a person does not raise a topic,
 orthogonal to guix, if it is likely to produce a response that annoys him/her
is entirely appropriate.  


     > but most linguists, and many orators (the president of the Free 
     > Software Foundation being one of them) consider this to be a misuse 
     > of the English language and refuse to (mis)use these words for such
     > a purpose.
     
     They then promptly, disingenuously, linguistically, and politically
     misuse English in order to thrust masculinity upon people against their
     will, or by default. 
     
So most linguists do that do they?  If you have evidence to back this up, then
please present it.  If you cannot, the be aware there are terms for people 
who display intolerant or prejudical attitudes such as this in the absence
of supporting evidence.

J'


-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

Re: [PATCH 4/4] services: openssh: Add 'subsystems' option.

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 765 bytes --]

On Fri, Mar 17, 2017 at 06:36:20AM +0100, John Darrington wrote:
> On Thu, Mar 16, 2017 at 08:45:27PM +0000, ng0 wrote:
> 
>      ps Cl??ment: 'them'/'they' are pronouns if you don't know the gender and/or
>      prefered pronoun of a person :)
> 
> 
> ... according to some. -  but most linguists, and many orators (the president of 
> the Free Software Foundation being one of them) consider this to be a misuse of 
> the English language and refuse to (mis)use these words for such a purpose.

As a native USA English speaker, I think this usage is fine, and widely
accepted by speakers, at least in this country. There are some cases
where it sounds a little clunky, but we don't have other words for this
use case that enjoy wider common usage.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH 4/4] services: openssh: Add 'subsystems' option.

[John Darrington]

[-- Attachment #1: Type: text/plain, Size: 1636 bytes --]

On Fri, Mar 17, 2017 at 12:21:31PM -0400, Leo Famulari wrote:
     On Fri, Mar 17, 2017 at 06:36:20AM +0100, John Darrington wrote:
     > On Thu, Mar 16, 2017 at 08:45:27PM +0000, ng0 wrote:
     > 
     >      ps Cl??ment: 'them'/'they' are pronouns if you don't know the gender and/or
     >      prefered pronoun of a person :)
     > 
     > 
     > ... according to some. -  but most linguists, and many orators (the president of 
     > the Free Software Foundation being one of them) consider this to be a misuse of 
     > the English language and refuse to (mis)use these words for such a purpose.
     
     As a native USA English speaker, I think this usage is fine, and widely
     accepted by speakers, at least in this country. There are some cases
     where it sounds a little clunky, but we don't have other words for this
     use case that enjoy wider common usage.

I am glad that at least one person can express a point of view  and be polite about
it at the same time.   If you think it is fine, then it is your right to use it.

I find it confusing and clunky in most cases, and I refuse to use it.    I also
reserve the right, when others advocate its use, to present my own point of view.

If anyone chooses  to  interpret that as rude, sexist, intolerant or whatever - then
that is their problem and not mine.  They will have to get over it.

J'



-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

Re: [PATCH 4/4] services: openssh: Add 'subsystems' option.

[ng0]

John Darrington transcribed 2.0K bytes:
> On Fri, Mar 17, 2017 at 12:21:31PM -0400, Leo Famulari wrote:
>      On Fri, Mar 17, 2017 at 06:36:20AM +0100, John Darrington wrote:
>      > On Thu, Mar 16, 2017 at 08:45:27PM +0000, ng0 wrote:
>      > 
>      >      ps Cl??ment: 'them'/'they' are pronouns if you don't know the gender and/or
>      >      prefered pronoun of a person :)
>      > 
>      > 
>      > ... according to some. -  but most linguists, and many orators (the president of 
>      > the Free Software Foundation being one of them) consider this to be a misuse of 
>      > the English language and refuse to (mis)use these words for such a purpose.
>      
>      As a native USA English speaker, I think this usage is fine, and widely
>      accepted by speakers, at least in this country. There are some cases
>      where it sounds a little clunky, but we don't have other words for this
>      use case that enjoy wider common usage.
> 
> I am glad that at least one person can express a point of view  and be polite about
> it at the same time.   If you think it is fine, then it is your right to use it.
> 
> I find it confusing and clunky in most cases, and I refuse to use it.    I also
> reserve the right, when others advocate its use, to present my own point of view.
> 
> If anyone chooses  to  interpret that as rude, sexist, intolerant or whatever - then
> that is their problem and not mine.  They will have to get over it.

Okay, so you are just one of those ignorant assholes who drive people
away from projects because they think their are the middle of the
universe and other problems don't exist because they have never
experienced them and oh deity forbid if someone insults their holy
grammarbooks and linguists. Cool. Glad that we have solved that.

That's actually the first time that I'm not polite. But I can't be
polite to ignorant people. I just won't work with you anymore and ignore
you, as you choose to ignore other people with your behavior and
invalidate their existence and bother them with your view of what's
"correct" and what's not.

Have a nice life.

> J'
> 
> 
> 
> -- 
> Avoid eavesdropping.  Send strong encrypted email.
> PGP Public key ID: 1024D/2DE827B3 
> fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
> See http://sks-keyservers.net or any PGP keyserver for public key.

Re: [PATCH 4/4] services: openssh: Add 'subsystems' option.

[Mathieu Lirzin]

ng0 <contact.ng0@cryptolab.net> writes:

> John Darrington transcribed 2.0K bytes:
>
>> I am glad that at least one person can express a point of view  and be polite about
>> it at the same time.   If you think it is fine, then it is your right to use it.
>> 
>> I find it confusing and clunky in most cases, and I refuse to use it.    I also
>> reserve the right, when others advocate its use, to present my own point of view.
>> 
>> If anyone chooses  to  interpret that as rude, sexist, intolerant or whatever - then
>> that is their problem and not mine.  They will have to get over it.
>
> Okay, so you are just one of those ignorant assholes who drive people
> away from projects because they think their are the middle of the
> universe and other problems don't exist because they have never
> experienced them and oh deity forbid if someone insults their holy
> grammarbooks and linguists. Cool. Glad that we have solved that.
>
> That's actually the first time that I'm not polite. But I can't be
> polite to ignorant people. I just won't work with you anymore and ignore
> you, as you choose to ignore other people with your behavior and
> invalidate their existence and bother them with your view of what's
> "correct" and what's not.

This reaction is highly intolerant and not acceptable in this community.
Disagreeing doesn't justify being rude or insulting people.

-- 
Mathieu Lirzin
GPG: F2A3 8D7E EB2B 6640 5761  070D 0ADE E100 9460 4D37

Re: [PATCH 4/4] services: openssh: Add 'subsystems' option.

[ng0]

Mathieu Lirzin transcribed 1.4K bytes:
> ng0 <contact.ng0@cryptolab.net> writes:
> 
> > John Darrington transcribed 2.0K bytes:
> >
> >> I am glad that at least one person can express a point of view  and be polite about
> >> it at the same time.   If you think it is fine, then it is your right to use it.
> >> 
> >> I find it confusing and clunky in most cases, and I refuse to use it.    I also
> >> reserve the right, when others advocate its use, to present my own point of view.
> >> 
> >> If anyone chooses  to  interpret that as rude, sexist, intolerant or whatever - then
> >> that is their problem and not mine.  They will have to get over it.
> >
> > Okay, so you are just one of those ignorant assholes who drive people
> > away from projects because they think their are the middle of the
> > universe and other problems don't exist because they have never
> > experienced them and oh deity forbid if someone insults their holy
> > grammarbooks and linguists. Cool. Glad that we have solved that.
> >
> > That's actually the first time that I'm not polite. But I can't be
> > polite to ignorant people. I just won't work with you anymore and ignore
> > you, as you choose to ignore other people with your behavior and
> > invalidate their existence and bother them with your view of what's
> > "correct" and what's not.
> 
> This reaction is highly intolerant and not acceptable in this community.
> Disagreeing doesn't justify being rude or insulting people.
> 
> -- 
> Mathieu Lirzin
> GPG: F2A3 8D7E EB2B 6640 5761  070D 0ADE E100 9460 4D37
> 

May I remind you that the first reaction of John is being rude to anyone
who isn't a native speaker? Yes, my reply was rude and insulting, but if
you feel like supporting someone in that behavior in the first place
(which is disrespectful towards any newcomers who are not fluent in
english and additionally, not including, towards those who are not
binary) then this is indeed the wrong community. I don't see repetition
of John's behavior as solving the problem. It's not just in Email. It
happens on IRC too.
I doubt that inclusion of such behavior is according to the Code of
Conduct. If it is, please tell me so that I have social reasons to fork
Guix.

Re: [PATCH 4/4] services: openssh: Add 'subsystems' option.

[John Darrington]

[-- Attachment #1: Type: text/plain, Size: 1428 bytes --]

On Sat, Mar 18, 2017 at 11:52:16AM +0000, ng0 wrote:

     May I remind you that the first reaction of John is being rude to anyone
     who isn't a native speaker? 

That is absolutely not true.  I have reviewed this current thread and I do not 
see any instance of rudeness on my part.

As I have explained *most* people appreciate it when offerred corrections - be 
it code, language or whatever.  I certainly appreciate corrections of my
mistakes, and on occassion people have taken the time to thank me for the time 
I take to correct theirs.  That is what collaboration is about.  You have
explicitly asked me not to correct you - and I respect that request - I will not
do so in future.  However, if I see you giving erroneous advice to a third party
I may interject with my own opinion.

I'm sorry that you feel this way.  I would still like to work with you - and
that means I appreciate constructive criticism from anyone, about anything.

For example, we don't often speak German in Guix, but if we were to do so,
I would be very grateful to you, as a native German speaker, if you would correct
me when I make a grammatical mistake.

Regards,  


John




-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

Re: [PATCH 4/4] services: openssh: Add 'subsystems' option.

[Catonano]

[-- Attachment #1: Type: text/plain, Size: 1843 bytes --]

2017-03-18 13:10 GMT+01:00 John Darrington <john@darrington.wattle.id.au>:

> On Sat, Mar 18, 2017 at 11:52:16AM +0000, ng0 wrote:
>
>      May I remind you that the first reaction of John is being rude to
> anyone
>      who isn't a native speaker?
>
> That is absolutely not true.  I have reviewed this current thread and I do
> not
> see any instance of rudeness on my part.
>
> As I have explained *most* people appreciate it when offerred corrections
> - be
> it code, language or whatever.  I certainly appreciate corrections of my
> mistakes,


Do you ? You are fiercely fighting a correction that has been offered to
you by ng0 and by mantainers too.

Corrections are not about linguistics or programming langages only. There
are community (people) issues too.


and on occassion people have taken the time to thank me for the time
> I take to correct theirs.


Well, this is not the case, is it ?


> That is what collaboration is about.  You have
> explicitly asked me not to correct you - and I respect that request - I
> will not
> do so in future.  However, if I see you giving erroneous advice to a third
> party
> I may interject with my own opinion.
>

In so doing, you would be actively assaulting a member of this community.


>
> I'm sorry that you feel this way.


No, you're not


> I would still like to work with you - and
> that means I appreciate constructive criticism from anyone, about anything.
>

Plenty of constructive critism iis being offered, here, and you seem to be
belligerent against it

On the only basis that the criticism is not about language.


>
> For example, we don't often speak German in Guix, but if we were to do so,
> I would be very grateful to you, as a native German speaker, if you would
> correct
> me when I make a grammatical mistake.
>

Well, other people is not being grateful, here

[-- Attachment #2: Type: text/html, Size: 3043 bytes --]

Re: [PATCH 4/4] services: openssh: Add 'subsystems' option.

[Catonano]

[-- Attachment #1: Type: text/plain, Size: 2171 bytes --]

2017-03-18 12:45 GMT+01:00 Mathieu Lirzin <mthl@gnu.org>:

> ng0 <contact.ng0@cryptolab.net> writes:
>
> > John Darrington transcribed 2.0K bytes:
> >
> >> I am glad that at least one person can express a point of view  and be
> polite about
> >> it at the same time.   If you think it is fine, then it is your right
> to use it.
> >>
> >> I find it confusing and clunky in most cases, and I refuse to use it.
>   I also
> >> reserve the right, when others advocate its use, to present my own
> point of view.
> >>
> >> If anyone chooses  to  interpret that as rude, sexist, intolerant or
> whatever - then
> >> that is their problem and not mine.  They will have to get over it.
> >
> > Okay, so you are just one of those ignorant assholes who drive people
> > away from projects because they think their are the middle of the
> > universe and other problems don't exist because they have never
> > experienced them and oh deity forbid if someone insults their holy
> > grammarbooks and linguists. Cool. Glad that we have solved that.
> >
> > That's actually the first time that I'm not polite. But I can't be
> > polite to ignorant people. I just won't work with you anymore and ignore
> > you, as you choose to ignore other people with your behavior and
> > invalidate their existence and bother them with your view of what's
> > "correct" and what's not.
>
> This reaction is highly intolerant and not acceptable in this community.
> Disagreeing doesn't justify being rude or insulting people.
>

I wholeheartedly disagree

ng0's reaction is legitimate and due.

ng0 is being shown hostility.

I don't see why hostility is legitimate when one side expresses it but it's
not legitimate anymore when a reaction comes.

I don't see why John should be allowed to say "I will raise this and if
anyone feels hit they will have to deal with it"

and people's reaction to this wold be not acceptable.

The result of ng0's reaction to be deemed unacceptable would be that a
transgender person raising the issue of gendered pronouns would be dealt
with a shrug and their reaction would be dealt with... what ?

I find your remark not only ridiculous. I find it discriminating.

[-- Attachment #2: Type: text/html, Size: 2964 bytes --]

Being excellent to one another

[Ludovic Courtès]

Hi there,

Gentlefolks, please everyone calm down.  Being rude or insulting to
fellow hackers is not acceptable on the project’s communication
channels, period.  When you feel unable to express your disagreement in
a constructive and respectful manner, please delay your reply until you
can do that.

We added to the contribution guidelines in the manual a while back an
item about using gender-neutral wording in our documentation.  We’ll do
that because I believe it’s one of the modest ways in which we can help
fight gender bias in our domain, and because it’s a tiny effort and
leads to “valid” understandable English (there’s lots of documentation
about the origins of singular they, BTW.)

Besides, while I appreciate it when native English speakers provide
corrections and guidance, I think we as a project must tolerate English
mistakes in our communication.  The reason for this is very simple: most
contributors are not native English speakers.  English is our
communication medium; it shouldn’t be a hindrance to the inclusion of
contributors who do not master it.

Happy hacking!

Ludo’.

Re: Being excellent to one another

[dian_cecht]

On Sat, 18 Mar 2017 14:43:20 +0100
ludo@gnu.org (Ludovic Courtès) wrote:
> Besides, while I appreciate it when native English speakers provide
> corrections and guidance, I think we as a project must tolerate
> English mistakes in our communication.  The reason for this is very
> simple: most contributors are not native English speakers.  English
> is our communication medium; it shouldn’t be a hindrance to the
> inclusion of contributors who do not master it.

Are there any guidelines as to what parts of English one should avoid
using in documentation? If most (as you put it) contributors aren't
native English speakers, doesn't that mean we should attempt to use a
simpler vocabulary so users and contributors can read and understand
things easier?

Re: Being excellent to one another

[John Darrington]

[-- Attachment #1: Type: text/plain, Size: 834 bytes --]

On Sun, Mar 19, 2017 at 08:47:17AM -0700, dian_cecht@zoho.com wrote:
     
     Are there any guidelines as to what parts of English one should avoid
     using in documentation? 
     

There are some such guidlines.  See: 
 https://www.gnu.org/prep/standards/standards.html#Documentation

                               If most (as you put it) contributors aren't
     native English speakers, doesn't that mean we should attempt to use a
     simpler vocabulary so users and contributors can read and understand
     things easier?

I think that is a good general policy.

J'
     

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

Re: Being excellent to one another

[Ludovic Courtès]

Hi,

<dian_cecht@zoho.com> skribis:

> On Sat, 18 Mar 2017 14:43:20 +0100
> ludo@gnu.org (Ludovic Courtès) wrote:
>> Besides, while I appreciate it when native English speakers provide
>> corrections and guidance, I think we as a project must tolerate
>> English mistakes in our communication.  The reason for this is very
>> simple: most contributors are not native English speakers.  English
>> is our communication medium; it shouldn’t be a hindrance to the
>> inclusion of contributors who do not master it.
>
> Are there any guidelines as to what parts of English one should avoid
> using in documentation? If most (as you put it) contributors aren't
> native English speakers, doesn't that mean we should attempt to use a
> simpler vocabulary so users and contributors can read and understand
> things easier?

I was referring mostly to informal communications among contributors.
For the manual, I think it makes sense to stick to “correct English”.
Ideally, we’d have translations of the manual, but we’re not there yet.

Ludo’.

Re: Being excellent to one another

[Christopher Allan Webber]

Ludovic Courtès writes:

> Hi there,
>
> Gentlefolks, please everyone calm down.  Being rude or insulting to
> fellow hackers is not acceptable on the project’s communication
> channels, period.  When you feel unable to express your disagreement in
> a constructive and respectful manner, please delay your reply until you
> can do that.

[...]

> Besides, while I appreciate it when native English speakers provide
> corrections and guidance, I think we as a project must tolerate English
> mistakes in our communication.  The reason for this is very simple: most
> contributors are not native English speakers.  English is our
> communication medium; it shouldn’t be a hindrance to the inclusion of
> contributors who do not master it.

About English though, I do agree with ng0 about they/them... as a
default pronoun, especially when you don't know.  It's good English,
with longstanding history:

  https://en.wikipedia.org/wiki/Singular_they

The important thing is to not assume someone's preferred pronouns
without knowing them.  Singular they isn't your only option; I also
happen to like Spivak pronouns:

  https://en.wikipedia.org/wiki/Spivak_pronoun

... which have the delightful connection to hacker culture in their
popularity with Lambdamoo, an oldschool MUD. :)  Singular they (or even
spivak) is also acceptable as a pronoun if someone chooses that.

Of course it's possible to make mistakes, but it *is* important to try
not to misgender people... both by not making assumptions, and
especially when using the right pronouns once you do know.  I have both
seen people break down into tears and also walk away from communities
from being misgendered.  That's an important sign of respect towards the
person...  and it doesn't cost you anything to do it.

Be excellent to each other indeed... and here's one critical way to do
it.

Re: Being excellent to one another

[dian_cecht]

On Sun, 19 Mar 2017 17:40:27 -0500
Christopher Allan Webber <cwebber@dustycloud.org> wrote:
> The important thing is to not assume someone's preferred pronouns
> without knowing them.  Singular they isn't your only option; I also
> happen to like Spivak pronouns:
> 
>   https://en.wikipedia.org/wiki/Spivak_pronoun

The problem here is that I'd be suprised if many people have even heard
about these. I used to play MUDs quite a bit and have /never/ heard any
of those. They are certainly not a part of common usage, and I'd say
should be avoided for something more standard (them et al). It's a nice
idea, but overall seems like it would cause confusion, and probably
more than a few "Hey, there is a typo in the manual"-type bugs than
anything.

At least, if I picked up a random bit of documentation and saw things
like "e" used constantly, I'd assume it was a typo and not some archaic
gender-neutral pronoun.

Re: Being excellent to one another

[John Darrington]

[-- Attachment #1: Type: text/plain, Size: 3112 bytes --]

On Sun, Mar 19, 2017 at 07:57:07PM -0700, dian_cecht@zoho.com wrote:
     On Sun, 19 Mar 2017 17:40:27 -0500
     Christopher Allan Webber <cwebber@dustycloud.org> wrote:
     > The important thing is to not assume someone's preferred pronouns
     > without knowing them.  Singular they isn't your only option; I also
     > happen to like Spivak pronouns:
     > 
     >   https://en.wikipedia.org/wiki/Spivak_pronoun
     
     The problem here is that I'd be suprised if many people have even heard
     about these. I used to play MUDs quite a bit and have /never/ heard any
     of those. They are certainly not a part of common usage, and I'd say
     should be avoided for something more standard (them et al). It's a nice
     idea, but overall seems like it would cause confusion, and probably
     more than a few "Hey, there is a typo in the manual"-type bugs than
     anything.

     At least, if I picked up a random bit of documentation and saw things
     like "e" used constantly, I'd assume it was a typo and not some archaic
     gender-neutral pronoun.

I tend to agree.  These invented aspects of language are kindof fun for 
informal use but out of place in a user manual.    In a manual we should
stick to proper English - put yourself in the position of a person who
is learning English as a second language.  That person has spent months
attending language school and is starting to become confident then picks
up a manual and sees the words "pis" and "per".  It's enough to throw you
off your stride. (I remember something similar happening to me when learning
a foriegn language: I started reading a novel, and there was lots of dialogue
all in regional dialect. I felt like giving up.)

Fortunately in a user manual one very rarely needs a personal *definite* pronoun.
In GNU manuals, the long standing practise is to refer to the person using the 
program, as "you".  Occasionally a personal *indefinite* pronoun is called for and
luckily in English we have a perfect gender neutral one, viz: "one".

Some authors religiously avoid the whole issue altogether by writing every 
sentence in the passive voice - but that makes the manual extremely hard to 
understand even for very patient readers.

When writing texts, such as this email, and absolutely  *have* to use a personal
definite pronoun, I default to "she" because whereas vigilantes will pounce upon
you whenever they see "he" (ironically those people are invariably male), I've 
never had anyone complain when "she" occurs where the gender of the subject 
might well be masculine.


... and yes.  If an individual specifically requests to be referred to by
a partcular set of pronouns I will attempt to do so, but may occasionally
forget if that person wants feminine pronouns and is 6'4" and has an enormous
black wiry beard.


J'     

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

Re: Being excellent to one another

[Alex Sassmannshausen]

John Darrington writes:

> On Sun, Mar 19, 2017 at 07:57:07PM -0700, dian_cecht@zoho.com wrote:
>      On Sun, 19 Mar 2017 17:40:27 -0500
>      Christopher Allan Webber <cwebber@dustycloud.org> wrote:
>      > The important thing is to not assume someone's preferred pronouns
>      > without knowing them.  Singular they isn't your only option; I also
>      > happen to like Spivak pronouns:
>      >
>      >   https://en.wikipedia.org/wiki/Spivak_pronoun
>
>      The problem here is that I'd be suprised if many people have even heard
>      about these. I used to play MUDs quite a bit and have /never/ heard any
>      of those. They are certainly not a part of common usage, and I'd say
>      should be avoided for something more standard (them et al). It's a nice
>      idea, but overall seems like it would cause confusion, and probably
>      more than a few "Hey, there is a typo in the manual"-type bugs than
>      anything.
>
>      At least, if I picked up a random bit of documentation and saw things
>      like "e" used constantly, I'd assume it was a typo and not some archaic
>      gender-neutral pronoun.
>
> [...]

> When writing texts, such as this email, and absolutely  *have* to use a personal
> definite pronoun, I default to "she" because whereas vigilantes will pounce upon
> you whenever they see "he" (ironically those people are invariably male), I've
> never had anyone complain when "she" occurs where the gender of the subject
> might well be masculine.
>
>
> ... and yes.  If an individual specifically requests to be referred to by
> a partcular set of pronouns I will attempt to do so, but may occasionally
> forget if that person wants feminine pronouns and is 6'4" and has an enormous
> black wiry beard.

[I really don't know what your intention is with that last paragraph — I
will just ignore it, as I wouldn't want to ascribe malice…]

John, really, it's super easy:
- if you're not sure (or have forgotten), use "singular they", or ask
- if you know someone has a preference for pronouns, use those
- don't use pronouns when *you know* the other person does not identify
  with them.

If you make a mistake, no-one will tear your head off — it may well feel
like an awkward social faux pas to you, but, c'est la vie! And an
apology will show your intention was not malicious.

In manuals we can just use "singular they", because it is a well
established convention and does not cause confusion.

Someone who's learning English as a second language would hopefully have
been exposed to "singular they" in their class.  If not, they should ask
for their money back.

Regardless, it would be great for our manual to introduce them to
this lovely convention that is so widely used.

Cheers,

Alex

Re: Being excellent to one another

[John Darrington]

[-- Attachment #1: Type: text/plain, Size: 2114 bytes --]

On Mon, Mar 20, 2017 at 09:57:04AM +0100, Alex Sassmannshausen wrote:
     >
     > ... and yes.  If an individual specifically requests to be referred to by
     > a partcular set of pronouns I will attempt to do so, but may occasionally
     > forget if that person wants feminine pronouns and is 6'4" and has an enormous
     > black wiry beard.
     
     [I really don't know what your intention is with that last paragraph ??? I
     will just ignore it, as I wouldn't want to ascribe malice???]

OMG! What is wrong here?  Why would you (or anyone) think this is malicious?  The 
intention, which I thought was clear, is that if people make unusual requests
we should try to accommodate those requests, but the requestor should not be
suprised or offended if people don't always remember.  Surely that was obvious?

It is the same with the Linux vs. GNU/Linux thing.   When speaking for GNU, I
request people to say GNU/Linux when talking about the operating system.  However,
I recognise that some people have been exposed to "Linux" for a long time, and
it is hard to break the habit of a lifetime instantly.   Therefore, I don't jump
on someone saying "Gotcha" if they once forget.  I will however give them a
polite and gentle reminder.

Regarding your other comments,  as we have discussed before, we will have to
agree to disagree about singular they.   I have not the benefit of ever 
having learned English as a foreign language.  But I do remember in my elementary
school being taught NOT to use it *especially* not in written text.  And - 
perhaps because of this early tuition - it still sounds clumsy and confusing to 
me.

People having been talking about being "welcoming".  Well, I beleive the way
to achieve that is threefold:

1. Try not to offend.
2. Try not to be offended.
3. Recognise that diversity is an asset.


J'

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

Re: Being excellent to one another

[Alex Sassmannshausen]

John Darrington writes:

> On Mon, Mar 20, 2017 at 09:57:04AM +0100, Alex Sassmannshausen wrote:
>      >
>      > ... and yes.  If an individual specifically requests to be referred to by
>      > a partcular set of pronouns I will attempt to do so, but may occasionally
>      > forget if that person wants feminine pronouns and is 6'4" and has an enormous
>      > black wiry beard.
>      
>      [I really don't know what your intention is with that last paragraph ??? I
>      will just ignore it, as I wouldn't want to ascribe malice???]
>
> OMG! What is wrong here?  Why would you (or anyone) think this is malicious?  The 
> intention, which I thought was clear, is that if people make unusual requests
> we should try to accommodate those requests, but the requestor should not be
> suprised or offended if people don't always remember.  Surely that was obvious?

Not obvious at all, thanks for the clarification.

> [...]
>
> Regarding your other comments,  as we have discussed before, we will have to
> agree to disagree about singular they.   I have not the benefit of ever 
> having learned English as a foreign language.  But I do remember in my elementary
> school being taught NOT to use it *especially* not in written text.  And - 
> perhaps because of this early tuition - it still sounds clumsy and confusing to 
> me.

Perhaps we have to agree to disagree on singular they, but I hope we can
still agree on the following statements from my earlier email:

-----------------
[...] it's super easy:
- if you're not sure (or have forgotten), use "singular they", or ask
- if you know someone has a preference for pronouns, use those
- don't use pronouns when *you know* the other person does not identify
  with them.

If you make a mistake, no-one will tear your head off — it may well feel
like an awkward social faux pas to you, but, c'est la vie! And an
apology will show your intention was not malicious.

In manuals we can just use "singular they", because it is a well
established convention and does not cause confusion.
-----------------

I think if you agree with the sentiment, but dislike singular they as
the "general fall-back" then the above approach provides an inherent
method for you not to have to use that ("just ask") in the informal
context.

Alternatively it would be incumbent on you to provide an
alternative that is not just "I will bloody-mindedly stick to
gendering people when I don't know anything about them".

In the formal context, well… I think there is broad consensus that
"singular they" is awesome.

> People having been talking about being "welcoming".  Well, I beleive the way
> to achieve that is threefold:
>
> 1. Try not to offend.
> 2. Try not to be offended.
> 3. Recognise that diversity is an asset.

Absolutely, wonderful sentiment.  To that I would add:

4. Respect the integrity and right to self-definition of all participants

Ta,

Alex

Re: Being excellent to one another

[John Darrington]

[-- Attachment #1: Type: text/plain, Size: 2244 bytes --]

On Mon, Mar 20, 2017 at 11:17:28AM +0100, Alex Sassmannshausen wrote:

     Perhaps we have to agree to disagree on singular they, but I hope we can
     still agree on the following statements from my earlier email:
     
I agree to a slightly edited version:

     -----------------
     [...] sometimes there is not a simple solution, however :
     - if you know someone has a preference for particular pronouns, use those when
       refering to that person.
     - don't use pronouns when *you know* the other person does not identify
       with them.
     - if unsure, ask the person how he or she would like to be referenced.
     
     If you make a mistake, an apology will show your intention was not malicious.
     
     In manuals we can just use "singular they",  or another non-gender specific
     form of reference.
     -----------------

     
     Alternatively it would be incumbent on you to provide an
     alternative that is not just "I will bloody-mindedly stick to
     gendering people when I don't know anything about them".

It is this tendency to call any difference of opinion by terms such as 
"bloody-minded" which offends me  - I try not to take offence - but I find
hard not to.  I'm sorry.

To answer your question:  How about saying "he or she" or "the person".  

     In the formal context, well??? I think there is broad consensus that
     "singular they" is awesome.

There is a broad concensus that Donald Trump, Rodrigo Duterte and 
Recep Erdogan are awesome.    However I do not agree.

     > People having been talking about being "welcoming".  Well, I beleive the way
     > to achieve that is threefold:
     >
     > 1. Try not to offend.
     > 2. Try not to be offended.
     > 3. Recognise that diversity is an asset.
     
     Absolutely, wonderful sentiment.  To that I would add:
     
     4. Respect the integrity and right to self-definition of all participants

I agree.  Put that one in too.

J'

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

Re: Being excellent to one another

[Catonano]

[-- Attachment #1: Type: text/plain, Size: 279 bytes --]

2017-03-20 11:44 GMT+01:00 John Darrington <john@darrington.wattle.id.au>:

>
> There is a broad concensus that Donald Trump, Rodrigo Duterte and
> Recep Erdogan are awesome.    However I do not agree.
>

It seems to me that, on some issues you perfectly agree with those three.

[-- Attachment #2: Type: text/html, Size: 626 bytes --]

Re: Being excellent to one another

[Alex Sassmannshausen]

John Darrington writes:

> On Mon, Mar 20, 2017 at 11:17:28AM +0100, Alex Sassmannshausen wrote:
>
>      Perhaps we have to agree to disagree on singular they, but I hope we can
>      still agree on the following statements from my earlier email:
>
> I agree to a slightly edited version:
>
>      -----------------
>      [...] sometimes there is not a simple solution, however :
>      - if you know someone has a preference for particular pronouns, use those when
>        refering to that person.
>      - don't use pronouns when *you know* the other person does not identify
>        with them.
>      - if unsure, ask the person how he or she would like to be referenced.
>
>      If you make a mistake, an apology will show your intention was not malicious.
>
>      In manuals we can just use "singular they",  or another non-gender specific
>      form of reference.
>      -----------------

In the end, when you communicate informally, there is no arbiter of what
you write, so, to be clear, the first part above is not some form of
official guideline — just thinking out loud of what it means to engage
respectfully in a public, anonymous space.  I believe you approach in a
similar vein, which I appreciate.

The problem with your above suggestion is that it leaves out the default
case:
How will you write emails to the list?  Will you assume a default "he"?
Or a default "she"?  And what about non-binary identifying people?   We
don't know who's sitting at the other end.

Also, in the context of a default "he" usage (which you may not do, you
mentioned in the past that you sometimes default to "she"), I'm
concerned that emails are archived: they become a written representation
of what our community is like — and I do not want our community to
reinforce in a written form, that "only boys hang out around Guix / are
geeks".

>      Alternatively it would be incumbent on you to provide an
>      alternative that is not just "I will bloody-mindedly stick to
>      gendering people when I don't know anything about them".
>
> It is this tendency to call any difference of opinion by terms such as
> "bloody-minded" which offends me  - I try not to take offence - but I find
> hard not to.  I'm sorry.

My intention was to call-back to my impression of other parts of this
conversation where it seemed you were point-blank refusing to
acknowledge ng0's request.

But I can accept that you may find that an unfair characterisation, and
I phrased my sentiment too sharply in this case. My apologies for this.

> To answer your question:  How about saying "he or she" or "the person".

As mentioned above, the first renders non-binary identifying people
invisible.  For the second, if you can write a section of a manual using
"the person" in such a way that it won't sound clumsy, then by all
means.

Personally I would still suggest that "they/them/their" is wonderfully
short, to the point and unambiguous.  Also, it's a wheel that was
already invented: it has widespread usage outside of our community.

>      In the formal context, well??? I think there is broad consensus that
>      "singular they" is awesome.
>
> There is a broad concensus that Donald Trump, Rodrigo Duterte and
> Recep Erdogan are awesome.    However I do not agree.

Say whaat?  Way to blow our discussion out of proportion.  Are you
seriously suggesting the consensus established through conversation and
convention in a small community is in any way comparable to the pile of
dung that is the contemporary ridiculously complex and terrifyingly
non-egalitarian state of global authoritarian politics?

>      > People having been talking about being "welcoming".  Well, I beleive the way
>      > to achieve that is threefold:
>      >
>      > 1. Try not to offend.
>      > 2. Try not to be offended.
>      > 3. Recognise that diversity is an asset.
>
>      Absolutely, wonderful sentiment.  To that I would add:
>
>      4. Respect the integrity and right to self-definition of all participants
>
> I agree.  Put that one in too.

Nice :-)

From my perspective, I'm probably done with this conversation for now,
though will respond if specific queries are addressed at me.

Alex

Re: Being excellent to one another

[Pjotr Prins]

Erm. Despite the obvious intelligence of all Guix participants I think
we ought to stick to technical issues on this mailing list (i.e.,
guix-technical). 

Maybe we can fork these recent discussions to guix-ethical or
guix-culture? We all have good intentions, that is the general
assumption! But I think these discussions will hurt the project as a
whole. Take it elsewhere, ladies and gentleman.

Pj.

Re: Being excellent to one another

[ng0]

Pjotr Prins transcribed 0.4K bytes:
> Erm. Despite the obvious intelligence of all Guix participants I think
> we ought to stick to technical issues on this mailing list (i.e.,
> guix-technical). 
> 
> Maybe we can fork these recent discussions to guix-ethical or
> guix-culture? We all have good intentions, that is the general
> assumption! But I think these discussions will hurt the project as a
> whole. Take it elsewhere, ladies and gentleman.
> 
> Pj.
> 

Discussions about how the project is perceived and acts through the
actions of one of its members with implicit ignorance and refusal to
simply acknowledge problems, acknowledge differences, language barriers, and the
hint to read and learn (wow, new knowledge, you could actually grow on this),
are not hurting the community. It is what we need. I did not want to
follow this discussion, but it seems as it is necessary. I agree to an
earlier point which was made, and extend it: I don't want to be part of
a project which looks and behaves like almost every other project out
there, an exclusive boysclub.
I understand that the majority at least in the scope of this project is
acting and behaving welcoming,friendly and understanding.
When there are problems, the way to cope with them is not to move them
elsewhere.
This is not only about pronouns. I wished it was that easy, but it
isn't.
The default of John, if you go through irc logs, is to correct
repeatedly people who make mistakes in english. I'm asking to
acknowledge the existence of people who do not define their gender as
binary, to not regard them as exceptional or unusal, and to respect!
people who are not speaking or writing english daily. If you can't
understand them, ask politely.
To correct them without them asking for corrections is a top-down view
you can only allow yourself to have if you have more privileges than the
other person.

Now what I'm personally requesting, it shouldn't be necessary that I have
to do this: don't try to attack me. don't chery pick arguments. I don't
expect everyone to be friendly, I've lived long enough to know that this
won't work out.
We are working on this in our freetime. (as an example, not directly
related to this thread) I would not hang out in my free
time with facists, sexists, or otherwise unfriendly people.

Re: Being excellent to one another

[John Darrington]

[-- Attachment #1: Type: text/plain, Size: 775 bytes --]

On Mon, Mar 20, 2017 at 12:53:38PM +0100, Pjotr Prins wrote:
     Erm. Despite the obvious intelligence of all Guix participants I think
     we ought to stick to technical issues on this mailing list (i.e.,
     guix-technical). 
     
     Maybe we can fork these recent discussions to guix-ethical or
     guix-culture? We all have good intentions, that is the general
     assumption! But I think these discussions will hurt the project as a
     whole. 

I fully agree and have made the same sugggestion a few days ago.


J'

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

Re: Being excellent to one another

[John Darrington]

[-- Attachment #1: Type: text/plain, Size: 1667 bytes --]

On Mon, Mar 20, 2017 at 12:21:59PM +0100, Alex Sassmannshausen wrote:

     My intention was to call-back to my impression of other parts of this
     conversation where it seemed you were point-blank refusing to
     acknowledge ng0's request.

As I recall, their request was that I always use "singular they" and never to 
mention other possible alternatives to anyone.  I acknowledge their request and 
recognise their every right to make it.  But I feel no obligation to comply with
their request.  Ng0's reaction to my declining, I interpreted to mean that they 
considered it not to be a request, but a demand.  If this interpretation was 
wrong, then I apologise to them.
     
     Say whaat?  Way to blow our discussion out of proportion.  Are you
     seriously suggesting the consensus established through conversation and
     convention in a small community is in any way comparable to the pile of
     dung that is the contemporary ridiculously complex and terrifyingly
     non-egalitarian state of global authoritarian politics?

I believe the current state of global politics has come about through populism.
In part, that means some people have been coerced into supporting what
they would not otherwise have supported - because of peer pressure.  I do
support what I believe to be wrong - ethically, technically or gramatically -
simply because a majority of other people say I should.
     

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

Re: Being excellent to one another

[Ludovic Courtès]

Howdy!

John Darrington <john@darrington.wattle.id.au> skribis:

> As I recall, their request was that I always use "singular they" and never to 
> mention other possible alternatives to anyone.  I acknowledge their request and 
> recognise their every right to make it.  But I feel no obligation to comply with
> their request.  Ng0's reaction to my declining, I interpreted to mean that they 
> considered it not to be a request, but a demand.  If this interpretation was 
> wrong, then I apologise to them.

John, I think you’re playing on words here.

It’s as simple as Alex wrote it:

> - if you're not sure (or have forgotten), use "singular they", or ask
> - if you know someone has a preference for pronouns, use those
> - don't use pronouns when *you know* the other person does not identify
>   with them.

In this case, what matters is respecting the other participant who
explicitly asked to be referred to using non-gendered pronouns.  It’s a
very simple request; honoring it costs us nothing but it can make a big
difference to this person.

I don’t want anyone of us to make someone else’s life harder by
disregarding what they present as important to them.

Thanks,
Ludo’.

PS: It’s a non-technical discussion but one that’s important to have to
    make sure our group works correctly.

Re: Being excellent to one another

[John Darrington]

[-- Attachment #1: Type: text/plain, Size: 1808 bytes --]

On Mon, Mar 20, 2017 at 03:27:48PM +0100, Ludovic Court??s wrote:
     Howdy!
     
     John Darrington <john@darrington.wattle.id.au> skribis:
     
     > As I recall, their request was that I always use "singular they" and never to 
     > mention other possible alternatives to anyone.  I acknowledge their request and 
     > recognise their every right to make it.  But I feel no obligation to comply with
     > their request.  Ng0's reaction to my declining, I interpreted to mean that they 
     > considered it not to be a request, but a demand.  If this interpretation was 
     > wrong, then I apologise to them.
     
     John, I think you???re playing on words here.

I'm glad you noticed!   If you (or anyone else wishes) I will retype the 
above text using the pronoun of your choice, because I mean what I say.
     
     In this case, what matters is respecting the other participant who
     explicitly asked to be referred to using non-gendered pronouns.  It???s a
     very simple request; honoring it costs us nothing but it can make a big
     difference to this person.

I fully agree.  And I have already said that I have no problem with that, and
will do so without argument.
     
     I don???t want anyone of us to make someone else???s life harder by
     disregarding what they present as important to them.

Nobody should ever set out to make the life of another person harder.  Also,
nobody should ever start believing that what is important to them  must take
priority over what is important to another.

J'

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

Re: Being excellent to one another

[dian_cecht]

First of all, I have no clue why my email was explicitly listed in the
CC:; I'll assume that was in error.

Second, it is not my intention to insult or offend anyone here, but
some people seem to be rather thin-skinned about (possibly pretend)
slights. However, I feel I should toss my hat into the ring here for my
own reasons.

I should also make it known I have no clue who anyone in these emails
are apart from ng0 and Ludo', the rest of you could be a very advanced
Eliza for all I'm concerned, so it's pretty much impossible for me to
support anyone here.

Also feel free to ignore it if you so wish, though I'd appreciate
everyone at least read the first footnote for what will be obvious
reasons.

On Mon, 20 Mar 2017 11:17:28 +0100
Alex Sassmannshausen <alex.sassmannshausen@gmail.com> wrote:

> John Darrington writes:
> > Regarding your other comments,  as we have discussed before, we
> > will have to agree to disagree about singular they.   I have not
> > the benefit of ever having learned English as a foreign language.
> > But I do remember in my elementary school being taught NOT to use
> > it *especially* not in written text.  And - perhaps because of this
> > early tuition - it still sounds clumsy and confusing to me.  
> 
> Perhaps we have to agree to disagree on singular they,

I just want to mention that most, if not all, my English teachers
thought the use of "they" and related was entirely incorrect, so John
isn't alone here. English, simply put, lacks any "correct"
gender-neutral pronouns, despite what common usage suggest. However, as
I'd hope John is aware, common usage these days was considered the
height of vulgarity a century before, at the very least.

For anyone who reads older books, mankind as a whole used to be refered
to as "he", and while one can certainly make an issue out of that (and
I'm sure plenty of people have), it does also set a precedent for using
the male gender as a gender-neutral option, which happens to have a
rather long history.

> but I hope we
> can still agree on the following statements from my earlier email:
> 
> -----------------
> [...] it's super easy:
> - if you're not sure (or have forgotten), use "singular they", or ask
> - if you know someone has a preference for pronouns, use those
> - don't use pronouns when *you know* the other person does not
> identify with them.

I'm just going to point out that this whole 'gendering' issue is, at
least as far as I am concerned, a rather recent developement, and one
that I can't understand in the least [1]. I don't know about anyone
else, but gender == sex, and that is more-or-less that. Certainly some
people don't follow the traditional sex/gender roles (tomboys and
metrosexuals (I think that was the proper term for an effiminent male
used during the 90's, anyways) being the best examples I can come up
with), but this feels very much like hairsplitting to me, and
especially in the case of older generations use of English can very
easily work against decades of normal, /correct/, and proper usage.

> If you make a mistake, no-one will tear your head off

I haven't kept up with this thread for very long, but I will say the
tone, to me, an uninvolved (up until now) individual, sounds like a bit
witch hunt.

> In manuals we can just use "singular they", because it is a well
> established convention and does not cause confusion.

Another alternative that I just remembered running across was swapping
pronoun gender between chapters/sections. This is done with some of the
RPG books I have, so I thought I'd toss that option into the ring.

> 1. Try not to offend.
> 2. Try not to be offended.
> 3. Recognise that diversity is an asset.  
> 4. Respect the integrity and right to self-definition of all
> participants

IMO, the 4th guideline there is entirely redundant and already covered
by the 3rd.

I don't know if it is a cultural thing, or how I was raised, or what,
but as far as I am concerned part of basic social etiquette is roughly
summed up by the first two guidelines in the above list. Call me old
fasioned or a bigot or whatever, but calling a male "he" and a female
"she" is and should be perfectly acceptable, especially in this day and
age. If one takes offense to being called a "he" when they prefer
"she", then as far as I am concerned they are either looking for a
reason to be insulted (which is rather poor manners IMO) or rather
thin-skinned and thus easily injured (which is a handicap in general
social situations and also seems to assume that anyone 'misgendering'
them is making an effort at being insulting, when there is probably no
practical way for someone to identify their prefered pronoun unless
they happen to be a rather capable cross-dresser). For people who are
easily injured, I do feel sorry, and hopefully a capable psychologist
could help with that (I'd make other suggestions, but I don't feel
this is the place for such).

As far as I am concerned, being insulted or injured because someone
misgenders you is like giving pork to a Jew or Muslim; if there is no
way for the person to know that one is unable to eat pork on religious
grounds, then there is no insult nor injury and instead the receiver
should be thankful that the giver was thinking of them and brought them
a present; how one handles things after that is more a matter of custom,
how well the two know each other, and the like.

This whole issue feels like a general lack of reasonable manners[2] and
interpersonal skills, and not something that really calls for long,
drawn-out thread on the development mailing list.

ng0 wrote (in another email I'm not going to quote):
> I agree to an earlier point which was made, and extend it: I don't 
> want to be part of a project which looks and behaves like almost
> every other project out there, an exclusive boysclub.

One of the sad facts of life is that someone has to have the guts to do
what isn't normal and provide an example to others; whether we're
talking racial issues, patri/matriachy issues, ect., /someone/ has to
be willing to stick their neck out and be willing to take some of the
abuse and deal with some of the problems trailblazing forces. As ng0
mentions, refering to some projects as "boysclub"s, is a bit of a
systemic problem since most females don't seem to be willing to mention
their sex/gender to anyone, and for (I'd imagine) obvious reasons.

However, one of the nice parts about online communication is that we
neither know nor do we have any need to know one's gender, sex,
religion, orientation, or basically anything about a contributor other
than what they can and can't do. It's only when one chooses to make
these sorts of things an issue that they become one, when otherwise it
really doesn't matter.

A portion of the "The Hacker's Manifesto" that I feel is rather fitting:

  This is our world now... the world of the electron and the switch, the
  beauty of the baud. We make use of a service already existing without
  paying for what could be dirt-cheap if it wasn't run by profiteering
  gluttons, and you call us criminals. We explore... and you call us
  criminals. We seek after knowledge... and you call us criminals. We
  exist without skin color, without nationality, without religious
  bias... and you call us criminals. You build atomic bombs, you wage
  wars, you murder, cheat, and lie to us and try to make us believe it's
  for our own good, yet we're the criminals.

  Yes, I am a criminal. My crime is that of curiosity. My crime is that
  of judging people by what they say and think, not what they look like.
  My crime is that of outsmarting you, something that you will never
  forgive me for.

I think the obvious extentions could be made here (keep in mind this
was originally written, according to my copy, on 1986-01-08), and if it
were written today would likely have been included.

The one thing that is really bugging me about this whole thing is why
is anyone making this an issue? While I'm certainly not enlightened
about this new-fangled "gendering" issue, it seems to be a nonissue for
these kinds of projects; most of the women I've talked to online (most
of whom were involved in computing, some of whom even sysadmin on Big
Iron, fwiw) weren't insulted and seemed to accept that people would
assume they are male, and IMO that is a good thing.

Again, it isn't my goal to insult or offend anyone here, but I do feel
the need to toss my hat into this flame-filled ring. Maybe it will do
some good, maybe it won't. Maybe I'm not of the right mindset to
discuss these kinds of things; I prefer to attempt to be courtious,
insofar as I can be, and part of that means not taking offense to
everything that crosses my path.

All I really know is that I couldn't care less if the person I'm
talking with via this mailing list is male, female, hermaphrodite
(which I'd like to point out I have yet to see a single mention of in
these threads, and which is a definable sex, albeit a genetic
abnormality, which also lacks any real set of pronouns for themselves),
transgender (pre or post op), male-idenfifying-as-female,
female-idenfifying-as-male, gay, straight, bi, curious, a leper, a
Muslim extremist, Satan, a hillbilly, an attack helicopter, a fish, or
The Great Spaghetti Monster in the Sky. As far as I am concerned it
doesn't matter. Unless I'm mistaken, we're here to do something
worthwhile for our own reasons. All any of us here is is an email, a
pubkey, and a mass of ASCII or UTF-8 encoded data. Now, if someone is
being outright rude (which happens; computer geeks aren't known for
their social skills in general), that is a problem, but it's easy to
simply ask if they meant to be rude or not; they may have felt that
what they were saying was entirely acceptable and they will know no
different unless it is pointed out, but I don't think that sentiment
should extend to "Hey, I know I'm an X, but I want you to call me a Y"
because there are so many reasons one could make a mistake; if someone
who is clearly male ask me to call them female, then they can expect to
be 'misgendered' plenty; this isn't done as an attempt to offend, but
because I'm most likely not going remember.

To make a long email short, I'm just going to say this: This subject is
too large in scope for us to effectivly discuss, and is so far out of
the perview of guix development that, imo, it shouldn't be continued
here. I'm all for gender-neutral documentation, though how to go about
that isn't entirely clear. As far as person-to-person communication is
concerned, a simple agreement to not be offended if you are misgendered
while writers make a best effort to use the subject's prefered gender
should suffice. A modicum of courtesy should, imo, be a simple answer
to these issues and, if something comes up that is a big problem, then
the injured party should make a best attempt to resolve the issue with
the injurer and, assuming there was no malice involved, that should be
plenty. If malice is involved, then that would be the time for someone
else (or several people, which would likely be better) to get involved
and either arbitrate, or, if that fails, deal with the matter in a
harsher manner.


[1] If someone wants to try and explain the issue to me, feel free to
send me a private email, but unless you're actually dealing with this
issue yourself, don't bother. I have no real tolerance for white knights
playing at protecting other people with issues, especially when it comes
to explaining said issues. I have no reason to believe a white knight
has any grasp on the situation that would prove to be useful to me.
Since this issue was apparently brought up by/because of ng0, I'd prefer
they send me a private email so I'd have a chance to possibly enlighten
myself to the issue at hand.
[2] I'm fully aware that manners can be and are a cultural issue, but
hopefully we are all aware of these differences and have learned to
cope with them reasonably by now, and ideally respect each other's
cultural diversity.

Re: Being excellent to one another

[Ricardo Wurmus]

dian_cecht@zoho.com writes:

> For anyone who reads older books, mankind as a whole used to be refered
> to as "he", and while one can certainly make an issue out of that (and
> I'm sure plenty of people have), it does also set a precedent for using
> the male gender as a gender-neutral option, which happens to have a
> rather long history.

The generic masculine is a problem.  Since the 1970s there have been
numerous studies that were published in peer-reviewed journals that
demonstrate that the use of so-called generic masculine (in languages
with a genus) evokes a disproportionate number of male images compared
to gendered split forms or gender neutral terms.

As a result the use of generic “he” contributes to the alienation of
underrepresented groups, especially in fields like software
development.  I suggest reading some relevant research articles or a
literature review on this subject.


> I don't know about anyone
> else, but gender == sex, and that is more-or-less that.

This is not correct.  Gender has little to do with biological sex.  That
too has been the subject of research for many decades, and I encourage
everyone to browse the scientific literature on this matter.  Maybe this
simplistic view explains your misunderstandings in the rest of your
message.

>> 1. Try not to offend.
>> 2. Try not to be offended.
>> 3. Recognise that diversity is an asset.
>> 4. Respect the integrity and right to self-definition of all
>> participants
>
> IMO, the 4th guideline there is entirely redundant and already covered
> by the 3rd.

People, we already *have* a code of conduct.  There’s no need to try to
come up with one from scratch.  Please accept this.

> I don't know if it is a cultural thing, or how I was raised, or what,
> but as far as I am concerned part of basic social etiquette is roughly
> summed up by the first two guidelines in the above list. Call me old
> fasioned or a bigot or whatever, but calling a male "he" and a female
> "she" is and should be perfectly acceptable, especially in this day and
> age.

This is nothing to do with fashion.  What “should” be acceptable is not
up to you to decide.  There is no comparison between the distress caused
by being “othered”, invalidated, and erased and the minor inconvenience
of correcting one’s use of pronouns when talking to or about another
person.

> This whole issue feels like a general lack of reasonable manners[2] and
> interpersonal skills, and not something that really calls for long,
> drawn-out thread on the development mailing list.

It *is* very simple and our Code of conduct (which is much much shorter
than, say, the GPL) reflects that.  We ask everyone to respect other
people; this includes not to purposefully misgender others, not to poke
fun at (= harrass) people who do not confirm to the gender binary, not
to make sexist jokes or using sexualised language, etc.

> [1] If someone wants to try and explain the issue to me, feel free to
> send me a private email, but unless you're actually dealing with this
> issue yourself, don't bother. I have no real tolerance for white knights
> playing at protecting other people with issues, especially when it comes
> to explaining said issues. I have no reason to believe a white knight
> has any grasp on the situation that would prove to be useful to me.

I very much disagree with this.  1) You cannot expect affected
minorities to educate you; there is enough information out there that
you can use to do this yourself.  2) As maintainers and developers who
make up a community it is our duty to tackle these issues head on to
shape the community in a way that ensures a welcoming environment for
everyone.

As a final note I’d like to state that you can read about these things.
Please acknowledge the many researchers in social sciences, who have
worked on these issues since decades.  It is ill-advised to try to
explain away problems that you don’t understand and where you have no
theoretical background.  The hacker ideal of building models from first
principles fails here and is certainly not suited for a sprawling
discussion.  I recommend more reading on these subjects.

--
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net

Re: Being excellent to one another

[Catonano]

[-- Attachment #1: Type: text/plain, Size: 3988 bytes --]

2017-03-20 7:36 GMT+01:00 John Darrington <john@darrington.wattle.id.au>:

> On Sun, Mar 19, 2017 at 07:57:07PM -0700, dian_cecht@zoho.com wrote:
>      On Sun, 19 Mar 2017 17:40:27 -0500
>      Christopher Allan Webber <cwebber@dustycloud.org> wrote:
>      > The important thing is to not assume someone's preferred pronouns
>      > without knowing them.  Singular they isn't your only option; I also
>      > happen to like Spivak pronouns:
>      >
>      >   https://en.wikipedia.org/wiki/Spivak_pronoun
>
>      The problem here is that I'd be suprised if many people have even
> heard
>      about these. I used to play MUDs quite a bit and have /never/ heard
> any
>      of those. They are certainly not a part of common usage, and I'd say
>      should be avoided for something more standard (them et al). It's a
> nice
>      idea, but overall seems like it would cause confusion, and probably
>      more than a few "Hey, there is a typo in the manual"-type bugs than
>      anything.
>
>      At least, if I picked up a random bit of documentation and saw things
>      like "e" used constantly, I'd assume it was a typo and not some
> archaic
>      gender-neutral pronoun.
>
> I tend to agree.  These invented aspects of language are kindof fun for
> informal use but out of place in a user manual.    In a manual we should
> stick to proper English - put yourself in the position of a person who
> is learning English as a second language.  That person has spent months
> attending language school and is starting to become confident then picks
> up a manual and sees the words "pis" and "per".  It's enough to throw you
> off your stride. (I remember something similar happening to me when
> learning
> a foriegn language: I started reading a novel, and there was lots of
> dialogue
> all in regional dialect. I felt like giving up.)
>
> Fortunately in a user manual one very rarely needs a personal *definite*
> pronoun.
> In GNU manuals, the long standing practise is to refer to the person using
> the
> program, as "you".  Occasionally a personal *indefinite* pronoun is called
> for and
> luckily in English we have a perfect gender neutral one, viz: "one".
>
> Some authors religiously avoid the whole issue altogether by writing every
> sentence in the passive voice - but that makes the manual extremely hard to
> understand even for very patient readers.
>
>
Ok, it' s evident that John has his own weaknesses about linguistics.
I feel compelled to write something anyway, so that a publicly available
record of this remains.

When writing texts, such as this email, and absolutely  *have* to use a
> personal
> definite pronoun, I default to "she" because whereas vigilantes will
> pounce upon
> you whenever they see "he" (ironically those people are invariably male),
> I've
> never had anyone complain when "she" occurs where the gender of the subject
> might well be masculine.
>

In life, I've had my share of hardship because of assumed social norms
related to sexual orientation.

And a scene has been described to you of people breaking in tears and
leaving places because of having been misgendered.

So your observation about who raises the issue, associated to the word
"vigilantes" means that you are negating my reasons.

You are implicitly claiming that this is not about suffered discrimination,
but rather it' s about imposing discrimination, possibly on an idelogical
basis, using the issue of sexual orientation/gendering as a tool.

Like when you wrote that being addressed with a pronoun of the wrong number
is not that terrible.

You were negating the issue raised by ng0.

You are being gratuitously offensive, aggressing people and you are being
dismissive about people weaknesses that are being represented to you
repeatedly.

On the ground of formal linguistic correctness, as if it was a matter or
death or life.
And it seems that your argument about your native language is not that
convincing, anyway.

What does this make of you ?

[-- Attachment #2: Type: text/html, Size: 5353 bytes --]

Re: Being excellent to one another

[Christopher Allan Webber]

John Darrington writes:

> On Sun, Mar 19, 2017 at 07:57:07PM -0700, dian_cecht@zoho.com wrote:
> ... and yes.  If an individual specifically requests to be referred to by
> a partcular set of pronouns I will attempt to do so, but may occasionally
> forget if that person wants feminine pronouns and is 6'4" and has an enormous
> black wiry beard.

This was a needlessly hurtful comment, and if you can't see that, I
worry about it.  John, I respect your technical contributions to the
Guix project, but this isn't okay.

I don't want to keep responding to this thread.  But the fact is, ng0
*did* (very politely) express a request to be refered by a specific set
of pronouns... and not even in reply to you!  But you started a
sub-thread dismissing those from the forefront, which is not at all
respecting that request.  Will you respect it or not?  I hope the answer
is yes, in which case, please don't raise this again.

As to whether "they / them" is acceptable English, quite frankly English
is the most constantly and heavily mutated language of maybe all time,
and it proves adaptable of meeting the needs of whatever.  "Proper
grammar" from 200 years ago would not be considered such today, and vice
versa.  In fact, as I linked previously, "singular they" as a pronoun
choice already has precedence in current english and is used by nearly
everyone when you don't know the grammar of the person (eg, "I've been
told we'll have a special guest tonight, but I don't know their name.").
Extending that to the preferred pronoun of an individual then is not
unreasonable.  Regardless, English adapts to meet the needs of its time,
and this is a need being expressed today, since another commonly
nonbinary pronoun does not exist.  Please don't push back against it.
People are requesting your respect; please just give it to them.

Re: Being excellent to one another

[John Darrington]

[-- Attachment #1: Type: text/plain, Size: 1000 bytes --]

On Mon, Mar 20, 2017 at 10:09:33AM -0500, Christopher Allan Webber wrote:
     John Darrington writes:
     
     > On Sun, Mar 19, 2017 at 07:57:07PM -0700, dian_cecht@zoho.com wrote:
     > ... and yes.  If an individual specifically requests to be referred to by
     > a partcular set of pronouns I will attempt to do so, but may occasionally
     > forget if that person wants feminine pronouns and is 6'4" and has an enormous
     > black wiry beard.
     
     This was a needlessly hurtful comment, and if you can't see that, I
     worry about it.  John, I respect your technical contributions to the
     Guix project, but this isn't okay.

I'm sorry - but WHY is it hurtful?  Whom does it hurt?   How is that person
hurt?

Please explain.


-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

Re: Being excellent to one another

[Ludovic Courtès]

John Darrington <john@darrington.wattle.id.au> skribis:

> On Mon, Mar 20, 2017 at 10:09:33AM -0500, Christopher Allan Webber wrote:
>      John Darrington writes:
>      
>      > On Sun, Mar 19, 2017 at 07:57:07PM -0700, dian_cecht@zoho.com wrote:
>      > ... and yes.  If an individual specifically requests to be referred to by
>      > a partcular set of pronouns I will attempt to do so, but may occasionally
>      > forget if that person wants feminine pronouns and is 6'4" and has an enormous
>      > black wiry beard.
>      
>      This was a needlessly hurtful comment, and if you can't see that, I
>      worry about it.  John, I respect your technical contributions to the
>      Guix project, but this isn't okay.
>
> I'm sorry - but WHY is it hurtful?  Whom does it hurt?   How is that person
> hurt?
>
> Please explain.

John, people have explained things at length already; you can re-read
the project’s code of conduct if in doubt.  This isn’t up for debate.
Please stop playing this game right now.

Ludo’.

Re: Being excellent to one another

[John Darrington]

[-- Attachment #1: Type: text/plain, Size: 911 bytes --]

On Mon, Mar 20, 2017 at 04:49:13PM +0100, Ludovic Court??s wrote:
     
     John, people have explained things at length already; you can re-read
     the project???s code of conduct if in doubt.  This isn???t up for debate.
     Please stop playing this game right now.
     
Ludo,

* I am not playing a game - I think this is very serious.
* I have not breached the code of conduct (at your request I have just read 
  it again).
* I am trying my *utmost* to act with restraint and consideration in the face
  of persistent provocation.
* I have said on several occasions that we should all agree to live with
  our differences and let this thread stop.

John

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

Re: Being excellent to one another

[Alex Sassmannshausen]

Hello,

I'm trying to draw this thread to a close as I genuinely believe that
neither side intends malice:
- John genuinely does not see how his statements can very easily be
interpreted as highly disrespectful and even mocking
- myself and others genuinely do not want to bear down on individuals by
virtue of simple miscommunication.

John, I would suggest to you that when at least three independent
individuals read your paragraph in which you (as you confirmed to me) in
good faith tried to create an extreme example to confirm that you would
respect (though fallibly) other people's rights to define their own
identity, then that paragraph was perhaps unfortunately formulated.

An apology and clarification would resolve that matter.

By way of clarification from my side, the paragraph reads like you're
creating a ("humourous") hyperbolic example that is only tangentially
related to the real discussion at hand to begrudgingly admit that you
would be willing to respect other people's identities.

Perhaps in that light you can see how that statement might have
trivialised other people's experiences and have come across as
insulting?

It simply wasn't necessary to employ that rhetorical device — just
acknowledging that you might slip up at times, would have been
sufficient.  The rhetorical device turned your genuine sentiment into a
statement in which you seemed to accede and simultaniously implicitly
ridiculed those whom you were acceding to.

I also believe it is within this context that Ludo considered that you
were in breach of the code of conduct. Specifically the example related
to "Trolling or insulting/derogatory comments".

As I say, I do not believe you intended to troll.  I hope we can move on
from this thread now by way of agreeing concrete steps for the future.

I would request the following moving forward:
- That we respect people's self-identification (which includes
respecting their pronouns)
- That we accept the "Singular They" as a valid form of non-gendered
language in formal and informal communication (this does not mean *you*
have to use it if you don't want to, but at least don't derail other
people's advice that it is a valid form)

Could we leave it at this for now?

It would be cool if we could get explicit or at least silent agreement
(by no longer responding to the thread) on this thread from those
primarily involved.

Best wishes,

Alex

PS: As Ricardo points out in his email to this thread, the issues of
gender/sex, and more widely, identity are enormously complex & I agree
that we cannot resolve them here.  But we can come to a situation where
we treat each other in a way that is non-exclusionary.  Part of this
means that we will have conversations like these at irregular intervals
— precisely because these issues are not resolved in society at large,
they will bubble up here.

In the meantime I would encourage people who care about these subjects
to read up on feminist theory, trans politics & intersectional
politics.  These are big, complex topics — and no-one agrees with all
that is written, but I believe that we as a community would support most
of the issues raised in those contexts.

John Darrington writes:

> On Mon, Mar 20, 2017 at 04:49:13PM +0100, Ludovic Court??s wrote:
>
>      John, people have explained things at length already; you can re-read
>      the project???s code of conduct if in doubt.  This isn???t up for debate.
>      Please stop playing this game right now.
>
> Ludo,
>
> * I am not playing a game - I think this is very serious.
> * I have not breached the code of conduct (at your request I have just read
>   it again).
> * I am trying my *utmost* to act with restraint and consideration in the face
>   of persistent provocation.
> * I have said on several occasions that we should all agree to live with
>   our differences and let this thread stop.
>
> John

Re: Being excellent to one another

[pelzflorian (Florian Pelz)]

[-- Attachment #1.1: Type: text/plain, Size: 223 bytes --]

May I suggest that those who think “singular they” should not be used
just avoid non-gender neutral pronouns and use proper nouns, i.e. names,
instead? I believe there is no other alternative.

Regards,
Florian


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: Being excellent to one another

[John Darrington]

[-- Attachment #1: Type: text/plain, Size: 3615 bytes --]

On Tue, Mar 21, 2017 at 10:14:45AM +0100, Alex Sassmannshausen wrote:
     
     I'm trying to draw this thread to a close as I genuinely believe that
     neither side intends malice:
     - John genuinely does not see how his statements can very easily be
     interpreted as highly disrespectful and even mocking
     - myself and others genuinely do not want to bear down on individuals by
     virtue of simple miscommunication.
     
     John, I would suggest to you that when at least three independent
     individuals read your paragraph in which you (as you confirmed to me) in
     good faith tried to create an extreme example to confirm that you would
     respect (though fallibly) other people's rights to define their own
     identity, then that paragraph was perhaps unfortunately formulated.
     
     An apology and clarification would resolve that matter.
     
     By way of clarification from my side, the paragraph reads like you're
     creating a ("humourous") hyperbolic example that is only tangentially
     related to the real discussion at hand to begrudgingly admit that you
     would be willing to respect other people's identities.
     
     Perhaps in that light you can see how that statement might have
     trivialised other people's experiences and have come across as
     insulting?
     
     It simply wasn't necessary to employ that rhetorical device ??? just
     acknowledging that you might slip up at times, would have been
     sufficient.  The rhetorical device turned your genuine sentiment into a
     statement in which you seemed to accede and simultaniously implicitly
     ridiculed those whom you were acceding to.

Alright.  I see you have a point, albeit stretched.  By way of explanation:

You are right that I deliberately contrived an extreme and rediculous
hypothetical scenario to illustrate a point; or as you put it - a hyberbole.
I DID think about this when I wrote it and I made it absurdly rediculous
precisely *because* I thought doing so would avoid anyone thinking that I was
trying to mock transvestites:  Had I said "... a person that looks clearly
like a bloke ..."  then that would have been potentially hurtful to 
someone reading my mail and trying unsuccessfully to look effeminate.  But by 
making the scenario extreme and rediculous I considered that this danger would 
be eliminated - a person trying to look effeminate, would obviously not have
"a big black wiry beard" - she would be taking hormones - or at the very
least - have shaved.  However I realise now that the 6'4" attribute was not
so carefully thought out.  That person would have no control over her height.   
For this reason it is conceivable that a reader might have thought I was 
mocking that hypothetical person.  I should have chosen an attribute which the
person could change.

I apologise for not thinking carefully enough about that email before
sending it.

Regarding your other comments, for the avoidance of doubt:

* I have no interest in the sex/race/body-size etc of any Guix contributor.

* I do not begrudge anyone their right to self-identify with whatever genre 
pleases the individual concerned.

* I know how it hurts when others deny me the right to voice an opinion so 
I will not deny them that same right.

Thank you all for listening.

J'

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

Re: Being excellent to one another

[ng0]

Word of advice: don't use 'transvestite'. It's a slur.

To find out why doesn't take very long to search, but for completion:
https://www.queerty.com/lets-learn-the-nine-anti-trans-slurs-we-should-avoid-20110620

Re: Being excellent to one another

[John Darrington]

[-- Attachment #1: Type: text/plain, Size: 682 bytes --]

On Tue, Mar 21, 2017 at 12:17:08PM +0000, ng0 wrote:
     Word of advice: don't use 'transvestite'. It's a slur.

Is it?  I didn't know that.  I thought it just came from the latin,
(or greek or whatever): trans meaning "across" and "vestment" clothing.
It certainly wasn't a slur when I first learnt the word, but 
meanings change...  Thanks for pointing this out.


Actually it was a thinko anyway.  I meant to type "transgender".

J'


-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

Re: Being excellent to one another

[ng0]

John Darrington transcribed 1.1K bytes:
> On Tue, Mar 21, 2017 at 12:17:08PM +0000, ng0 wrote:
>      Word of advice: don't use 'transvestite'. It's a slur.
> 
> Is it?  I didn't know that.  I thought it just came from the latin,
> (or greek or whatever): trans meaning "across" and "vestment" clothing.
> It certainly wasn't a slur when I first learnt the word, but 
> meanings change...  Thanks for pointing this out.
> 
> 
> Actually it was a thinko anyway.  I meant to type "transgender".
> 
> J'
> 
> 
> -- 
> Avoid eavesdropping.  Send strong encrypted email.
> PGP Public key ID: 1024D/2DE827B3 
> fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
> See http://sks-keyservers.net or any PGP keyserver for public key.
> 

It is a slur when used in the sense like you did it, ie it's a slur
for transpeople (not being specific about wether transgender or
transsexual was meant).

I think if literally transvestite[0] is meant, there are nicer words people
chose for selfidentification, but I'd have to ask friends or search for
a good introduction which is selfexplanatory.

Anyway, we are currently looking into the best way to solve this thread
and the issues it showed with Ludovic and Ricardo.

[0]: The repetition only because I'm really not sure wether it's a
general or only specific slur. If it is in general, I'm sorry.

Re: Being excellent to one another

[ng0]

ng0 transcribed 1.3K bytes:
> John Darrington transcribed 1.1K bytes:
> > On Tue, Mar 21, 2017 at 12:17:08PM +0000, ng0 wrote:
> >      Word of advice: don't use 'transvestite'. It's a slur.
> > 
> > Is it?  I didn't know that.  I thought it just came from the latin,
> > (or greek or whatever): trans meaning "across" and "vestment" clothing.
> > It certainly wasn't a slur when I first learnt the word, but 
> > meanings change...  Thanks for pointing this out.
> > 
> > 
> > Actually it was a thinko anyway.  I meant to type "transgender".
> > 
> > J'
> > 
> > 
> > -- 
> > Avoid eavesdropping.  Send strong encrypted email.
> > PGP Public key ID: 1024D/2DE827B3 
> > fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
> > See http://sks-keyservers.net or any PGP keyserver for public key.
> > 
> 
> It is a slur when used in the sense like you did it, ie it's a slur
> for transpeople (not being specific about wether transgender or
> transsexual was meant).
> 
> I think if literally transvestite[0] is meant, there are nicer words people
> chose for selfidentification, but I'd have to ask friends or search for
> a good introduction which is selfexplanatory.
> 
> Anyway, we are currently looking into the best way to solve this thread
> and the issues it showed with Ludovic and Ricardo.
> 
> [0]: The repetition only because I'm really not sure wether it's a
> general or only specific slur. If it is in general, I'm sorry.
> 

Addition, this is a good summary and shows the development of words.
Summarized, today it's archaic and perceived as slur by many people.

https://www.quora.com/Is-the-term-transvestite-offensive

[EOT] Re: Being excellent to one another

[Ricardo Wurmus]

[-- Attachment #1: Type: text/plain, Size: 2323 bytes --]


John,

> * I am not playing a game - I think this is very serious.
> * I have not breached the code of conduct (at your request I have just read
>   it again).
> * I am trying my *utmost* to act with restraint and consideration in the face
>   of persistent provocation.
> * I have said on several occasions that we should all agree to live with
>   our differences and let this thread stop.

thank you for your clarification.  We’d like to end discussions in this
thread, so let me just make a final statement on behalf of the
maintainers.

Some of your comments in this thread were considered derogatory, and
they actively made at least one participant uncomfortable.  This outcome
is undesirable and as a group we need to make sure it does not happen
again.

Re-reading the thread I see that some of your earlier off-topic
statements in the thread can be interpreted as antagonising, even if you
hold they were not *meant* to be hurtful or trolling.  The same applies
to some comments and examples that were made in later messages to
illustrate your points.  ng0 asked for multiple times that “singular
they” be used when referring to them.  Your response to the use of
“singular they” was “I refuse to use it”.

  1. In the future, please respect the gender of participants by using
     the pronouns they ask for (when they do).  Alternatively, use
     their names instead of pronouns.

  2. Avoid assumptions by using gender-neutral wording.

This project considers this form of respect to be more important than
what some might consider “good English grammar”.  We also acknowledge
that there have been harsh messages on both sides, including personal
insults; this is also not in the spirit of mutual respect that the code
of conduct suggests, the foundation for communications in this group.

It doesn’t have to be this way.  Like you wrote above, we can agree to
live with our differences and respect them.  Let’s stop this thread and
continue in the spirit of the code of conduct.

--
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net

PS: If any of the participants feel that we have handled this case in an
    unsatisfactory manner, please write to the maintainers (Ludo and
    myself) off list.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

Re: [PATCH 4/4] services: openssh: Add 'subsystems' option.

[Clément Lassieur]

Hi Ludovic,

Ludovic Courtès <ludo@gnu.org> writes:

> Hi Clément,
>
> Clément Lassieur <clement@lassieur.org> skribis:
>
>> I think there is a misunderstanding.  I didn't want to push this because
>> it was not tested, and because subsystems are often useless without
>> Match, and Match is unsupported.  The pair/list thing is not the
>> problem.
>>
>> And I was waiting for ng0 to test, because he asked for this patch (see
>> http://lists.gnu.org/archive/html/guix-devel/2017-02/msg00906.html), so
>> I thought he was able to test.
>>
>> If ng0 still needs the patch and confirms that it works well, I'm
>> willing to update it.  Otherwise, let's drop it.
>
> The patch looks like a useful addition.  It would be sad to drop it, no?
>
> If you could add a test to (gnu tests ssh) that would be perfect, but
> otherwise it LGTM.  Perhaps the default value for ‘subsystems’ should
> include internal-sftp though, as users probably expect sftp to just work.

Yes, you are right.  I changed my mind :)  And the other distributions
I've seen have SFTP enabled as well.

So I updated the service, and I did a test:
http://lists.gnu.org/archive/html/guix-patches/2017-03/msg00546.html.

> I don’t have any issue with using two-element lists; I think the syntax
> for pairs can be a bit confusing for newcomers to it’s probably better
> to avoid it in service configuration.

Ok, I used two-element lists then.

Clément

Re: [PATCH 4/4] services: openssh: Add 'subsystems' option.

[Clément Lassieur]

Danny Milosavljevic <dannym@scratchpost.org> writes:

> Hi ng0,
>
> On Sun, 5 Mar 2017 14:50:26 +0000
> ng0 <contact.ng0@cryptolab.net> wrote:
>
>> What I take from the discussion is, all is good to go except for
>> subsystems. I'm okay with reviewing subsystems as an individual patch
>> later on. For me this works. Push the 3 patches, and send the subsystems
>> one later as a new discussion-bug.
>
> The 3 were pushed to master.
>
> Patch 4 not yet. So let's discuss.
>
> I have no preference for pairs or lists - it's just that the documentation should say what it actually expects - because the user has to write the form differently:
>
>   Pair: '(a . b)
>
>   List: '(a b)
>
> Those are not compatible with each other.
>
> (I think as the patch is written now it expects lists)
>
> And I'm against calling pairs "two-element tuple"s. It reminds me of these math joke equations which write the value 2 in a really complicated way (but correctly) :)
>
> And lists are definitely not two-element tuples. That would be seriously confusing.
>
> What do you think?

Hi Danny,

I forgot to thank you for this explanation of pairs and lists.  I took
it into account here:
http://lists.gnu.org/archive/html/guix-patches/2017-03/msg00610.html.

Clément

Re: [PATCH 2/2] services: openssh: Remove deprecated 'RSAAuthentication' option.

[Ricardo Wurmus]

Clément Lassieur <clement@lassieur.org> writes:

> * gnu/services/ssh.scm (openssh-config-file): Remove it.
>   (<openssh-configuration>)[rsa-authentication?]: Remove it.
> * doc/guix.texi (Networking Services): Remove it.

I don’t see “openssh-config-file” in the diff.  Is this missing or a
mistake in the commit summary?  Or am I misunderstanding?

-- 
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net

Re: [PATCH 2/2] services: openssh: Remove deprecated 'RSAAuthentication' option.

[Clément Lassieur]

Ricardo Wurmus <rekado@elephly.net> writes:
> Clément Lassieur <clement@lassieur.org> writes:
>
>> * gnu/services/ssh.scm (openssh-config-file): Remove it.
>>   (<openssh-configuration>)[rsa-authentication?]: Remove it.
>> * doc/guix.texi (Networking Services): Remove it.
>
> I don’t see “openssh-config-file” in the diff.  Is this missing or a
> mistake in the commit summary?  Or am I misunderstanding?

I meant: remove "RSAAuthentication" from the "openssh-config-file"
computed file.  It refers to the third hunk.  I wasn't sure how to
express this.  Please correct me, if I was wrong :)

Re: [PATCH 0/2] Openssh service patches

[Clément Lassieur]

Julien Lepiller <julien@lepiller.eu> writes:

> I haven't applied it either, but it looks good, thank you :)
>
> Could you also document the new fields and remove the documentation for
> the old one?

Sure, here it is.  Thanks!