This problem related to SpamAssassin and SASL-authenticated road warriors has bugged me for a while. Micah has a patch that alleviates the problem, but it's not in upstream, and even though upstream does plan to address the problem he raised, that's down the road. Today I figured out a solution, based on the smtpd_sasl_authenticated_header configuration option available in Postfix 2.3 and later, using header_checks to rewrite headers. In the following, lines are folded for readability. The regular expression needs to be on one line, with newlines and spaces at the beginning of the line removed:

/^Received: from ([-._[:alnum:]]+ \([-._[:alnum:]]+ \[[.[:digit:]] 7,15 \]\))
    [[:space:]]+\(Authenticated sender: ([^)]+)\)
    [[:space:]]+by (seamus\.madduck\.net) \(([^)]+)\)
    with (E?SMTP) id ([A-F[:digit:]]+)
    [[:space:]]+for <([^>]+)>; (.*)/
  REPLACE Received: from auth sender $2 by $3 ($4) with $5 id $6 for <$7>; $8

Note how the host name is left in to ensure that the right header is replaced. This will replace the problem-causing Received line with the following:

Received: from auth sender madduck@madduck.net by
  seamus.madduck.net (postfix) with ESMTP id B4CD640343F for
  <madduck@madduck.net>; Fri, 30 Jun 2006 17:50:02 +0200 (CEST)

Now SpamAssassin mentions UNPARSEABLE_RELAY, but apparently that's worth 0 points, and if I wanted, I could fix that too. Now I would like to be able to do the same for clients that authenticate with TLS certificates, but I cannot figure out how.

The experiment I conducted at the last keysigning party caused this thread (cross-posted to here). While the discussion has long gone way off-topic, some interesting points have been raised. I also took the opportunity to clarify my point of view a bit on the issue over the previous blog post:

The Debian project heavily relies on keysigning for much of its work. However, I think the question what the signing of a key actually accomplishes has not been properly addressed. In my opinion, from the point of view of the Debian project, a person's actual identity (as in the name on your birth certificate) matters very little; the Debian project does not actively interfere with a person's real life in such a way as to require the birth certificate identity (legal cases, liability issues, etc.). Moreover, it's rather trivial in several countries of this world to change your official name. In this context, even the claim that in the case of a trust abuse, your reputation throughout the FLOSS community (and the rest of the Internet) should be properly tarnished, does not stand, IMHO. From within the project, what matters is that everything you do within the project can be attributed to one and the same person: the same person that went through our NM process. The GPG key is one technical measure to allow for this form of identification. Its purpose is not, as Micah Anderson states, a means to confirm the validity of a government-issued ID. This brings me to a point which Andreas Schuldei nicely stated at the beginning of the thread (as did others throughout):

I do not need an ID to identify martin, so i dont need to rely on his (forged or real) passport or other id from him in order to sign his key. If you did not know him before you should not sign his key (if your judgement was based on the unofficial ID).

When Andreas signs my ID, he voices his trust in that I am who I claim to be, and he does so not because I presented him with an ID with the claimed name, but because we've interacted many times before. In that line, Gunnar's point stands:

Maybe we should just drop holding KSPs, and fall back to the traditional method of "Hey, nice dinner we had yesterday. Say, now that you know me, my family and my history, would you like to sign my key as well?" - Signing for people you actually know, not just linking

In my eyes, this is exactly what a keysigning is and should be all about: a statement of familiarity with a person, nothing more and nothing less. And as a project, we should either accept that, or find a better way to identify our developers. So what to do in this very situation? Should you revoke your signature from my key (or not even sign it in the first place)? Should you revoke or refuse signatures to all participants, because some claim the keysigning party to have been subverted? I think the answer to both cases should be: no, unless you have not previously known the person whose key you wish to sign. That's exactly what makes this decision very subjective, and a public call such as the original post rather unnecessary and missing the point.

If you do not care to read the entire thread, here are some of the better replies (in no particular order):

• http://lists.debian.org/debian-devel/2006/05/msg02585.html
• http://lists.debconf.org/lurker/message/20060525.092124.f59d8c57.en.html
• http://lists.debian.org/debian-devel/2006/05/msg02616.html
• http://lists.debian.org/debian-devel/2006/05/msg02640.html
• http://lists.debian.org/debian-devel/2006/05/msg02754.html
• http://lists.debian.org/debian-devel/2006/05/msg02632.html
• http://lists.debian.org/debian-devel/2006/05/msg02633.html

One question that arouse while reading this thread is whether Debian could actually persecute one of its members for computer fraud/sabotage/whatever on an international level. And if so, would the real identity really help that much, given that we'll have countless IP addresses to go by? I know it would make things easier (despite it being only a name, no identity, as there is not birthplace or birthdate), but is it worth the hassle?

One thing that never really came to my mind during Debconf6 in Oaxtepec, Mexico, was blogging about what went on. In part, that's because I never had a minute to spare, plenty of other people were blogging about the event on the planet, and definitely also because I developed a dislike to play-by-play blogging, which I certainly do not like to read for my part. But now, sitting in Oaxaca in the Hostel Pochon (which has free wireless, imagine that), I feel like at least jotting down some of the highlights. My favourite non-Debian related happening must have been the descent to Mexico City airport. I am willing to bet that our pilots either had too much to drink or way too much fun, because we literally zig-zagged across this amazing city. It's about 2200 metres above sea level and our inflight information system noted our altitude at 3500m for at least 20 minutes, so glued to the window, I felt in a miniature world, hovering above a city that extends to all sides however far the eyes could see (I conclude that in all miniature worlds I've seen so far, such as the Eisenbahnmuseum Hamburg and Swiss Miniature, trains and cars are generally moving too fast). The population of "la Ciudad de Mexico" (which the locals just call "Mexico") is estimated to be somewhere between 20 and 24 million, which makes it the largest city in the world, and it was not hard to believe that during the descent (and afterwards). I arrived at Oaxtepec, a government-run vacational complex, some three or four hours after touchdown and didn't last very long until the jetlag took me to bed. That was Saturday night. With Sunday morning, the official Debconf conference had started and was to last for seven days. In general, that meant talks and BoF sessions throughout the day, loads of hacking and socialising in between, food, and drinks with more socialising in the evening (and throughout the night in some cases). I really enjoyed seeing many of the folks I had met at last year's conference in Helsinki, while some others' absence was equally prevalent. I spent most of the week hanging out with Biella Coleman, Micah Anderson, Sean Finney, Clint Adams, and a bunch of others, I also managed to make the real-life acquaintance of some people I had known online for a long time. In retrospect though, I should have spent less time with the regular clique (with whom I was to go to the post-Debconf trip anyway) and spent more time getting to know more of the attendants. The vacational complex was interesting, and unlike many others, I didn't get annoyed by the long distances between presentation room, my accomodation, the hacklab, and the place where we were served edible lunches and dinners. Rather, I enjoyed walking with others, engaged in discussions on some of the more prevalent topics filling my life with Debian (such as version control, low-level Debian tools, security issues, and social challenges). The only nuisance was the long walk to the nearby town and its market, from where I would get most of my food and drink throughout the week -- but even that walk I rarely had to manage alone. The massive pool (with a ten metre diving board) that lay in the middle of it all didn't really attract me that much, but then again I've never been much of a pool person. In the interest of various people worrying about my safety in Mexico, as well as some of my clients, I purchased a Mexican prepaid SIM card for my cellphone and linked up with the world (after two attempts and an accumulated 2.5 hour wait). The fun was only short though, when I found out that in Mexico, phone charges are ridiculously expensive, and receiving calls on a mobile phone costs exactly the same as making them. At USD 1/Minute to and from Europe, I ended up limiting my air time to a minimum. I spent most of the first couple days getting mdadm back into shape, bug triaging and uploading a new upstream to experimental, except for Monday, which I spent together with Joey Hess, Micah, and Biella trying to recover files from her wrecked filesystem, which we managed in the end using a simple fsck to at least recover her presentation. I'd be sitting on the terrace in front of the "hacklab" where people kept passing by, so my work certainly wasn't focused and without interruptions, but in the end I was still satisfied with the end result. And in the evenings, it was usually the same terrace, sampling the local beer, enjoying cheese from all over the world at the cheese party on Tuesday night, trying liquors from other parts of the globe, and talking and joking and meeting great people (I truly love the Debian crowd). Out of the large assortment of talks available, I attended several but found that front-up presentations aren't my thing and I would have to let the topic simmer a bit (along with some research) before delivering my questions to the speakers outside of the talk (where I finally got some interesting answers to long-standing questions). Thanks to the awesome work by our video team, which recorded every single presentation to tape, streaming it live and also intending to publish it on a post-conference DVD, I found myself often listening in on talks I wouldn't have gone to, while hacking away on said porch. Noticing, however, that many talk slots were left unfilled at the start of the conference (they did quickly fill with impromptu presentations and BoF sessions once the inertia of the event picked up), I was a little annoyed that my proposal was turned down in the first phase of selection. Wednesday was the day of the day trip. Against my recommendations of an early departure, we left the site at 11:30 with six busses (remarkably on time), heading for Xochicalco for a rather boring tour of the museum, and a vastly more interesting, two hour stroll (in the midday sun) around the actual archeological site, which was quite impressive despite mostly being artificially built or rebuilt by the government. We went on for an excellent buffet-style lunch (which was amazingly well organised), and then headed on for Cuernevaca, a small, romantic town where we had only an hour to spend before heading back home (who recommended starting the day earlier?). When we finally made it back to the conference, most of us were just tired and the evening wasn't as wild as some of the other ones during the week. Come Thursday, my mission was to attack the thinkpad packages, which make Debian on IBM laptops a lot more of a pleasure to use. Unfortunately, I didn't get anywhere (yet) with that work, simply because most of my time was spent battling the weird hacks that make up module-assistant, which actually makes it a lot harder for developers to provide kernel module packages (while really improving the end-user's experience). But of course, there was a positive twist to this issue, as I would now leave my screen in frustration much more frequently and socialise with the others. For the evening, the organisers had prepared the "formal dinner" (which isn't so formal at all). A bunch of busses took us to a nearby shed, where we found all tables arranged in a massive swirl, and when we were all seated, a Mariachi band entered, at the same time as the rain outside picked up -- I thought one of the Mariachis was playing the snare drum but as the rain grew stronger, I concluded it must instead be the drops on the metal roof causing the noise. Generally in love with rain, I made my way to the door while others lined up to fetch dinner and stood in awe for a bunch of minutes at the sight of the marble-sized drops descending from the sky. ... when suddenly I saw one of Debian's troublemakers, Jonathan/Ted Walther, running at me, chased by three developers and found myself amidst their altercation before I could do anything. People screaming, one reaching over my shoulder to push Ted, it was all too much. I told everyone to calm down, to which Jonathan/Ted reacted, vigorously shaking and foaming, with a "get out of my fucking way, you fucking Nazi" and I knew that stuff had gone wrong. I withdrew, and in an attempt to find out what had happened managed to piss off one of the three involved developers, who'd then later refuse to hear me out for an explanation. All that really left me in a depressed state mainly because I simply hadn't expected Debian developers getting physical at each other, and this time it was Erinn Clark who consoled me and turned the night around for the better. I still had no appetite and took the first bus home, sent an apologetic email to the offended developer (who never acknowledged receipt but seemed to have forgotten the incident the next day), and enjoyed beers while the others kept returning to the hacklab. Apparently, people were quite aware of my (passive) involvement during the incident, so I was bombarded with plenty questions, most of which I refused to answer for lack of knowledge of the actual facts. Still, when I saw one girl in another altercation with Jonathan/Ted later that night in response to severe offences he published on his blog, which led her to come close to tears, I decided it was time to pull him off the planet. He re-added himself shortly afterwards by "fixing a typo" (according to the CVS changelog), but by that time, I couldn't care less no more and simply resumed the discussions, which eventually turned into topics of life, intelligence, and the bottom-up vs. top-down debate. I am a strong supporter of bottom-up (as many of you know), and I somehow regret the way I approached the discussion, because in retrospect I see myself as somewhat arrogant during it; fortunately, noone seemed to hold it against me the next day. Throughout the entire week, I built up a reputation of the guy that needs no sleep: staying up until the early morning hours, yet rarely missing any of the first talks at 10 in the morning, and even joining with people for breakfast at the market before. Friday morning, however, I just couldn't get up. We talked until six in the morning, and when my eyelids finally moved after I dropped into bed, it was already noon and I dragged myself to the next talk. after which I simply returned to the hacklab and developed more of my dislike towards module-assistant, before the call for the official Debconf6 group picture rescued me (and those around me). The keysigning party followed and I made the mistake to offer to coordinate it (picking up where Anibal's great preparation left off), without really running the process through my head before. Standing up on the diving tower and screaming to the crowd of 140 participants, it was in part due to Moray Allen's comments that the party went more or less without any complications; I did get to conduct another experiment though. During the keysigning, Mark Shuttleworth invited a bunch of us to join him for dinner to discuss the Debian-Ubuntu situation (no bribes involved; we paid for ourselves). I'll have more on this in a separate post when it's ready. The discussion continued after we arrived back at the hacklab, and once again, I didn't go to bed at a civilised hour... ... but I did get up in time for Biella's talk, during which she employed very effective techniques to get me to actually pay attention (which I would have done anyway): she required my laptop for the presentation. Again, the talk didn't do much to me (which is not Biella's fault), but I am certainly interested in reading the relevant parts of her dissertation. At the same time, however, it made me realise how far from reality the academic world is: big words and complicated concepts just don't count when it comes to getting your hands dirty, and I will try my best not to go down that route when my own dissertation gets more serious. Two other memorable events happened on Saturday: the fun group photos (I was determined to get the participants to line up in a swirl in the pool, and partly succeeded), and the last-night-party on the porch of the hacklab, which was mighty fun, in part because we had speakers blasting tunes for the first time that week (thanks to the dance BoF the night before), and Ryan Murray was playing some of the truly excellent mixes of a close friend of his, which are available from mux.ca. I didn't sleep that night. And then Sunday had arrived, the sad last day of a great conference. I would like to thank all the organisers and helpers for making this event possible! I know some of you had some reservations before and during the event, but in the end it's the result that counts, and I was only one of many who were absolutely satisfied by the week. A great big THANK YOU to you! Following the last bits of socialising and copying Biella's harddrive image to Micah's drive for later rescue of some of her precious videos, we were off to Mexico city for the vacational part of the trip. Some of us went by bus, Vagrant and myself hopped onto the bus to assist one of our developers with his wheelchair at the airport. When the group reconvened in front of our hotel for the night in the centre of Mexico city, the vacation had started (blog post forthcoming sometime...)

Sometime during the Debconf6 keysigning party, I swapped my official German ID card (which some didn't accept and wanted to see a passport instead...) with my ID card issued by the Transnational Republic, as part of an ongoing experiment I conduct at various keysigning parties. I got the ID at Debian's 10th anniversary party in Zurich (which I attended on crutches, despite it being held on the rooftop of a club), and the process required the exchange of some currency as well as presentation of my passport to TR officials. The card itself looks very similar to the German ID card; it does correctly list my personal data and has my photo on it. However, it cannot really be considered an official identity card, because it was issued by an independent political group. Then again, read further down for what "official" can mean in some parts of the world. At the keysigning, I marked down those (few) who actually took note of the ID and refused to accept it: only one in ten did. What does this mean? I do not think it means that nine out of ten signing my key do not take keysigning seriously (or don't have a clue about it); you cannot expect people to know the look of the different passports of the various nations represented at the party. It also does not mean that the web of trust is flawed. To me, the most significant outcome of my little experiment is (and has always been) that a single signature won't do; a single trust path is not enough to verify a person's identity (as in: they are who they claim to be), but every additional trust path serves to strengthen the verification. The Debian project largely depends on the web of trust. Thus, I wonder whether our requirement of a GPG key signed by a single existing developer is enough for the general case. I am not quite ready to raise this issue yet within the project, but at least many more people now know about it (if they didn't previously). Those of you who have signed my key may feel cheated at this point. Similarly, those of you who have not yet signed my key may feel disinclined. If you are interested whether you were among those who accepted the inofficial ID, I'd be glad to let you know if you ask. If you do not feel comfortable signing my key, just don't sign it. And if you did already sign my key, you can revoke the signature. However, do consider what some folks told me in discussions following the experiment: there are nations out there who will readily issue IDs with unrecognisable photos, IDs with misspelt names, without expiration date, and multiple IDs at a time. In the case I illustrated above, I simply introduced a third, untrusted-by-Debian party into the web of trust: the Transnational Republic. In a way, this is what's happening whenever we sign keys by nationals of governments we do not trust, and I'd hope that would be most governments of this globe for most everyone. Then again, as Micah and Biella vigorously assert, it's only really about you and the signer: you are who you claim to be, and I either believe it or not. The government only takes a tangential role. So what to do? If you care for my opinion (which you do, you're still reading), then we should just keep on doing what we're doing and collect more keys (with that I mean everyone). At the same time, I do not think threads like this are necessary; the criticism/concern is valid, but it's too academic for the real-world problem that keysigning is trying to solve.

When Biella came to me today with a Grub error 2 (disk not found), I really thought that the problem would be solved within a little bit, even though we couldn't boot from USB (the verbose "Boot error") and had no CD drive available. Joey Hess fortunately had a netboot setup, so we ended up with a shell before too long. ... but that was only the beginning of the fun. To make a long story short, we're now sitting and watching e2fsck reporting "page after page after page" of error messages (quote Micah), consisting mainly of error messages listing thousands (literally) of block numbers claimed by multiple inodes on a single line. We have not figured out what actually happened, but it's somewhere between a motherboard problem and filesystem corruption accumulating over several weeks (Biella said the machine has been acting flakey lately). We'll consider sending the image to Theodore for analysis. Reading this and seeing her root partition go from working to something probably no longer resembling a filesystem really settle the issue for me. Never ever will I touch ext2 or ext3 again; XFS forever!

Kiko, Micah, and I ate at Legal Seafood's yesterday and had this little message on the bottom of our bill:

PLANNING A REHERSAL DINNER? MAKE YOUR ONCE-IN-A-LIFETIME EXPERIENCE UNIQUE. JOIN US.

Where I come from, rehearsals are things are things that, by definition, happen more than once. When they do happen, it's usually with an a between the e and r. Of course, I have to respect Legal for so succinctly combining a redundancy and a contradiction on the same topic.