OpenPKG Registry F.A.Q.

OpenPKG Registry

Q: What is it?
A: A place to register the identities of OpenPKG fellow users and installed OpenPKG instances.
Q: Why was it established?
A: After changed environmental conditions during 2005, the OpenPKG Project finally needs to become more closely acquainted with its effective user community.
Q: What is the real problem about not knowing the users?
A: OpenPKG technically is already a rather large Open Source project and with still only very limited manpower resources. For providing some services like security updates for older releases, reducing or increasing release cycles, making release engineering decisions, etc., it is absolutely essential to first know who are our users, how much users we have and what OpenPKG releases they are actually using. Without first knowing this information we can neither afford continuing all of the current services nor even providing additional services.
Q: Wouldn't it be sufficient to ask users for their feedback through non-mandatory mechanisms?
A: Unfortunately, no. We tried this for over five years with the Community Feedback form but even after five years and multiple calls for feedback we just received about 30 feedbacks in total.
Q: What is the price for fellowship?
A: Lost anonymity. Message resources. Not money.
Q: What do I gain with a fellowship?
A: Access to additional download resources.
Q: How do I register as a fellow user?
A: Post your E-Mail address and receive an activation link.
Q: Where is the signup form?
A: Signup is integrated into the login under "Account Enrollment".
Q: How do I change my password or fullname?
A: Sorry, still not implemented. Will be available soon.
Q: How do I unregister as a fellow user?
A: Sorry, still not implemented. Will be available soon.
Q: I'm paranoid. How do you store my password?
A: We're paranoid, too. The whole website authentication is handled by OSSP ase (Affiliation Service Environment), running under HTTPS only. This way your clear text password is transferred encrypted to the website. Then it is immediately hashed with the one-way functions MD5, SHA1, crypt/MD5 and crypt/DES and stored into the underlying database without any further logging or manipulation. You can review this Open Source implementation under Nevertheless, for security reasons please do not reuse any existing password.
Q: I registered, but I'm unable to login?
A: Your registered email address is treated case-sensitive, so make sure you specifiy it on login exactly as you did when registering.


Q: Certain files on the OpenPKG FTP server are invisible or missing!
A: Signup as a fellow user for free and use your identity when logging in.
Q: Certain commands like "rpm --rebuild" fail on addresses!
A: Signup as fellow user, register the instance and associate it to you.
Q: Why do you restrict the download of Open Source software? Is this compliant with FOSS?
A: We do not really restrict the download of our software. Everyone still can download all of our resources and fully free of charge. He just has to identify. What we restricted is the anonymous download of some more expensive parts of our software as it really hurts the project. FOSS is mainly about freedom in the meaning of non-discrimination of users and the possibility to review the source code. For OpenPKG and its extremely liberal BSD-style distribution license it is even a lot more, too. But FOSS is not about anonymity.
Q: How many files are restricted under anonymous access?
A: Currently we have 65GB of distribution data and 44GB of them are restricted for anonymous access.
Q: Do I have to use my OpenPKG Registry password for acccessing the FTP and RSYNC service?
A: NO! Please don't use this password for downloading. It would be transferred in clear text due to the FTP protocol design. Instead use an arbitrary password, including the preferred empty one.
Q: Why can an arbitrary password be used? This allows abuse.
A: Yes, but the login intentionally is for identification only, not authentication. If someone uses a foreign identity he just hurts himself, because he is not known and this way not taken into account by the OpenPKG project.
Q: OpenPKG is Free and Open Source Software (FOSS) and anybody can establish a public mirror anyway, right?
A: Yes, if somebody prefers full anonymity he can download from an (unfairly but fully legally) established mirror of the restricted download files. We fully believe in the seriousness, fairness and support of our user community and hence not actively using any existing public mirrors when downloading restricted files. Instead every serious OpenPKG user is called to actively support the OpenPKG project by identifying and downloading from the official distribution source location or using a private mirror only.
Q: What is the correct username for FTP login?
A: Use the fellow E-Mail address. In a FTP URL the "@" needs to be replaced by "%40" in some clients.
Q: What is the correct password for FTP login?
A: Anything works. It is currently not checked as the OpenPKG registry is about tracking, not security.
Q: What is the correct username for RSYNC?
A: Use the fellow E-Mail address. RSYNC supports multiple "@" in the URL. See example below.
Q: Can you give an example FTP access?
Q: Can you give an example RSYNC access?
A: RSYNC_PASSWORD="" rsync rsync://

OpenPKG Instance Registration

Q: How do I register an installed OpenPKG instance?
A: Install the "openpkg-registry" package from OpenPKG-CURRENT and run "openpkg register".
Q: The "openpkg register" is interactive by default? Can I do it in batch?
A: Yes, run "openpkg register --mode=post --user=email-address"
Q: How do I associate the OpenPKG instance to my fellow account?
A: Login to the registry and open the "association" page.
Q: Why isn't it possible to easily automate the association process?
A: This is intentional by design as it enforces users to visit the website from time to time, allowing the OpenPKG project to stay in touch with them.
Q: How do I unregister an installed OpenPKG instance from the registry?
A: Find the instance in the association table, select it and press DEL.
Q: How do I unregister an installed instance locally, disabling the URL rewriting?
A: run "openpkg register --mode=wipe".
Q: I'm a little bit paranoid. What information is transferred to the OpenPKG Registry?
A: At the cost of increasing the complexity we made the instance registration really ultra-transparent if wished. See especially the $prefix/etc/openpkg/registry.prep file for details what is posted online. It contains no really sensitive personal information.