OpenPKG Registry F.A.Q.

A: A place to register the identities of OpenPKG fellow users and installed OpenPKG instances.

A: After changed environmental conditions during 2005, the OpenPKG Project finally needs to become more closely acquainted with its effective user community.

A: OpenPKG technically is already a rather large Open Source project and with still only very limited manpower resources. For providing some services like security updates for older releases, reducing or increasing release cycles, making release engineering decisions, etc., it is absolutely essential to first know who are our users, how much users we have and what OpenPKG releases they are actually using. Without first knowing this information we can neither afford continuing all of the current services nor even providing additional services.

A: Unfortunately, no. We tried this for over five years with the Community Feedback form but even after five years and multiple calls for feedback we just received about 30 feedbacks in total.

A: Lost anonymity. Message resources. Not money.

A: Access to additional download resources.

A: Post your E-Mail address and receive an activation link.

A: Signup is integrated into the login under "Account Enrollment".

A: Sorry, still not implemented. Will be available soon.

A: Sorry, still not implemented. Will be available soon.

A: We're paranoid, too. The whole website authentication is handled by OSSP ase (Affiliation Service Environment), running under HTTPS only. This way your clear text password is transferred encrypted to the registry.openpkg.org website. Then it is immediately hashed with the one-way functions MD5, SHA1, crypt/MD5 and crypt/DES and stored into the underlying database without any further logging or manipulation. You can review this Open Source implementation under http://cvs.ossp.org/ossp-pkg/ase/. Nevertheless, for security reasons please do not reuse any existing password.

A: Your registered email address is treated case-sensitive, so make sure you specifiy it on login exactly as you did when registering.

A: Signup as a fellow user for free and use your identity when logging in.

A: Signup as fellow user, register the instance and associate it to you.

A: We do not really restrict the download of our software. Everyone still can download all of our resources and fully free of charge. He just has to identify. What we restricted is the anonymous download of some more expensive parts of our software as it really hurts the project. FOSS is mainly about freedom in the meaning of non-discrimination of users and the possibility to review the source code. For OpenPKG and its extremely liberal BSD-style distribution license it is even a lot more, too. But FOSS is not about anonymity.

A: Currently we have 65GB of distribution data and 44GB of them are restricted for anonymous access.

A: NO! Please don't use this password for downloading. It would be transferred in clear text due to the FTP protocol design. Instead use an arbitrary password, including the preferred empty one.

A: Yes, but the login intentionally is for identification only, not authentication. If someone uses a foreign identity he just hurts himself, because he is not known and this way not taken into account by the OpenPKG project.

A: Yes, if somebody prefers full anonymity he can download from an (unfairly but fully legally) established mirror of the restricted download files. We fully believe in the seriousness, fairness and support of our user community and hence not actively using any existing public mirrors when downloading restricted files. Instead every serious OpenPKG user is called to actively support the OpenPKG project by identifying and downloading from the official distribution source location or using a private mirror only.

A: Use the fellow E-Mail address. In a FTP URL the "@" needs to be replaced by "%40" in some clients.

A: Anything works. It is currently not checked as the OpenPKG registry is about tracking, not security.

A: Use the fellow E-Mail address. RSYNC supports multiple "@" in the URL. See example below.

A: ftp://johndoe@example.com:@ftp.openpkg.org/

A: RSYNC_PASSWORD="" rsync rsync://johndoe@example.com@rsync.openpkg.org/openpkg-ftp/

A: Install the "openpkg-registry" package from OpenPKG-CURRENT and run "openpkg register".

A: Yes, run "openpkg register --mode=post --user=email-address"

A: Login to the registry and open the "association" page.

A: This is intentional by design as it enforces users to visit the website from time to time, allowing the OpenPKG project to stay in touch with them.

A: Find the instance in the association table, select it and press DEL.

A: run "openpkg register --mode=wipe".

A: At the cost of increasing the complexity we made the instance registration really ultra-transparent if wished. See especially the $prefix/etc/openpkg/registry.prep file for details what is posted online. It contains no really sensitive personal information.