Re: Cannot install skypeforlinux
Tim: >> Tangentially, I'm not sure of the value of expiring keys, other than >> for timebombing things. Barry: > In the general case it puts a limit on how long a compromised key will be > usable. > Let’s encrypt keys only live for 3 months (?) for example. If they've compromised it, couldn't *they* renew it, too? -- uname -rsvp Linux 3.10.0-1160.90.1.el7.x86_64 #1 SMP Thu May 4 15:21:22 UTC 2023 x86_64 Boilerplate: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the mailing list. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Cannot install skypeforlinux
On Wed, 2023-05-17 at 17:45 +0930, Tim via users wrote: > Tim: > > > Tangentially, I'm not sure of the value of expiring keys, other > > > than > > > for timebombing things. > > Barry: > > In the general case it puts a limit on how long a compromised key > > will be usable. > > Let’s encrypt keys only live for 3 months (?) for example. > > If they've compromised it, couldn't *they* renew it, too? Not in general. Most key compromises are due to leaks and don't enable the adversary to generate new valid keys. poc ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Cannot install skypeforlinux
Are you sure you even need to install an app? https://www.skype.com/en/features/skype-web/ ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Cannot install skypeforlinux
On Wed, May 17, 2023 at 12:26 PM Neal Becker wrote: > > Are you sure you even need to install an app? > https://www.skype.com/en/features/skype-web/ Yes, Neal, as the web-version of Skype cannot blur the video background. Paul ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Cannot install skypeforlinux
https://discussion.fedoraproject.org/t/dnf-update-failed-skype-gpg-key-expired/81540/3
sudo rm /etc/yum.repos.d/skype-stable.repo
rpm -qa gpg-pubkey --qf "gpg-pubkey-%{version}-%{release} %{summary}\n"
sudo rpm -e gpg-pubkey-df7587c3-576a5c23
sudo rpm -e gpg-pubkey-df7587c3-576a5c23
sudo curl -o /etc/yum.repos.d/skype-stable.repo
https://repo.skype.com/rpm/stable/skype-stable.repo
dnf clean all
sudo dnf update skypeforlinux -y
sudo dnf install skypeforlinux -y
Hope this help
Dario
Il giorno sab, 13/05/2023 alle 14.17 +0100, Paul Smith ha scritto:
> Dear All,
>
> When trying to install
>
> dnf install skypeforlinux
>
> I am getting the error below transcribed.
>
> Could you please help me with this?
>
> Thanks in advance,
>
> Paul
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
Re: Cannot install skypeforlinux
Dario Lesca wrote:
> https://discussion.fedoraproject.org/t/dnf-update-failed-skype-gpg-key-expired/81540/3
>
> sudo rm /etc/yum.repos.d/skype-stable.repo
> rpm -qa gpg-pubkey --qf "gpg-pubkey-%{version}-%{release} %{summary}\n"
> sudo rpm -e gpg-pubkey-df7587c3-576a5c23
> sudo rpm -e gpg-pubkey-df7587c3-576a5c23
> sudo curl -o /etc/yum.repos.d/skype-stable.repo
> https://repo.skype.com/rpm/stable/skype-stable.repo
> dnf clean all
> sudo dnf update skypeforlinux -y
> sudo dnf install skypeforlinux -y
That's a lot more work than necessary. :)
All that's really needed is:
rpm -e gpg-pubkey-df7587c3-576a5c23
dnf upgrade skypeforlinux
It's also worth noting that `update` is a deprecated alias
for `upgrade` in dnf. It's best to get out of the habit of
using it, should it eventually be removed. :)
--
Todd
signature.asc
Description: PGP signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
Re: Cannot install skypeforlinux
On Wed, 2023-05-17 at 22:29 +0200, Dario Lesca wrote: > sudo rpm -e gpg-pubkey-df7587c3-576a5c23 > sudo rpm -e gpg-pubkey-df7587c3-576a5c23 So much fun it's worth doing twice? ;-) -- NB: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the list. The following system info data is generated fresh for each post: uname -rsvp Linux 6.2.14-100.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Mon May 1 00:54:35 UTC 2023 x86_64 ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Cannot install skypeforlinux
On Wed, May 17, 2023 at 2:47 AM Barry wrote: > > > On 16 May 2023, at 22:51, Tim via users > > wrote: > > > > On Tue, 2023-05-16 at 14:43 -0400, Todd Zullinger wrote: > >> AFAICT, you have the older key installed, which has expired. > > > > Tangentially, I'm not sure of the value of expiring keys, other than > > for timebombing things. > > In the general case it puts a limit on how long a compromised key will be > usable. > Let’s encrypt keys only live for 3 months (?) for example. > > But it all depends on security threat model. The reason for short lived certificates is to keep CRLs small, especially for mobile devices. In the past, mobile clients were asked to download 60 MB CRLs over a 2G or 3G connection. UI's literally hung while trying to perform the revocation checks. Google experimented with a 30 day expiration, if I recall correctly. Key continuity is much more valuable than gratuitous key rotation. Never throw away a perfectly good key (or password). In fact, unexpected key changes - from the relying party's view - should be considered a red flag. Key continuity and Public Key Pinning is what revealed the DigiNotar compromise. Here's the Iranian kid's message that started the whole thing off: http://productforums.google.com/forum/#!category-topic/gmail/share-and-discuss-with-others/3J3r2JqFNTw . Unfortunately, Google's asshole webmaster broke the link. Where can I get a job breaking shit like a webmaster? Jeff ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
System upgrade verification
To upgrade from Fedora-37 to Fedora-38 the instructions (https://docs.fedoraproject.org/en-US/quick-docs/dnf-system-upgrade/) sa y: ... 5. When the new GPG key is imported, you are asked to verify the key’s fingerprint. Refer to https://getfedora.org/security to do so. Which never happened. I have continued with the upgrade. Is this safe? -- Sincerely Jonathan Ryshpan Procrastinators do it later. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: System upgrade verification
Jonathan Ryshpan wrote: > To upgrade from Fedora-37 to Fedora-38 the instructions > (https://docs.fedoraproject.org/en-US/quick-docs/dnf-system-upgrade/) sa > y: >... >5. When the new GPG key is imported, you are asked to verify the key’s >fingerprint. Refer to https://getfedora.org/security to do so. > Which never happened. I have continued with the upgrade. Is this safe? Short answer: Yes. Long answer: While it's good to verify things, it's not a large risk if you skipped it. The fedora-gpg-keys package ships the signing keys for new releases. That is when used by the upgrade process to install the key for the new release. Let's say you started with Fedora 36 and did a clean install. You download the install image and verify it. Once installed, all the package updates are checked using the Fedora 36 signing key. That includes updates to the fedora-gpg-keys package. When you eventually upgrade to either Fedora 37 or 38, the upgrade process uses the signing key from the local disk, which has already been verified by the package signature of the current release. There's a clear chain from the Fedora 36 key to the Fedora 38 key in this case. Unless the Fedora infrastructure has been badly compromised, you're perfectly safe to perform the system upgrade without manually verifying the key fingerprints. It doesn't hurt to verify them, but it's not the end of the world if you don't. And if the Fedora infrastructure is compromised, then checking the fingerprints on what might be a compromised web site isn't really going to help. :) -- Todd signature.asc Description: PGP signature ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: System upgrade verification
On Wed, May 17, 2023 at 9:43 PM Todd Zullinger wrote: > > Jonathan Ryshpan wrote: > > To upgrade from Fedora-37 to Fedora-38 the instructions > > (https://docs.fedoraproject.org/en-US/quick-docs/dnf-system-upgrade/) sa > > y: > >... > >5. When the new GPG key is imported, you are asked to verify the key’s > >fingerprint. Refer to https://getfedora.org/security to do so. > > Which never happened. I have continued with the upgrade. Is this safe? > > Short answer: Yes. > > Long answer: While it's good to verify things, it's not a > large risk if you skipped it. The fedora-gpg-keys package > ships the signing keys for new releases. That is when used > by the upgrade process to install the key for the new > release. > > Let's say you started with Fedora 36 and did a clean > install. You download the install image and verify it. > Once installed, all the package updates are checked using > the Fedora 36 signing key. That includes updates to the > fedora-gpg-keys package. > > When you eventually upgrade to either Fedora 37 or 38, the > upgrade process uses the signing key from the local disk, > which has already been verified by the package signature of > the current release. > > There's a clear chain from the Fedora 36 key to the Fedora > 38 key in this case. Unless the Fedora infrastructure has > been badly compromised, you're perfectly safe to perform the > system upgrade without manually verifying the key > fingerprints. It doesn't hurt to verify them, but it's not > the end of the world if you don't. > > And if the Fedora infrastructure is compromised, then > checking the fingerprints on what might be a compromised web > site isn't really going to help. :) This always baffles me... Fedora includes irrelevant keys. For example, old keys and keys for different arches. Something feels wrong about trusting them. $ ls /etc/pki/rpm-gpg RPM-GPG-KEY-38-fedoraRPM-GPG-KEY-fedora-26-i386 RPM-GPG-KEY-fedora-10-i386 RPM-GPG-KEY-fedora-26-ppc64 RPM-GPG-KEY-fedora-10-ppcRPM-GPG-KEY-fedora-26-ppc64le RPM-GPG-KEY-fedora-10-ppc64 RPM-GPG-KEY-fedora-26-primary RPM-GPG-KEY-fedora-10-primaryRPM-GPG-KEY-fedora-26-s390x RPM-GPG-KEY-fedora-10-x86_64 RPM-GPG-KEY-fedora-26-secondary RPM-GPG-KEY-fedora-11-i386 RPM-GPG-KEY-fedora-26-x86_64 RPM-GPG-KEY-fedora-11-ppcRPM-GPG-KEY-fedora-27-aarch64 RPM-GPG-KEY-fedora-11-ppc64 RPM-GPG-KEY-fedora-27-armhfp RPM-GPG-KEY-fedora-11-primaryRPM-GPG-KEY-fedora-27-i386 RPM-GPG-KEY-fedora-11-x86_64 RPM-GPG-KEY-fedora-27-ppc64 RPM-GPG-KEY-fedora-12-i386 RPM-GPG-KEY-fedora-27-ppc64le RPM-GPG-KEY-fedora-12-ppcRPM-GPG-KEY-fedora-27-primary RPM-GPG-KEY-fedora-12-ppc64 RPM-GPG-KEY-fedora-27-s390x RPM-GPG-KEY-fedora-12-primaryRPM-GPG-KEY-fedora-27-x86_64 RPM-GPG-KEY-fedora-12-x86_64 RPM-GPG-KEY-fedora-28-aarch64 RPM-GPG-KEY-fedora-13-armRPM-GPG-KEY-fedora-28-armhfp RPM-GPG-KEY-fedora-13-armhfp RPM-GPG-KEY-fedora-28-i386 RPM-GPG-KEY-fedora-13-i386 RPM-GPG-KEY-fedora-28-ppc64 RPM-GPG-KEY-fedora-13-mips RPM-GPG-KEY-fedora-28-ppc64le RPM-GPG-KEY-fedora-13-primaryRPM-GPG-KEY-fedora-28-primary RPM-GPG-KEY-fedora-13-secondary RPM-GPG-KEY-fedora-28-s390x RPM-GPG-KEY-fedora-13-x86_64 RPM-GPG-KEY-fedora-28-x86_64 RPM-GPG-KEY-fedora-14-armRPM-GPG-KEY-fedora-29-aarch64 RPM-GPG-KEY-fedora-14-i386 RPM-GPG-KEY-fedora-29-armhfp RPM-GPG-KEY-fedora-14-primaryRPM-GPG-KEY-fedora-29-i386 RPM-GPG-KEY-fedora-14-secondary RPM-GPG-KEY-fedora-29-ppc64 RPM-GPG-KEY-fedora-14-x86_64 RPM-GPG-KEY-fedora-29-ppc64le RPM-GPG-KEY-fedora-15-armRPM-GPG-KEY-fedora-29-primary RPM-GPG-KEY-fedora-15-armhfp RPM-GPG-KEY-fedora-29-s390x RPM-GPG-KEY-fedora-15-i386 RPM-GPG-KEY-fedora-29-x86_64 RPM-GPG-KEY-fedora-15-ppcRPM-GPG-KEY-fedora-30-aarch64 RPM-GPG-KEY-fedora-15-ppc64 RPM-GPG-KEY-fedora-30-armhfp RPM-GPG-KEY-fedora-15-primaryRPM-GPG-KEY-fedora-30-i386 RPM-GPG-KEY-fedora-15-s390 RPM-GPG-KEY-fedora-30-ppc64le RPM-GPG-KEY-fedora-15-s390x RPM-GPG-KEY-fedora-30-primary RPM-GPG-KEY-fedora-15-secondary RPM-GPG-KEY-fedora-30-s390x RPM-GPG-KEY-fedora-15-x86_64 RPM-GPG-KEY-fedora-30-x86_64 RPM-GPG-KEY-fedora-16-armRPM-GPG-KEY-fedora-31-aarch64 RPM-GPG-KEY-fedora-16-armhfp RPM-GPG-KEY-fedora-31-armhfp RPM-GPG-KEY-fedora-16-i386 RPM-GPG-KEY-fedora-31-i386 RPM-GPG-KEY-fedora-16-ppcRPM-GPG-KEY-fedora-31-ppc64le RPM-GPG-KEY-fedora-16-ppc64 RPM-GPG-KEY-fedora-31-primary RPM-GPG-KEY-fedora-16-primaryRPM-GPG-KEY-fedora-31-s390x RPM-GPG-KEY-fedora-16-s390 RPM-GPG-KEY-fedora-31-x86_64 RPM-GPG-KEY-fedora-16-s390x RPM-GPG-KEY-fedora-32-aarch64 RPM-GPG-KEY-fedora-16-secondary RPM-GPG-KEY-fedora-32-armhfp RPM-GPG-KEY-fedora-16-x86_64 RPM-GPG-KEY-fedora-32-i386 RPM-GPG-KEY-fedora-17-armRPM-GPG-KEY-fedora-32-ppc64le RPM-GPG-KEY-fedora-17-armhfp RPM-GPG-KEY-fedora-32-primary RPM-GPG-KEY-fedora
Re: System upgrade verification
Once upon a time, Jeffrey Walton said: > This always baffles me... Fedora includes irrelevant keys. For > example, old keys and keys for different arches. Something feels wrong > about trusting them. The arch-specific keys are symlinks. The files in /etc/pki/rpm-gpg are not all in your RPM database either; they're just made available (so more just kind of a history thing). They're normally only installed if a repo file in /etc/yum.repos.d references one and you try to install a package from the repo (and so accept the key when prompted). -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: System upgrade verification
Jeffrey Walton wrote: > This always baffles me... Fedora includes irrelevant keys. For > example, old keys and keys for different arches. Something feels wrong > about trusting them. You don't have to trust them if you don't want. :) Other than for upgrades, they're not automatically used, so trust isn't really an issue. Having them there won't cause you to use them for installing packages. For that, they'd need to be installed in the rpm database -- which they likely are if you continuously upgrade. It's not a bad idea to prune them occasionally. There's a script to do that in the remove-retired-packages package. It isn't too aggressive though. In f37, it removes f30-f33 keys. The script is /sbin/fedora-remove-old-gpg-keys. -- Todd signature.asc Description: PGP signature ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
