On Fri, Oct 08, 2010 at 12:07:34AM -0400, Matthew Miller wrote:
> On Thu, Oct 07, 2010 at 11:30:43PM -0400, Toshio Kuratomi wrote:
> > The newer yubikey hardware has provision for two AES keys but I'm not sure
> > how that works and whether it actually allows you to use separate keys with
> > separ
Folks,
It would seem that systemd employs some kind of arbitrary timeout (30
seconds?) by default and will log "operation timed out. Terminating" if
things take longer than this time to start up. I would like to know how
to increase this timeout, or to (preferably) disable it entirely.
Certain se
On Thu, 7 Oct 2010, Mike McGrath wrote:
> My understanding on this is, and I reserve the right to misunderstand
> this, is that once the AES key is on the yubikey, there is no way to get
> it off of there. That key is just used to generate OTP's. So if an
> attacker were to get an OTP they could
On Thu, 7 Oct 2010, Toshio Kuratomi wrote:
> The one time passwords generated by the yubikey can safely be used with
> multiple services. The thing that is unsafe is using the same AES key with
> multiple ykksm's. Yubico runs a ykksm for people to use with some third
> party websites that suppor
On Thu, Oct 07, 2010 at 11:30:43PM -0400, Toshio Kuratomi wrote:
> The newer yubikey hardware has provision for two AES keys but I'm not sure
> how that works and whether it actually allows you to use separate keys with
> separate servers. Someone will need to look into this.
Yes, separate keys -
On Thu, Oct 07, 2010 at 08:54:12PM -0400, Paul Wouters wrote:
>
> I have one and I've played with it in fedora. There is however an important
> catch. The server and the yubikey share the same AES symmetric key. This means
> that if the yubikey is used for multiple sites by one user, that user is
On Thu, 7 Oct 2010, Ricky Zhou wrote:
> On 2010-10-07 07:25:47 PM, Mike McLean wrote:
> > On Thu, Oct 7, 2010 at 5:51 PM, Paul Wouters wrote:
> > > I have one and I've played with it in fedora. There is however an
> > > important
> > > catch. The server and the yubikey share the same AES symmetr
On 2010-10-07 07:25:47 PM, Mike McLean wrote:
> On Thu, Oct 7, 2010 at 5:51 PM, Paul Wouters wrote:
> > I have one and I've played with it in fedora. There is however an important
> > catch. The server and the yubikey share the same AES symmetric key. This
> > means
> > that if the yubikey is use
On Thu, 7 Oct 2010, Paul Wouters wrote:
> On Thu, 7 Oct 2010, Mike McGrath wrote:
>
> >>> We also decided to allow yubikeys as an authentication option for the
> >>> larger community to some hosts and services like fedorapeople.org or
> >>> https://admin.fedoraproject.org/community/. When asked f
On Thu, 7 Oct 2010, Mike McLean wrote:
>> I guess in a way it is like using the same password, but people might not be
>> thinking of that when they have a "device" on them that they use.
>
> Wow, that's a serious weakness. Are we sure about this?
http://www.yubico.com/files/Security_Evaluation_2
On 10/7/2010 12:04, Mike McGrath wrote:
> http://fedoraproject.org/wiki/Infrastruture/Yubikey
^^
Typo alert! ;)
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
On Thu, Oct 7, 2010 at 5:51 PM, Paul Wouters wrote:
> I have one and I've played with it in fedora. There is however an important
> catch. The server and the yubikey share the same AES symmetric key. This means
> that if the yubikey is used for multiple sites by one user, that user is
> sharing
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/5/10 2:30 PM, Mamoru Tasaka wrote:
> Well, how about creating "dist-f14-for-chainbuild" build target and allow
> people to tag or untag build as/from that tag freely?
>
> For example currently
> http://koji.fedoraproject.org/koji/buildtargetinfo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/6/10 1:34 AM, Peter Robinson wrote:
> What happens in a case where the packager is about to push a new
> version, or there has been a rebuild since the 26th?
>
In this case my script will detect a new build in either
dist-f14-updates-candidate
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/6/10 1:44 AM, Tim Waugh wrote:
> On Tue, 2010-10-05 at 15:27 -0700, Jesse Keating wrote:
>> PPS I did not modify my bump script yet to attempt a commit to master
>> and merge to the f14 branch. In the interest of time, I took the easy
>> route
I'm not a security expert but I understood that the usual way to use
these keys was to have one server that the key authenticates with, and
further sites would be accessible through openID or similar - so the
authentication is always with one server.
Using the same device with mutliple servers is
On Thu, Oct 07, 2010 at 12:04:49PM -0500, Mike McGrath wrote:
> Implementation work continues to be discussed and put in please but please
> direct any questions or comments to #fedora-admin on irc.freenode.net or
> the Infrastructure mailing list -
Hello, synchronicity! I was just looking at thi
On Thu, 7 Oct 2010, Mike McGrath wrote:
>>> We also decided to allow yubikeys as an authentication option for the
>>> larger community to some hosts and services like fedorapeople.org or
>>> https://admin.fedoraproject.org/community/. When asked for a password,
>>> just use your yubikey to genera
On Thu, 7 Oct 2010, Bruno Wolff III wrote:
> On Thu, Oct 07, 2010 at 12:04:49 -0500,
> Mike McGrath wrote:
> >
> > We also decided to allow yubikeys as an authentication option for the
> > larger community to some hosts and services like fedorapeople.org or
> > https://admin.fedoraproject.org/c
Folks,
On current rawhide (perhaps caused by upgrade from F14 beta), I'm
getting a few weirdly broken icons for notification applets. Those
applets then crash when moused over or clicked on with a SEGV that looks
to be caused by it not finding the correct icon (I did file an ABRT bug
last night fo
On Thu, 2010-10-07 at 13:40 +, Matej Cepl wrote:
> Martin Sourada, Wed, 06 Oct 2010 22:39:00 +0200:
> > But I have my doubts about
> > mozilla in this regard, after all, proper support on linux does not seem
> > to be high priority for them
>
> I just fell the urge to mention here
> https://bu
On Thu, Oct 07, 2010 at 12:04:49 -0500,
Mike McGrath wrote:
>
> We also decided to allow yubikeys as an authentication option for the
> larger community to some hosts and services like fedorapeople.org or
> https://admin.fedoraproject.org/community/. When asked for a password,
> just use your
On Tue, Oct 5, 2010 at 9:14 PM, Jesse Keating wrote:
> There was a change in glibc during the F14 development cycle that
> requires running a newer kernel in order to run the f14 binaries.
>
> You could probably cheat a new kernel onto F11 and then do the pungi
> compose in a mock chroot of f14 c
On Sat, Sep 25, 2010 at 01:03:13PM -0600, Kevin Fenzi wrote:
> On Wed, 22 Sep 2010 22:21:33 +0200
> Till Maas wrote:
> > Also can someone please explain the practical advantages of requiring
> > the autokarma threshold to approve the ability to push a non critical
> > path update to stable instea
Pasi Kärkkäinen píše v Čt 07. 10. 2010 v 22:29 +0300:
> On Thu, Oct 07, 2010 at 10:17:11AM -0700, Adam Williamson wrote:
> > On Thu, 2010-10-07 at 10:49 +0300, Pasi Kärkkäinen wrote:
> >
> > > > that bug is already inconvenient for some people; if they have laptops
> > > > with bad lid switches i
On Thu, Oct 07, 2010 at 10:17:11AM -0700, Adam Williamson wrote:
> On Thu, 2010-10-07 at 10:49 +0300, Pasi Kärkkäinen wrote:
>
> > > that bug is already inconvenient for some people; if they have laptops
> > > with bad lid switches it'd be much more inconvenient. The only active
> > > display woul
On Thu, 2010-10-07 at 13:40 +, Matej Cepl wrote:
> Martin Sourada, Wed, 06 Oct 2010 22:39:00 +0200:
> > But I have my doubts about
> > mozilla in this regard, after all, proper support on linux does not seem
> > to be high priority for them
>
> I just fell the urge to mention here
> https://bu
On Thu, 2010-10-07 at 11:07 -0400, James Laska wrote:
> > All of them. They're mostly modifications of existing pages. I'm not
> > quite sure how you get that they look the same, they're very different.
>
> General note ... There are a few broken links on this page. I didn't
> inspect *all* of t
On Thu, 2010-10-07 at 08:36 -0400, Brandon Lozza wrote:
> What are you guys going to do if someone does it anyway in a country
> where Redhat hasn't registered the Fedora trademark, or countries
> where another country already owns the Fedora trademark. Do you think
> spammers are going to host in
On Thu, 2010-10-07 at 10:49 +0300, Pasi Kärkkäinen wrote:
> > that bug is already inconvenient for some people; if they have laptops
> > with bad lid switches it'd be much more inconvenient. The only active
> > display would be the external display they weren't actually using.
>
> I read that bug
Summary of changes:
c7c626e... update to 0.90 (*)
(*) This commit already existed in another branch; no separate mail sent
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mail
Summary of changes:
c7c626e... update to 0.90 (*)
(*) This commit already existed in another branch; no separate mail sent
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mail
The Fedora Infrastructure team is happy to announce support for the
hardware key authentication device, the yubikey. Users will be able to
use their own yubikeys to access some Fedora services, like
fedorapeople.org or some web services.
Why have we done this? The main purpose was to provide mu
commit c7c626e362a1a07ad20af64f9881c6a7dfcd2faf
Author: Iain Arnell
Date: Thu Oct 7 18:57:20 2010 +0200
update to 0.90
.gitignore|1 +
perl-DateTime-Format-Natural.spec | 19 ---
sources |2 +-
3 files changed, 14
On 10/07/2010 08:36 AM, Brandon Lozza wrote:
> On 10/6/10, Adam Williamson wrote:
>> If we don't protect the Fedora trademark, anyone can produce anything
>> and call it 'Fedora'. Including something which doesn't fit into our
>> philosophy of freedom at all.
>
> What are you guys going to do if
Compose started at Thu Oct 7 13:15:30 UTC 2010
Broken deps for x86_64
--
almanah-0.7.3-3.fc14.x86_64 requires libedataserverui-1.2.so.10()(64bit)
antlr3-python-3.1.2-7.fc14.noarch requires python(abi) = 0:2.6
frysk-0.
On Wed, 2010-10-06 at 12:32 -0700, Adam Williamson wrote:
> On Wed, 2010-10-06 at 14:58 -0400, John Poelstra wrote:
> > Adam Williamson said the following on 10/06/2010 01:32 PM Pacific Time:
> > > On Thu, 2010-09-23 at 12:58 +0100, Adam Williamson wrote:
> > >> Hi, everyone. So we partly used the
Martin Sourada, Wed, 06 Oct 2010 22:39:00 +0200:
> But I have my doubts about
> mozilla in this regard, after all, proper support on linux does not seem
> to be high priority for them
I just fell the urge to mention here
https://bugzilla.mozilla.org/show_bug.cgi?id=577653#c6
and
http://en.wikipedi
-nfsv4-1.1.0
- Remove CIMOM dependencies
sblim-cmpi-params-1.3.0-1.fc15
--
* Wed Oct 06 2010 Vitezslav Crhonek - 1.3.0-1
- Update to sblim-cmpi-params-1.3.0
- Remove CIMOM dependencies
sepostgresql-9.0.1-20101007.fc15
* Thu
I think an exception should be made for Chromium too. Having a more
secure browser would benefit the main repositories.
On 10/7/10, Brandon Lozza wrote:
> On 10/6/10, Adam Williamson wrote:
>> On Wed, 2010-10-06 at 16:41 +0200, Ralf Corsepius wrote:
>>
>>> However, this here is Fedora, a project
On 10/6/10, Adam Williamson wrote:
> On Wed, 2010-10-06 at 16:41 +0200, Ralf Corsepius wrote:
>
>> However, this here is Fedora, a project that once was aiming at
>> "Freedom" - As trivial as it is, restrictive trademark policies simply
>> do not fit into this philosophy.
>
> If we don't protect t
On Wed, 2010-10-06 at 19:31 +0100, Richard W.M. Jones wrote:
> Seems quite complex. What's wrong with a directory:
>
> /etc/iptables.d/
>
> where RPMs like libvirt just drop the required additional rules (in a
> separate chain if you like) and restart the iptables service? It's
> low-tech but
On Wed, 2010-10-06 at 17:26 +0200, Thomas Woerner wrote:
> It is possible to specify a timeout for a firewall service and also the
> other features. The service will be opened immediately and closed again
> after the defined period is over. This allows to accept new connections
> from unknown so
On 10/07/2010 12:20 AM, Kevin Fenzi wrote:
> How would you suggest wording this? The above is what people might
> expect from a F(n-1), but what policy would match these goals?
>
> ie, how can we explain how F(n-1) is different from F(n) for
> maintainers? What updates should be in one and not the
On Wed, 06 Oct 2010 11:19:21 +0200
Farkas Levente wrote:
> hi,
> while try to make a scratch build i always got:
> -
> # fedpkg scratch-build
> Could not log into koji: Opening a SSL connection failed
> -
> even if i t
On 10/07/2010 02:20 AM, Genes MailLists wrote:
> On 10/06/2010 11:26 AM, Thomas Woerner wrote:
>
>> 6) Compatibility Mode
>>
>> The current static firewall model will still be available for
>> compatibility for users or administrators creating their own firewall.
>> This deactivates the firewall se
On 10/06/2010 08:31 PM, Richard W.M. Jones wrote:
> Seems quite complex. What's wrong with a directory:
>
>/etc/iptables.d/
>
> where RPMs like libvirt just drop the required additional rules (in a
> separate chain if you like) and restart the iptables service? It's
> low-tech but simple and
Try verbose variant to figure out what happened:
$ fedpkg -v scratch-build
06.10.2010 13:19, Farkas Levente wrote:
> hi,
> while try to make a scratch build i always got:
> -
> # fedpkg scratch-build
> Could not log into koji: Opening a SSL connection fai
On Wed, Oct 06, 2010 at 02:31:22PM -0700, Adam Williamson wrote:
> On Wed, 2010-10-06 at 23:32 +0300, Pasi Kärkkäinen wrote:
>
> > What's the worst thing that can happen when trusting the ACPI lid state?
> >
> > Think about this:
> >
> > - Laptop lid open (so internal lvds enabled), and also ext
49 matches
Mail list logo
