Dne 7.12.2010 01:03, Matt McCutchen napsal(a):
> I don't agree that ssh is required for a "working system". A desktop
> user may never ssh to his/her own machine. (Whether to enable ssh by
> default is a different question.)
Please do keep sshd enabled by default ... be it daemon, inetd service,
Dne 7.12.2010 00:21, Jesse Keating napsal(a):
> Actually bittorrents that have upnp work. Routers I've seen come
> pre-configured to allow upnp, so an app on a computer, or a game
> console, sends out a upnp request to open up/forward a port and the
> router complies.
And I really hope this will
Dne 7.12.2010 04:50, Genes MailLists napsal(a):
> * Will fedora bring app-armor (and GUI's tools perhaps) as an selinux
> partner for f15 now that its accepted in upstream kernel too ?
Gosh, I hope not, but I have my doubts.
Matěj
--
devel mailing list
devel@lists.fedoraproject.org
https://ad
On Tue, Dec 07, 2010 at 07:14:16AM +0100, Michał Piotrowski wrote:
> 2010/12/7 Toshio Kuratomi :
> > On Tue, Dec 07, 2010 at 12:38:07AM +0100, Michał Piotrowski wrote:
> >> 2010/12/7 Toshio Kuratomi :
> >> > Those might be
> >> > able to start defining a category of "things needed to run a desktop
2010/12/7 Toshio Kuratomi :
> On Tue, Dec 07, 2010 at 12:38:07AM +0100, Michał Piotrowski wrote:
>> 2010/12/7 Toshio Kuratomi :
>> > Those might be
>> > able to start defining a category of "things needed to run a desktop
>> > session" or something.
>> >
>> > iptables,
>>
>> no chance to disable t
On Mon, 2010-12-06 at 23:01 -0600, Matt Domsch wrote:
> I trust module-init-tools will get resolved with an impending upstream
> release. Not like that can go unfixed forever. :-)
Should be fixed before Wednesday (tomorrow). I have some fixes for
compressed modules too. Will let you know when th
On 12/07/2010 06:41 AM, Matt Domsch wrote:
> On Tue, Dec 07, 2010 at 03:35:35PM +1000, Jeffrey Fearn wrote:
>> Matt Domsch wrote:
>>> I would like to propose blocking packages at the F15 alpha compose
>>> point if they have not resolved their FTBFS from F14 or earlier. The
>>> lists may be broken
On Tue, Dec 07, 2010 at 03:35:35PM +1000, Jeffrey Fearn wrote:
> Matt Domsch wrote:
> > I would like to propose blocking packages at the F15 alpha compose
> > point if they have not resolved their FTBFS from F14 or earlier. The
> > lists may be broken down by when they last did build. With 3
> >
Matt Domsch wrote:
> I would like to propose blocking packages at the F15 alpha compose
> point if they have not resolved their FTBFS from F14 or earlier. The
> lists may be broken down by when they last did build. With 3
> exceptions, these 110 bugs are all still in NEW state as well, so they
>
On Mon, Dec 06, 2010 at 11:13:49PM -0600, Garrett Holmstrom wrote:
> On 12/6/2010 23:01, Matt Domsch wrote:
> > I would like to propose blocking packages at the F15 alpha compose
> > point if they have not resolved their FTBFS from F14 or earlier. The
> > lists may be broken down by when they last
On 12/6/2010 23:01, Matt Domsch wrote:
> I would like to propose blocking packages at the F15 alpha compose
> point if they have not resolved their FTBFS from F14 or earlier. The
> lists may be broken down by when they last did build. With 3
> exceptions, these 110 bugs are all still in NEW state
I would like to propose blocking packages at the F15 alpha compose
point if they have not resolved their FTBFS from F14 or earlier. The
lists may be broken down by when they last did build. With 3
exceptions, these 110 bugs are all still in NEW state as well, so they
haven't had much maintainer l
On 12/06/2010 07:07 PM, Michał Piotrowski wrote:
>> A desktop
>> user may never ssh to his/her own machine.
>
> That's why it should be socket activated as soon as possible
Question - what do we imagine happens if user starts a service
listening on port (which happens to be sshd) ? Will
On 12/06/2010 06:40 PM, seth vidal wrote:
> On Mon, 2010-12-06 at 16:10 -0700, Orion Poplawski wrote:
>
>> But once we're talking about OVERWHELMINGLY LARGE NUMBER OF SERVER INSTALLS,
>> aren't we also talking about kickstart and other automated management tools
>> with which configuring things
On Mon, Dec 6, 2010 at 19:10, Chris Adams wrote:
> Once upon a time, Adam Williamson said:
>> I use it as a safety net for much this reason. I am not comfortable with
>> 100% guaranteeing that 'helpful' services we install by default like
>> Avahi are not doing things I really wouldn't want them
On Mon, 2010-12-06 at 21:31 -0500, seth vidal wrote:
> > That's not the question you asked. You asked what the use cases of Avahi
> > are, and people told you. You can't ask a question, get a bunch of very
> > good answers to it, and then say 'but those answers don't address this
> > different con
On Mon, 2010-12-06 at 18:23 -0800, Adam Williamson wrote:
> On Mon, 2010-12-06 at 18:04 -0500, seth vidal wrote:
> > On Mon, 2010-12-06 at 17:54 -0500, Adam Jackson wrote:
> >
> > > And every time I do, I think "there's no reason it needs to be this
> > > hard". All I want to do is make movies on
On Mon, 2010-12-06 at 18:07 -0800, Jesse Keating wrote:
> On 12/06/2010 06:04 PM, Adam Williamson wrote:
> > On Mon, 2010-12-06 at 19:05 +, Daniel P. Berrange wrote:
> >
> >> The other benefit would be if the user only intended the
> >> service to be accessible to localhost, or a UNIX domain
>
On Mon, 2010-12-06 at 18:04 -0500, seth vidal wrote:
> On Mon, 2010-12-06 at 17:54 -0500, Adam Jackson wrote:
>
> > And every time I do, I think "there's no reason it needs to be this
> > hard". All I want to do is make movies on my hard drive visible to my
> > PS3. Why is this harder than click
On Mon, 2010-12-06 at 15:06 -0500, seth vidal wrote:
> > Yeah, general discovery. From the top of my head:
> > - Pulseaudio sinks and sources
> > - libvirt instances for virt-manager
> > - VNC desktops for Vinagre
> > - local web pages (think SOHO router config page) for zeroconf
> > enabled
On Mon, 2010-12-06 at 14:53 -0500, seth vidal wrote:
> what are the use cases of zeroconf-enabled apps that we're targetting?
GNOME uses avahi to find other linux systems on the local network it can
browse via scp.
(well, it's supposed to. this hasn't worked for me for a while, though
it seems t
Once upon a time, Adam Williamson said:
> I use it as a safety net for much this reason. I am not comfortable with
> 100% guaranteeing that 'helpful' services we install by default like
> Avahi are not doing things I really wouldn't want them to do when I
> connect to some open wifi network.
So,
Once upon a time, Adam Williamson said:
> On most laptops, however, which are the most common types of system sold
> today, a firewall is very definitely needed when you're connecting to
> hotel networks, public wifi access points...
The only thing you need a firewall by default for is to prevent
On Mon, 2010-12-06 at 17:57 -0800, Adam Williamson wrote:
> On Mon, 2010-12-06 at 10:54 +0100, Michał Piotrowski wrote:
>
> > There are no stupid questions :)
> >
> > On most desktop systems firewall is not needed. Many users do not even
> > know how to configure it. In fact I disable it in most
On 12/06/2010 06:04 PM, Adam Williamson wrote:
> On Mon, 2010-12-06 at 19:05 +, Daniel P. Berrange wrote:
>
>> The other benefit would be if the user only intended the
>> service to be accessible to localhost, or a UNIX domain
>> socket but for some reason screwed up their service's
>> config
On 12/06/2010 05:57 PM, Adam Williamson wrote:
> On most laptops, however, which are the most common types of system sold
> today, a firewall is very definitely needed when you're connecting to
> hotel networks, public wifi access points...
Please explain why. What actual service is the firewall
On Mon, 2010-12-06 at 19:05 +, Daniel P. Berrange wrote:
> The other benefit would be if the user only intended the
> service to be accessible to localhost, or a UNIX domain
> socket but for some reason screwed up their service's
> config & opened it to the world.
I use it as a safety net for
Adam Williamson píše v Po 06. 12. 2010 v 17:57 -0800:
> On Mon, 2010-12-06 at 10:54 +0100, Michał Piotrowski wrote:
>
> > There are no stupid questions :)
> >
> > On most desktop systems firewall is not needed. Many users do not even
> > know how to configure it. In fact I disable it in most of m
On Mon, 2010-12-06 at 10:54 +0100, Michał Piotrowski wrote:
> There are no stupid questions :)
>
> On most desktop systems firewall is not needed. Many users do not even
> know how to configure it. In fact I disable it in most of my systems,
> because there is no real use for it. So I asked a sim
On Sun, 2010-12-05 at 17:04 +0100, valent.turko...@gmail.com wrote:
> On Sat, Dec 4, 2010 at 11:44 PM, valent.turko...@gmail.com
> wrote:
> > https://bugzilla.redhat.com/show_bug.cgi?id=501227
> >
> > I'm writing to devel list just if anybody can say will there be any
> > chance to get nautilus an
On Tue, 2010-12-07 at 01:07 +0100, Michał Piotrowski wrote:
> 2010/12/7 Matt McCutchen :
> > On Tue, 2010-12-07 at 00:38 +0100, Michał Piotrowski wrote:
> >> Cron - but should be activated only when cron files exist
> >>
> >> It seems to me that the list:
> >> - ssh
> >> - Dbus
> >> - syslog
> >> -
> "MP" == Michał Piotrowski writes:
MP> Dear FPC people, could you provide this list in the near future?
We haven't even met since it was decided that we were to do this. I
imagine it would take a couple of meetings to bang out a list.
- J<
--
devel mailing list
devel@lists.fedoraproject
On Tue, Dec 07, 2010 at 12:38:07AM +0100, Michał Piotrowski wrote:
> 2010/12/7 Toshio Kuratomi :
> > Those might be
> > able to start defining a category of "things needed to run a desktop
> > session" or something.
> >
> > iptables,
>
> no chance to disable this
>
I'd be more inclined to ask wh
2010/12/7 Matt McCutchen :
> On Tue, 2010-12-07 at 00:38 +0100, Michał Piotrowski wrote:
>> Cron - but should be activated only when cron files exist
>>
>> It seems to me that the list:
>> - ssh
>> - Dbus
>> - syslog
>> - iptables
>> - ip6tables
>> - auditd
>> - restorecond
>> is an absolute minimu
On Tue, 2010-12-07 at 00:38 +0100, Michał Piotrowski wrote:
> Cron - but should be activated only when cron files exist
>
> It seems to me that the list:
> - ssh
> - Dbus
> - syslog
> - iptables
> - ip6tables
> - auditd
> - restorecond
> is an absolute minimum to get "working system".
I don't agr
On 12/06/2010 03:42 PM, Stephen John Smoogen wrote:
> Ports that you don't know are open to the network but are somehow available.
>
> Let us put this conversation slightly different... how many of us
> remember password-less package install? It all sounded like a good
> idea with people who are g
On Mon, Dec 6, 2010 at 16:25, Jesse Keating wrote:
> On 12/06/2010 12:18 PM, Tom Lane wrote:
>> Jesse Keating writes:
>>> The argument of default firewall or not would probably quiet down quite
>>> a bit if we had any sort of decent UI to help users get the firewall out
>>> of their way when they
On Mon, 2010-12-06 at 16:10 -0700, Orion Poplawski wrote:
> But once we're talking about OVERWHELMINGLY LARGE NUMBER OF SERVER INSTALLS,
> aren't we also talking about kickstart and other automated management tools
> with which configuring things away from their default values is a standard
> a
2010/12/7 Toshio Kuratomi :
> On Mon, Dec 06, 2010 at 06:55:20PM +0100, Michał Piotrowski wrote:
>> W dniu 6 grudnia 2010 18:43 użytkownik Kevin Fenzi napisał:
>> > On Mon, 6 Dec 2010 18:17:51 +0100
>> > Michał Piotrowski wrote:
>> >
>> >> W dniu 6 grudnia 2010 18:01 użytkownik Kevin Fenzi
>> >>
On 12/06/2010 12:18 PM, Tom Lane wrote:
> Jesse Keating writes:
>> The argument of default firewall or not would probably quiet down quite
>> a bit if we had any sort of decent UI to help users get the firewall out
>> of their way when they're really trying to do something.
>
> +1. In today's en
On 12/06/2010 11:53 AM, seth vidal wrote:
> On Mon, 2010-12-06 at 11:48 -0800, Jesse Keating wrote:
>> Bittorrent, network games, zero conf come to mind.
>>
>
> Bittorrent won't work through many/most wireless routers unless they are
> not natted and/or not explicitly configured.
Actually bittorr
On 12/06/2010 12:44 PM, Bruno Wolff III wrote:
> On Mon, Dec 06, 2010 at 12:33:40 -0800,
> Jesse Keating wrote:
>> On 12/04/2010 09:52 AM, Bruno Wolff III wrote:
>>>
>>> Is this going to break things for people that having set up origin tracking
>>> for multiple releases in the same repo?
>>
>>
On 12/06/2010 04:04 PM, seth vidal wrote:
> On Mon, 2010-12-06 at 17:54 -0500, Adam Jackson wrote:
>
>> And every time I do, I think "there's no reason it needs to be this
>> hard". All I want to do is make movies on my hard drive visible to my
>> PS3. Why is this harder than clicking "share"? A
On Mon, Dec 06, 2010 at 06:55:20PM +0100, Michał Piotrowski wrote:
> W dniu 6 grudnia 2010 18:43 użytkownik Kevin Fenzi napisał:
> > On Mon, 6 Dec 2010 18:17:51 +0100
> > Michał Piotrowski wrote:
> >
> >> W dniu 6 grudnia 2010 18:01 użytkownik Kevin Fenzi
> >> napisał:
> >
> > ...snip...
> >
> >
On 12/06/2010 01:10 AM, Andreas Schwab wrote:
> Jesse Keating writes:
>
>> However, if a user had a local
>> branch of f14 or f14/master they will be left with mismatched
>> .git/config entries. In this case it's easiest to delete the local
>> branch (git branch -d f14) and check it out again.
>
On Mon, 2010-12-06 at 17:54 -0500, Adam Jackson wrote:
> And every time I do, I think "there's no reason it needs to be this
> hard". All I want to do is make movies on my hard drive visible to my
> PS3. Why is this harder than clicking "share"? All I want to do is
> plug the NAS drive I just b
On Mon, 2010-12-06 at 15:06 -0500, seth vidal wrote:
> On Mon, 2010-12-06 at 21:01 +0100, Tomasz Torcz wrote:
> > Yeah, general discovery. From the top of my head:
> > - Pulseaudio sinks and sources
> > - libvirt instances for virt-manager
> > - VNC desktops for Vinagre
> > - local web pages (t
2010/12/6 Matej Cepl :
> Dne 6.12.2010 21:06, seth vidal napsal(a):
[..]
> I have to admit, I am not completely happy with having no firewall per
> default,
It looks like you do not have to worry about removing iptables from @core :)
I think that further discussion on removal it from core is poin
Dne 6.12.2010 21:06, seth vidal napsal(a):
> I'm confused - are any of the above intended to be used/available by
> anyone who is NOT experienced enough to know what iptables are and how
> to manage them? B/c I think it's a bit unlikely.
OK, so let's add (just what gets packaged in Fedora):
* Em
Dne 6.12.2010 20:53, seth vidal napsal(a):
> what are the use cases of zeroconf-enabled apps that we're targetting?
* XMPP-over-Zeroconf (Bonjour)
* gtkvnc searches for VNC servers
* ekiga looks for other clients on LAN
* you can go to local ssh servers in .local domain
* etc. etc. ... partia
On Mon, Dec 06, 2010 at 03:06:24PM -0500, seth vidal wrote:
> On Mon, 2010-12-06 at 21:01 +0100, Tomasz Torcz wrote:
> > On Mon, Dec 06, 2010 at 02:56:19PM -0500, seth vidal wrote:
> > > On Mon, 2010-12-06 at 14:55 -0500, Bill Nottingham wrote:
> > > > seth vidal (skvi...@fedoraproject.org) said:
On Mon, Dec 06, 2010 at 03:08:46PM -0500, Matthew Miller wrote:
> On Mon, Dec 06, 2010 at 08:27:00PM +0100, Phil Knirsch wrote:
> > Basically it's a statefull firewall daemon now that allows us to support
> > and implement a lot of those features which have been so critically
>
> Does this *real
On Mon, 06 Dec 2010 22:04:27 +0100
Michael J Gruber wrote:
> Hi there,
>
> I took over a retired package (rereview APPROVED, took over package,
> reassigned bugs, SCM update request processed) but can't seem to
> "fedpkg build" it: I get "package impressive is blocked for tag
> dist-f15" (see be
On Tue, Dec 7, 2010 at 5:04 AM, Richard W.M. Jones wrote:
> On Mon, Dec 06, 2010 at 11:04:39AM -0500, Matt McCutchen wrote:
> > On Mon, 2010-12-06 at 10:54 +0100, Michał Piotrowski wrote:
> > > On most desktop systems firewall is not needed. Many users do not even
> > > know how to configure it. I
389-ds-base-1.2.7.2 is now in Testing. This release has some key fixes
for bugs in 1.2.7 and 1.2.7.1. Please help us test. The sooner we can
get this release tested, the sooner we can push it to Stable and make it
generally available. There is also a new 389-admin-1.1.13 package.
Installatio
Hi there,
I took over a retired package (rereview APPROVED, took over package,
reassigned bugs, SCM update request processed) but can't seem to "fedpkg
build" it: I get "package impressive is blocked for tag dist-f15" (see
below).
Everything in pkgdb looks OK:
https://admin.fedoraproject.org/pkg
On Mon, Dec 06, 2010 at 12:33:40 -0800,
Jesse Keating wrote:
> On 12/04/2010 09:52 AM, Bruno Wolff III wrote:
> >
> > Is this going to break things for people that having set up origin tracking
> > for multiple releases in the same repo?
>
> Can you explain this a bit more please?
I currently
commit 34e0fd76674a96d37e4fc0ea14ee994806cdb53b
Author: Bill Nottingham
Date: Mon Dec 6 15:41:13 2010 -0500
fix rawhide build.
perl-Finance-Quote.spec |6 +-
1 files changed, 5 insertions(+), 1 deletions(-)
---
diff --git a/perl-Finance-Quote.spec b/perl-Finance-Quote.spec
index 8
On 12/04/2010 09:52 AM, Bruno Wolff III wrote:
> On Fri, Dec 03, 2010 at 16:34:05 -0800,
> Jesse Keating wrote:
>> "f14/user/fred/topic/mybranch" or other such craziness. When I went to
>> test this, I realized that git won't allow you to have both "f14" and
>> "f14/topic" as branches, because
Le lundi 06 décembre 2010 à 20:09 +0100, Miloslav Trmač a écrit :
> Are there other reasons?
App writers are busy reinventing the wheel, changing the configuration
files syntax, and believing they can't do wrong; make sure their mess is
blocked at the outbound port before we get rooted.
--
Nico
Tomasz Torcz píše v Po 06. 12. 2010 v 21:01 +0100:
> Yeah, general discovery. From the top of my head:
> - Pulseaudio sinks and sources
> - libvirt instances for virt-manager
> - VNC desktops for Vinagre
> - local web pages (think SOHO router config page) for zeroconf
> enabled Webbrowsers lik
On 12/04/2010 07:24 AM, Severin Gehwolf wrote:
>> Also we would need to get a new fedpkg into the hands of all the
>> > developers that handles the new branchnames. We could do a build
>> > that
>> > handles both the oldnames and the new and have it out and available
>> > for
>> > a reasonable per
On 06/12/10 21:06, seth vidal wrote:
> On Mon, 2010-12-06 at 21:01 +0100, Tomasz Torcz wrote:
>> On Mon, Dec 06, 2010 at 02:56:19PM -0500, seth vidal wrote:
>>> On Mon, 2010-12-06 at 14:55 -0500, Bill Nottingham wrote:
seth vidal (skvi...@fedoraproject.org) said:
> Bittorrent won't work th
Jesse Keating writes:
> The argument of default firewall or not would probably quiet down quite
> a bit if we had any sort of decent UI to help users get the firewall out
> of their way when they're really trying to do something.
+1. In today's environment, not having a firewall by default is an
On 12/04/2010 02:31 AM, Kalev Lember wrote:
> On 12/04/2010 12:19 PM, Matej Cepl wrote:
>> Related issue I have with the Fedora git repositories is that one cannot
>> remove any branch once it is created. After I have created in bitlbee
>> repo two topic branches, only to find out that I cannot rem
On Mon, Dec 06, 2010 at 08:27:00PM +0100, Phil Knirsch wrote:
> Basically it's a statefull firewall daemon now that allows us to support
> and implement a lot of those features which have been so critically
Does this *really* need to be implemented as yet another constantly-running
daemon? Becau
On Mon, 2010-12-06 at 21:01 +0100, Tomasz Torcz wrote:
> On Mon, Dec 06, 2010 at 02:56:19PM -0500, seth vidal wrote:
> > On Mon, 2010-12-06 at 14:55 -0500, Bill Nottingham wrote:
> > > seth vidal (skvi...@fedoraproject.org) said:
> > > > Bittorrent won't work through many/most wireless routers unl
2010/12/6 Bill Nottingham :
> Michał Piotrowski (mkkp...@gmail.com) said:
>> We are talking here about the case when ssh server is started when
>> user connect to 22 port (or other configured). From my POV everything
>> should work as expected.
>
> Right. To do this in systemd implies that you're p
On 12/06/2010 08:59 PM, Dennis Jacobfeuerborn wrote:
> On 12/06/2010 08:53 PM, Bill Nottingham wrote:
>> Phil Knirsch (pknir...@redhat.com) said:
>>> Basically it's a statefull firewall daemon now that allows us to support
>>> and implement a lot of those features which have been so critically
>>>
On 12/06/2010 08:53 PM, Bill Nottingham wrote:
> Phil Knirsch (pknir...@redhat.com) said:
>> Basically it's a statefull firewall daemon now that allows us to support
>> and implement a lot of those features which have been so critically
>> missing in our old way of doing firewalls (aka static crap)
On Mon, Dec 06, 2010 at 02:56:19PM -0500, seth vidal wrote:
> On Mon, 2010-12-06 at 14:55 -0500, Bill Nottingham wrote:
> > seth vidal (skvi...@fedoraproject.org) said:
> > > Bittorrent won't work through many/most wireless routers unless they are
> > > not natted and/or not explicitly configured.
On 12/06/2010 08:43 PM, Phil Knirsch wrote:
> On 12/06/2010 08:40 PM, Richard W.M. Jones wrote:
>> On Mon, Dec 06, 2010 at 11:15:37AM -0800, Jesse Keating wrote:
>>> On 12/06/2010 11:05 AM, Daniel P. Berrange wrote:
The other benefit would be if the user only intended the
service to be ac
On 12/06/2010 08:53 PM, Bill Nottingham wrote:
> Phil Knirsch (pknir...@redhat.com) said:
>> Basically it's a statefull firewall daemon now that allows us to support
>> and implement a lot of those features which have been so critically
>> missing in our old way of doing firewalls (aka static crap)
Michał Piotrowski (mkkp...@gmail.com) said:
> We are talking here about the case when ssh server is started when
> user connect to 22 port (or other configured). From my POV everything
> should work as expected.
Right. To do this in systemd implies that you're patching openssh to
do socket-based
On Mon, 2010-12-06 at 14:55 -0500, Bill Nottingham wrote:
> seth vidal (skvi...@fedoraproject.org) said:
> > Bittorrent won't work through many/most wireless routers unless they are
> > not natted and/or not explicitly configured.
> >
> > what network games?
> > Heck, what network games do we HAV
seth vidal (skvi...@fedoraproject.org) said:
> Bittorrent won't work through many/most wireless routers unless they are
> not natted and/or not explicitly configured.
>
> what network games?
> Heck, what network games do we HAVE?
>
> what are the use cases of zeroconf-enabled apps that we're tar
Phil Knirsch (pknir...@redhat.com) said:
> Basically it's a statefull firewall daemon now that allows us to support
> and implement a lot of those features which have been so critically
> missing in our old way of doing firewalls (aka static crap) and
> basically impossible to do there. One exa
On Mon, 2010-12-06 at 11:48 -0800, Jesse Keating wrote:
> Bittorrent, network games, zero conf come to mind.
>
Bittorrent won't work through many/most wireless routers unless they are
not natted and/or not explicitly configured.
what network games?
Heck, what network games do we HAVE?
what are
I wonder why my server rejected my previous email?
-- Wiadomość przekazana dalej --
Od: Michał Piotrowski
Data: 6 grudnia 2010 20:46
Temat: Re: Fedora default services (was: Re: F15 Feature - convert as
many service init files as possible to the native SystemD services)
Do: Devel
On 12/04/2010 02:19 AM, Matej Cepl wrote:
> Dne 4.12.2010 06:33, Garrett Holmstrom napsal(a):
>> Why tie branch names down to specific releases? While that scheme makes
>> it easy for fedpkg to guess what release to attempt to build against
>> when one only cares about one release, it makes litt
On 12/06/2010 11:34 AM, Miloslav Trmač wrote:
> Jesse Keating píše v Po 06. 12. 2010 v 11:14 -0800:
>> On 12/06/2010 11:09 AM, Miloslav Trmač wrote:
>>> Jesse Keating píše v Po 06. 12. 2010 v 11:00 -0800:
Right, I always struggle with this. If you allow services that bind to
a port once
Richard W.M. Jones wrote:
> What we really lack is good visibility for n00bs. Sure you can do
> 'netstat -anp' to show open ports and (if you're more of an expert
> than me) look at iptables to see what's wrong, but having nice GUI
> tools to display this information would be better.
Like... ipts
On 12/06/2010 08:40 PM, Richard W.M. Jones wrote:
> On Mon, Dec 06, 2010 at 11:15:37AM -0800, Jesse Keating wrote:
>> On 12/06/2010 11:05 AM, Daniel P. Berrange wrote:
>>> The other benefit would be if the user only intended the
>>> service to be accessible to localhost, or a UNIX domain
>>> socket
On Mon, Dec 06, 2010 at 11:15:37AM -0800, Jesse Keating wrote:
> On 12/06/2010 11:05 AM, Daniel P. Berrange wrote:
> > The other benefit would be if the user only intended the
> > service to be accessible to localhost, or a UNIX domain
> > socket but for some reason screwed up their service's
> > c
On 12/03/2010 09:33 PM, Garrett Holmstrom wrote:
> On 12/3/2010 18:34, Jesse Keating wrote:
>> The original thought was to have top level branches that are named after
>> distribution releases, eg "f14", "f15", "el5". Then we would force
>> branches of those branches use a naming structure of "f14
On Mon, 2010-12-06 at 20:34 +0100, Miloslav Trmač wrote:
> It's not, but we don't really have "personal installs"; any system can
> be a desktop, a server, or both at the same time.
Agreed - I think the case being described by Jesse, though, is the
livecd case. That's what the 'personal install'
Jesse Keating píše v Po 06. 12. 2010 v 11:14 -0800:
> On 12/06/2010 11:09 AM, Miloslav Trmač wrote:
> > Jesse Keating píše v Po 06. 12. 2010 v 11:00 -0800:
> >> Right, I always struggle with this. If you allow services that bind to
> >> a port once enabled to have the port open, then what good doe
Michał Piotrowski píše v Po 06. 12. 2010 v 20:22 +0100:
> 2010/12/6 Bill Nottingham :
> Does openssh stands out something special between other demons?
Actually, it does - for remote installations (sometimes the only option)
ssh needs to be running after installation so that the system
administrato
2010/12/6 Jesse Keating :
> On 12/06/2010 11:20 AM, Matthew Miller wrote:
>> Installing a firewall by default contributes to defense in depth
>> at relatively little cost.
>>
>
> I think that's discounting the user cost, of having something actively
> getting in your way of accomplishing tasks, and
On 12/06/2010 11:27 AM, Phil Knirsch wrote:
> On 12/06/2010 08:15 PM, Jesse Keating wrote:
>> On 12/06/2010 11:05 AM, Daniel P. Berrange wrote:
>>> The other benefit would be if the user only intended the
>>> service to be accessible to localhost, or a UNIX domain
>>> socket but for some reason scr
On 12/06/2010 08:15 PM, Jesse Keating wrote:
> On 12/06/2010 11:05 AM, Daniel P. Berrange wrote:
>> The other benefit would be if the user only intended the
>> service to be accessible to localhost, or a UNIX domain
>> socket but for some reason screwed up their service's
>> config& opened it to t
On 12/06/2010 11:20 AM, Matthew Miller wrote:
> Installing a firewall by default contributes to defense in depth
> at relatively little cost.
>
I think that's discounting the user cost, of having something actively
getting in your way of accomplishing tasks, and we have no real good way
of helpin
2010/12/6 Bill Nottingham :
> Michał Piotrowski (mkkp...@gmail.com) said:
>> >> If systemd will allow us to do that, sure.
>> >
>> > What's the point here? For example, this doesn't cut down on the number
>> > of listening ports, obviously, nor on the requirements for root passwords
>> > and potent
On Mon, Dec 06, 2010 at 08:09:29PM +0100, Miloslav Trmač wrote:
> I can see the following primary reasons to have a firewall:
> * Enforcing a sysadmin-set (system-wide or site-wide) policy.
> "No, you will not run any bittorrent client on the company's
> computer".
>
On 12/06/2010 11:05 AM, Daniel P. Berrange wrote:
> The other benefit would be if the user only intended the
> service to be accessible to localhost, or a UNIX domain
> socket but for some reason screwed up their service's
> config & opened it to the world.
>
I could buy this if we actually alert
On 12/06/2010 11:09 AM, Miloslav Trmač wrote:
> Jesse Keating píše v Po 06. 12. 2010 v 11:00 -0800:
>> Right, I always struggle with this. If you allow services that bind to
>> a port once enabled to have the port open, then what good does it do to
>> have the port closed?
>>
>> I really wonder wh
Jesse Keating píše v Po 06. 12. 2010 v 11:00 -0800:
> Right, I always struggle with this. If you allow services that bind to
> a port once enabled to have the port open, then what good does it do to
> have the port closed?
>
> I really wonder what real purpose a firewall serves on these machines.
On Mon, Dec 06, 2010 at 11:00:53AM -0800, Jesse Keating wrote:
> On 12/06/2010 10:07 AM, Miloslav Trmač wrote:
> > Richard W.M. Jones píše v Po 06. 12. 2010 v 18:04 +:
> >> On Mon, Dec 06, 2010 at 11:04:39AM -0500, Matt McCutchen wrote:
> >>> On Mon, 2010-12-06 at 10:54 +0100, Michał Piotrowski
On 12/06/2010 10:07 AM, Miloslav Trmač wrote:
> Richard W.M. Jones píše v Po 06. 12. 2010 v 18:04 +:
>> On Mon, Dec 06, 2010 at 11:04:39AM -0500, Matt McCutchen wrote:
>>> On Mon, 2010-12-06 at 10:54 +0100, Michał Piotrowski wrote:
On most desktop systems firewall is not needed. Many user
Michał Piotrowski (mkkp...@gmail.com) said:
> >> If systemd will allow us to do that, sure.
> >
> > What's the point here? For example, this doesn't cut down on the number
> > of listening ports, obviously, nor on the requirements for root passwords
> > and potential root login. And if it's starte
1 - 100 of 129 matches
Mail list logo
