On Wed, May 18, 2011 at 10:42:02PM -0400, seth vidal wrote:
> We are however talking about a lot of different upses and while it is
> not specifically fedora's problem we do need to have this handled
> before rhel7, for example, is run on serious systems.
If it's a functional requirement, it'll g
On Thu, 2011-05-19 at 10:00 +0800, Eugene Teo wrote:
> I say, local privilege escalations with publicly available exploits, and
> remotely triggerable vulnerabilities. If such an issue is known before
> Final, we should attempt to address it before releasing.
Note, a release criterion would have
On Thu, 2011-05-19 at 02:06 +0100, Matthew Garrett wrote:
> On Wed, May 18, 2011 at 07:42:17PM -0400, Simo Sorce wrote:
>
> > > I am pretty sure we don't want to run Java programs at late boot, as
> > > root. This would be really bad.
> >
> > You know, it's not like there is a choice for many mod
On Wed, May 18, 2011 at 09:27:23PM -0400, Genes MailLists wrote:
> On 05/18/2011 09:06 PM, Matthew Garrett wrote:
> > On Wed, May 18, 2011 at 07:42:17PM -0400, Simo Sorce wrote:
> >>
> >> You know, it's not like there is a choice for many models ...
> >
> > That's really not a given. For anything
On 05/18/2011 06:42 PM, Simo Sorce wrote:
> On Wed, 2011-05-18 at 16:48 -0500, Robert Nichols wrote:
>> On 05/18/2011 04:04 PM, Lennart Poettering wrote:
>>> Host requests power down from UPS in 30s. Host then continues shut
>>> down. If the host now ends up taking more time then expected for
>>> s
On 05/18/2011 09:06 PM, Matthew Garrett wrote:
> On Wed, May 18, 2011 at 07:42:17PM -0400, Simo Sorce wrote:
>>
>> You know, it's not like there is a choice for many models ...
>
> That's really not a given. For anything short of us having to send http
> requests, there's no fundamental reason wh
On Wed, May 18, 2011 at 07:42:17PM -0400, Simo Sorce wrote:
> > I am pretty sure we don't want to run Java programs at late boot, as
> > root. This would be really bad.
>
> You know, it's not like there is a choice for many models ...
That's really not a given. For anything short of us having to
Compose started at Wed May 18 13:15:47 UTC 2011
Broken deps for x86_64
--
db4o-7.4-2.fc13.x86_64 requires mono(Mono.GetOptions) = 0:2.0.0.0
dh-make-0.55-3.fc15.noarch requires debhelper
file-browser-applet-0.6.6-1.fc15
On Wed, 2011-05-18 at 16:48 -0500, Robert Nichols wrote:
> On 05/18/2011 04:04 PM, Lennart Poettering wrote:
> > Host requests power down from UPS in 30s. Host then continues shut
> > down. If the host now ends up taking more time then expected for
> > shutting down it might still be busy at the ti
On Wed, 2011-05-18 at 23:04 +0200, Lennart Poettering wrote:
> On Mon, 16.05.11 14:30, Simo Sorce (sso...@redhat.com) wrote:
>
> >
> > On Mon, 2011-05-16 at 18:59 +0200, Lennart Poettering wrote:
> > > On Mon, 16.05.11 14:32, Michal Hlavinka (mhlav...@redhat.com) wrote:
> >
> > > > when ups reci
Hey, all. So, although the Fedora 15 final release has been signed off
on, we gave ourselves a bit of wiggle room. The current Sugar
implementation is known to have some significant issues, the major one
of which is that networking is badly broken. We are aiming to try and
fix these and do the Suga
On 05/18/2011 04:04 PM, Lennart Poettering wrote:
> Host requests power down from UPS in 30s. Host then continues shut
> down. If the host now ends up taking more time then expected for
> shutting down it might still be busy at the time of the power going
> away. It's a race between "UPS powering o
Adam Jackson wrote:
> On 5/18/11 4:49 PM, Kevin Kofler wrote:
>> The thing is, if we block the release for each and every known security
>> issue, considering the time passing between notification and public
>> availability of a fix, we will never be able to release anything. We have
>> to draw th
On Mon, 16.05.11 14:30, Simo Sorce (sso...@redhat.com) wrote:
>
> On Mon, 2011-05-16 at 18:59 +0200, Lennart Poettering wrote:
> > On Mon, 16.05.11 14:32, Michal Hlavinka (mhlav...@redhat.com) wrote:
>
> > > when ups recieves command for shutdown, it does not shutdown power
> > > immediately, b
Simo Sorce wrote:
> Is it unthinkable to respin the images with those fixes ?
> Usually the patches are quite simple to backport, and we are talking
> about a limited set of bugs (remote root exploit on install) after all.
Then we'd need a second (or third, if the Features repo finally happens)
u
On Wed, 2011-05-18 at 22:49 +0200, Kevin Kofler wrote:
> The thing is, if we block the release for each and every known security
> issue, considering the time passing between notification and public
> availability of a fix, we will never be able to release anything. We have to
> draw the line s
Tomas Mraz wrote:
> Also note that targeting the heaps of poor users that are eager to try
> the newly shipped Fedora release would be probably much more easy and
> efficient than targeting one user installing the Fedora here or there a
> few months later.
Huh? The "heaps" of users do not install
On 5/18/11 4:49 PM, Kevin Kofler wrote:
> The thing is, if we block the release for each and every known security
> issue, considering the time passing between notification and public
> availability of a fix, we will never be able to release anything. We have to
> draw the line somewhere, and the b
On Wed, 2011-05-18 at 15:43 -0500, dr johnson wrote:
>
> Few questions here:
>
> What does this scope include? Is it merely the LiveCD for GNOME and
> KDE? Does it also include the DVD install selections for both of
> these packages? (They are different)
Well, that's part of the discussion I
Adam Jackson wrote:
> It's a rationally argued position, but argued from an initial state that
> does not reflect reality.
>
> I mean, the conclusion from that line of reasoning is that all releases
> are futile: any sufficiently severe bug unknown at release time could be
> discovered later, and
Few questions here:
What does this scope include? Is it merely the LiveCD for GNOME and KDE?
Does it also include the DVD install selections for both of these packages?
(They are different)
What about clearly vulnerable areas, like "Web Sever" that is push-button
selectable on install?
Do we ma
Adam Jackson wrote:
> The difference between a known and an unknown security bug is that, if
> _you_ know about it, it's virtually certain that someone malicious
> already does too.
>
> We can't avoid unknown risk exposure. You're arguing for ignoring known
> risk exposure entirely. Seems a touc
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=701252
Fedora Update System changed:
What|Removed |Added
--
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=701252
Fedora Update System changed:
What|Removed |Added
--
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=701252
--- Comment #9 from Fedora Update System 2011-05-18
15:57:32 EDT ---
perl-Directory-Queue-1.1-1.el6 has been pushed to the Fedo
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=701252
--- Comment #11 from Fedora Update System
2011-05-18 15:59:04 EDT ---
perl-Directory-Queue-1.1-1.el4 has been pushed to the Fed
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=701252
Fedora Update System changed:
What|Removed |Added
--
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=701252
--- Comment #10 from Fedora Update System
2011-05-18 15:58:36 EDT ---
perl-Directory-Queue-1.1-1.el5 has been pushed to the Fed
On Wed, 2011-05-18 at 14:02 -0400, Adam Jackson wrote:
> On 5/18/11 1:44 PM, Adam Williamson wrote:
> > On Wed, 2011-05-18 at 13:37 -0400, Adam Jackson wrote:
> >> On 5/18/11 1:22 PM, Kevin Kofler wrote:
> >>> Adam Williamson wrote:
> # There must be no known remote code execution vulnerabili
On Wed, 2011-05-18 at 14:40 -0400, Simo Sorce wrote:
> Is it unthinkable to respin the images with those fixes ?
> Usually the patches are quite simple to backport, and we are talking
> about a limited set of bugs (remote root exploit on install) after all.
Unthinkable, no, but there are various
On Wed, 2011-05-18 at 10:44 -0700, Adam Williamson wrote:
> On Wed, 2011-05-18 at 13:37 -0400, Adam Jackson wrote:
> > On 5/18/11 1:22 PM, Kevin Kofler wrote:
> > > Adam Williamson wrote:
> > >> # There must be no known remote code execution vulnerability which could
> > >> be exploited during inst
On Wed, 2011-05-18 at 08:57 -0700, Adam Williamson wrote:
> Hey, all. The topic of whether and which security issues should block
> releases has come up several times before. While we haven't actually had
> many really serious security issues to worry about since the
> introduction of the current
On Wed, 2011-05-18 at 19:22 +0200, Kevin Kofler wrote:
> Adam Williamson wrote:
> > Hey, all. The topic of whether and which security issues should block
> > releases has come up several times before.
>
> Indeed it has. The decision was always that it's not a good idea. I don't
> see how the situ
===
#fedora-meeting: FESCO (2011-05-18)
===
Meeting started by nirik at 17:30:01 UTC. The full logs are available at
http://meetbot.fedoraproject.org/fedora-meeting/2011-05-18/fesco.2011-05-18-17.30.log.html
Meeting summary
-
On Wed, 2011-05-18 at 09:20 -0500, Bruno Wolff III wrote:
> While everyone that worked on the F15 release deserves thanks and
> congrats,
> I'd like to give a special thanks to the systemd and gnome3 developers
> because
> of the large amount of work needed to implement those features. By
> working
On 5/18/11 1:44 PM, Adam Williamson wrote:
> On Wed, 2011-05-18 at 13:37 -0400, Adam Jackson wrote:
>> On 5/18/11 1:22 PM, Kevin Kofler wrote:
>>> Adam Williamson wrote:
# There must be no known remote code execution vulnerability which could
be exploited during installation or during use
On Wed, May 18, 2011 at 10:44:16AM -0700, Adam Williamson wrote:
> Well, I think his point is that it's almost certain that some 'unknown'
> exposures will become 'known' during the life cycle of a release, at
> which point the live images we release three months previously are
> vulnerable to a kn
On Mon, 2011-05-16 at 18:59 +0200, Lennart Poettering wrote:
> On Mon, 16.05.11 14:32, Michal Hlavinka (mhlav...@redhat.com) wrote:
> > when ups recieves command for shutdown, it does not shutdown power
> > immediately, but after 30 seconds. Given that this command should be
> > executed
> > af
Here are the latest changes to the Fedora Packaging Guidelines:
---
A section has been added to the SysVInitScript guidelines covering the
optional situation where a package that uses systemd unit files as the
default also includes sysv initscripts in a subpackage:
https://fedoraproject.org/wiki
On Wed, 2011-05-18 at 13:37 -0400, Adam Jackson wrote:
> On 5/18/11 1:22 PM, Kevin Kofler wrote:
> > Adam Williamson wrote:
> >> # There must be no known remote code execution vulnerability which could
> >> be exploited during installation or during use of a live image shipped
> >> with the release
On 5/18/11 1:22 PM, Kevin Kofler wrote:
> Adam Williamson wrote:
>> # There must be no known remote code execution vulnerability which could
>> be exploited during installation or during use of a live image shipped
>> with the release
>
> This is just completely and utterly moot considering that th
On 05/18/2011 05:18 PM, Adam Miller wrote:
> On Wed, May 18, 2011 at 10:27:07PM +0530, Rahul Sundaram wrote:
>> On 05/18/2011 09:58 PM, "Jóhann B. Guðmundsson" wrote:
>>> On 05/18/2011 03:57 PM, Adam Williamson wrote:
Feedback please! Thanks:)
>>> Given that we ship selinux on by default shoul
Adam Williamson wrote:
> Hey, all. The topic of whether and which security issues should block
> releases has come up several times before.
Indeed it has. The decision was always that it's not a good idea. I don't
see how the situation has changed to warrant beating that dead horse again.
> # Th
On Wed, May 18, 2011 at 10:27:07PM +0530, Rahul Sundaram wrote:
> On 05/18/2011 09:58 PM, "Jóhann B. Guðmundsson" wrote:
> > On 05/18/2011 03:57 PM, Adam Williamson wrote:
> >> Feedback please! Thanks:)
> > Given that we ship selinux on by default should this proposal only be
> > applicable to exp
On 5/18/11 11:57 AM, Adam Williamson wrote:
> # There must be no known remote code execution vulnerability which could
> be exploited during installation or during use of a live image shipped
> with the release
Seems reasonable at first glance.
One anecdotal experience: FC5 (wow) shipped with an
On Wed, 2011-05-18 at 16:28 +, "Jóhann B. Guðmundsson" wrote:
> On 05/18/2011 03:57 PM, Adam Williamson wrote:
> > Feedback please! Thanks:)
>
> Given that we ship selinux on by default should this proposal only be
> applicable to exploits/vulnerability that selinux cant catch and prevent
>
On 05/18/2011 09:58 PM, "Jóhann B. Guðmundsson" wrote:
> On 05/18/2011 03:57 PM, Adam Williamson wrote:
>> Feedback please! Thanks:)
> Given that we ship selinux on by default should this proposal only be
> applicable to exploits/vulnerability that selinux cant catch and prevent
> which leaves us
On Wed, May 18, 2011 at 08:57:17 -0700,
Adam Williamson wrote:
>
> # There must be no known remote code execution vulnerability which could
> be exploited during installation or during use of a live image shipped
> with the release
>
> Points to consider:
I think there may be some remote expl
On 05/18/2011 03:57 PM, Adam Williamson wrote:
> Feedback please! Thanks:)
Given that we ship selinux on by default should this proposal only be
applicable to exploits/vulnerability that selinux cant catch and prevent
which leaves us with https://admin.fedoraproject.org/mailman/listinfo/devel
On Wed, 2011-05-18 at 08:57 -0700, Adam Williamson wrote:
> # There must be no known remote code execution vulnerability which could
> be exploited during installation or during use of a live image shipped
> with the release
>
> Points to consider:
One more 'point to consider' that I forgot: for
Hey, all. The topic of whether and which security issues should block
releases has come up several times before. While we haven't actually had
many really serious security issues to worry about since the
introduction of the current release criteria system, I think it's
certainly something we should
Jiri Skala (jsk...@redhat.com) said:
> On Mon, 2011-05-16 at 14:26 -0400, Bill Nottingham wrote:
> > Notably, this re-adds the RPC API to glibc's exported interface, so
> > please test that rebuilding your applications still works, or works
> > again.
> >
> > https://admin.fedoraproject.org/upda
On 05/18/2011 08:48 AM, Andrew Haley wrote:
> On 05/18/2011 03:47 PM, Orion Poplawski wrote:
>> collect2: ld terminated with signal 6 [Aborted]
>>
>> Any ideas what might cause this?
>
> A bug in collect2 or the OOM killer.
>
> Have a look at the output of dmesg.
>
> Andrew.
That was my thought to
On 05/18/2011 10:20 AM, Bruno Wolff III wrote:
> While everyone that worked on the F15 release deserves thanks and congrats,
> I'd like to give a special thanks to the systemd and gnome3 developers because
> of the large amount of work needed to implement those features. By working
> hard to get th
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=704221
--- Comment #3 from Hans de Goede 2011-05-18 10:52:32 EDT
---
(In reply to comment #2)
> Upstream seems to have renamed the dis
On 05/18/2011 03:47 PM, Orion Poplawski wrote:
> 2 for 2 now:
>
> libtool: link: g++ -fPIC -DPIC -shared -nostdlib
> /usr/lib/gcc/i686-redhat-linux/4.6.0/../../../crti.o
> /usr/lib/gcc/i686-redhat-linux/4.6.0/crtbeginS.o .libs/assocdata.o
> .libs/basic_fun_cl.o .libs/basic_fun.o .libs/basic_f
2 for 2 now:
libtool: link: g++ -fPIC -DPIC -shared -nostdlib
/usr/lib/gcc/i686-redhat-linux/4.6.0/../../../crti.o
/usr/lib/gcc/i686-redhat-linux/4.6.0/crtbeginS.o .libs/assocdata.o
.libs/basic_fun_cl.o .libs/basic_fun.o .libs/basic_fun_jmg.o .libs/basic_op.o
.libs/basic_pro.o .libs/basic_pr
On Tue, May 17, 2011 at 11:33:35 -0400,
Tom Callaway wrote:
> Lately, I've been trying to resolve as many of these as reasonably
> possible. Here's what I know:
>
> > sear-0.6.3-14.fc12.x86_64 requires liberis-1.3.so.15()(64bit)
>
> https://admin.fedoraproject.org/updates/sear-0.6.3-18.fc1
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=704221
Iain Arnell changed:
What|Removed |Added
---
While everyone that worked on the F15 release deserves thanks and congrats,
I'd like to give a special thanks to the systemd and gnome3 developers because
of the large amount of work needed to implement those features. By working
hard to get these into F15, they helped meet Fedora's goal of being F
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=704221
Hans de Goede changed:
What|Removed |Added
-
On Tuesday, May 17, 2011 08:46:15 PM Kevin Kofler wrote:
> Branched Report wrote:
> > Broken deps for x86_64
>
> Are we going to get these uninstallable packages cleared up from the
> Everything tree before sending the release to the mirrors? Otherwise,
> they're going to come haunt us at each and
On Tuesday, May 17, 2011 10:43:47 AM Richard W.M. Jones wrote:
> On Tue, May 17, 2011 at 09:33:51AM -0400, Josh Boyer wrote:
> > On Tue, May 17, 2011 at 9:28 AM, Kevin Fenzi wrote:
> > >> Is there some other way to add a noarch package that doesn't build on
> > >> some architectures?
> > >
> > >
On Mon, 2011-05-16 at 14:26 -0400, Bill Nottingham wrote:
> Notably, this re-adds the RPC API to glibc's exported interface, so
> please test that rebuilding your applications still works, or works
> again.
>
> https://admin.fedoraproject.org/updates/glibc-2.13.90-12
>
there is number of headers
Compose started at Wed May 18 08:15:03 UTC 2011
Broken deps for x86_64
--
R-Rsolid-0.9.31-2.fc15.x86_64 requires libhdf5.so.6()(64bit)
acheck-0.5.1-4.fc15.noarch requires perl(Text::Aspell)
almanah-0.7.3-10.fc15.x86_64
Presto-utils was originally created to generate the deltarpm metadata
for yum-presto to use so it knew which deltarpms to download. This
functionality was merged into createrepo a long time ago, and
presto-utils has seen little love since then.
If someone is still using presto-utils and wants to
66 matches
Mail list logo
