On 9.4.2012 22:55, Daniel J Walsh wrote:
DrKonqi are, we
should disable the ability of any process on their desktop from being able to
read/manipulate other processes on their desktop.
This is actually IMHO a mistake ... DrKonqi (KDE version of abrt-gui) is
exactly for people who have no clue
On Tue, Apr 10, 2012 at 08:15:14 +0200,
Vít Ondruch wrote:
Actually the reason why I am asking is that there is a lot of broken
dependencies, because of Ruby update. Some of them are already fixed,
but not accepted due to freeze. Proposing all this fixes as NTH would
be nightmare for me as
Dne 6.4.2012 18:57, Jared K. Smith napsal(a):
On Fri, Apr 6, 2012 at 8:11 AM, Vít Ondruch wrote:
I am wondering why fixes of broken dependencies are not automatically tagged
into F17 (of course after staging in Bodhi), when the situation couldn't be
worse by such fix. If F17 is supposed to stab
On Tue, 10 Apr 2012 04:41:46 +0200, Kevin Kofler wrote:
> "Mozilla plugins" is usually a euphemism for proprietary crap, most often
> Flash. We cannot package that in Fedora.
So if there is the easy installability of proprietary crap like Mozilla
plugins why aren't also the repositories like RPMf
As per the Fedora 17 schedule [1], Fedora 17 Beta Release Candidate 4
(RC4) is now available for testing. Content information, including
changes, can be found at https://fedorahosted.org/rel-eng/ticket/5141 .
Please see the following pages for download links (including delta ISOs)
and testing instr
Matthew Garrett wrote:
> I'd be surprised if Mozilla were fine with us disabling that kind of
> core Firefox functionality and still calling the end result Firefox.
Then we should just rename it.
The real issue is whether we are ready to drop support for proprietary
plugins such as Flash. I'd ad
Jan Kratochvil wrote:
> Wouldn't it be better to package Mozilla plugins in Fedora so that they
> are trusted? And then disable Firefox plugins downloads the same way as
> there is Firefox updater disabled (--disable-updater) as it would
> conflict/duplicate the rpm packaging of Firefox anyway.
"
Miloslav Trmač wrote:
> It would be very surprising if merely installing a package changed the
> security configuration that is not directly related to the files
> installed by the package.
+1, which is why I think deny_ptrace should be globally disabled.
Kevin Kofler
--
devel mailing l
Antonio Trande wrote:
> Maybe if deny_ptrace remains turn on by default already from F17 is good,
> i think.
No, keeping it off also in future releases is what "is good".
> Because of two reasons primarily:
>
> - Many "Fedora normal users" still don't know because SELinux is
> important, you ima
Michael Cronenworth wrote:
> John Reiser wrote:
>> I reasonably require "gdb -p " (PTRACE_ATTACH) to work. If you want
>> to protect "people", then figure out some way to protect them yet allow
>> me to do my work on a usual multi-user system.
>
> They have figured out a way: It's controlled by a
Daniel J Walsh wrote:
> We did have a bug in Alpha where it was turned off. Now that people are
> actually seeing it turned on in Fedora 17 Beta, they are reacting.
Uh no, I reacted back when you announced you would turn it on (which was
also the first time I heard of the feature in the first pl
Eric Paris wrote:
> I ask in the bug how DrKonqi works on other distros with the YAMA
> security module enabled which implements a slightly different semantic
> and didn't hear a response.
AFAIK, Kubuntu disables DrKonqi entirely, using Apport instead. But we don't
want to do the same with ABRT i
Daniel J Walsh wrote:
> My argument is if you understand what ptrace or gdb are, you probably can
> figure out how to turn this feature off. And we are even putting
> information into the commands to tell you how to disable it. But for the
> vast majority of computer users who would what the hell
Matej Cepl wrote:
> OK, this is bad ... is it just because somebody ignored DrKonqi (which
> would be very bad indeed) or are abrt and breakpad also affected?
If Breakpad attaches GDB to live processes as DrKonqi does, it's also
affected. As Rex said, ABRT is not affected because it attaches to c
Daniel J Walsh wrote:
> We already block ptrace from almost every confined domain other then user
> domains.
Then why not just keep it that way instead of breaking GDB?
Kevin Kofler
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/deve
Matej Cepl wrote:
> I am afraid you are not an ordinary Fedora user. If abrt/breakpad/etc.
> works as they should, then I don't think majority of Fedora users have any
> reason why to pull out gdb at all.
Because DrKonqi or some other similar crash handler (DrKonqi is not the only
one which works
On Mon, Apr 09, 2012 at 09:18:13PM -0400, Daniel J Walsh wrote:
> On 04/09/2012 05:06 PM, Matthew Garrett wrote:
> > On Mon, Apr 09, 2012 at 04:55:27PM -0400, Daniel J Walsh wrote:
> >
> >> And guess what I use these tools, and I just execute setsebool
> >> deny_ptrace 0 anytime I need to strace o
Josh Boyer wrote:
> Because you, as the maintainer of the package in question, aren't
> building and testing the package locally before you submit the official
> build? Or you aren't leveraging scratch builds to do the same if your
> local hardware is prohibitively slow?
The local or scratch buil
On 04/09/2012 05:06 PM, Matthew Garrett wrote:
> On Mon, Apr 09, 2012 at 04:55:27PM -0400, Daniel J Walsh wrote:
>
>> And guess what I use these tools, and I just execute setsebool
>> deny_ptrace 0 anytime I need to strace or debug an application, then I
>> turn it back on when I am done.
>
> Are
Thank you Michael for the guide especially the use of rpmbuild -bp
command. Following your advice, it turned out one of applied patches was
a duplicate which I removed it. I renamed the .desktop patch name to
.gdesklets-desktop to avoid duplicate which explained why the built
could not find gde
On 04/03/2012 02:26 PM, Kamil Paral wrote:
> I was quite depressed how hard it can be for a layman to find a way to
> install Fedora from LiveCD environment.
On a more general note it would be nice to stream-line the experience from web
to installation.
Most of the hard parts are done, just a fe
We are going to re-schedule this outage for a later date.
We would like to finish additional testing to make sure our new setup
is robust and ready for service.
Probibly later this week or early next week.
Sorry for any inconvenience.
kevin
--
On Thu, 5 Apr 2012 10:29:46 -0600
Kevin Fenzi wro
On Mon, Apr 09, 2012 at 04:55:27PM -0400, Daniel J Walsh wrote:
> And guess what I use these tools, and I just execute setsebool deny_ptrace 0
> anytime I need to strace or debug an application, then I turn it back on when
> I am done.
Are we able to determine that strace or gdb have been explici
On 04/09/2012 04:11 PM, Przemek Klosowski wrote:
> On 04/09/2012 06:08 AM, Matej Cepl wrote:
>
>> Without getting into this discussion much, I would just note a bit of
>> shocking news for you ... I am afraid you are not an ordinary Fedora
>> user. If abrt/breakpad/etc. works as they should, the
On 04/09/2012 06:08 AM, Matej Cepl wrote:
Without getting into this discussion much, I would just note a bit of
shocking news for you ... I am afraid you are not an ordinary Fedora
user. If abrt/breakpad/etc. works as they should, then I don't think
majority of Fedora users have any reason why t
> nonamedotc gmail.com> writes:
>
> > Could someone please tell me why the install DVD for F17 is smaller
> > than
> > that for earlier releases. The install DVD is 2.3 GB whereas the
> > one for
> > F16, for example, is 3.5 GB. Thanks.
>
> AFAIK no one has completely figured this out yet. I not
John Reiser wrote:
> I reasonably require "gdb -p " (PTRACE_ATTACH) to work. If you want
> to protect "people", then figure out some way to protect them yet allow me
> to do my work on a usual multi-user system.
They have figured out a way: It's controlled by a boolean.
You can disable (or enabl
On 04/09/2012 07:58 AM, Daniel J Walsh wrote:
> As I have stated in the blogs, this would be sad, since the goal of this
> feature is to protect the people who would never execute gdb -p, don't even
> know what gdb is. IE The vast majority of computer users. So we will make
> the system insecure
On Mon, Apr 9, 2012 at 3:38 PM, Eric Paris wrote:
> On Mon, 2012-04-09 at 00:31 +0200, Kevin Kofler wrote:
>> It also
>> breaks crash reporters such as DrKonqi (for DrKonqi, we work around this by
>> disabling the flag in kde-runtime's %post script, but there are other
>> similar debuggers in upst
On Apr 9, 2012, at 7:54 AM, Germán A. Racca wrote:
>
> +10
>
> How to proceed in order to implement this in the LiveCD? It will be very
> helpful! Great idea!
Agreed. To have a script find all the parts and mount them, like DVD rescue
mode, would be great.
Chris Murphy
--
devel mailing list
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=810565
--- Comment #4 from Paul Howarth 2012-04-09 14:32:30 EDT ---
Rawhide will inherit an f17 build if and only if there has never be
On Apr 9, 2012, at 6:36 AM, Matthias Clasen wrote:
> I don't see how that would be hindered by autostarting the installer.
I definitely dislike the idea of installer autostart. I imagine my typical live
commentary with such a LiveCD as, "WTF?! I didn't ask for the g.d. installer to
f'n launch
On 04/09/2012 02:15 PM, Miloslav Trmač wrote:
> On Mon, Apr 9, 2012 at 4:58 PM, Daniel J Walsh wrote:
>> One suggestion I have heard is to turn the feature off if someone install
>> gdb like we do with DrKonji, which might be a better solution then
>> disabling by default.
> It would be very surpr
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=810868
Emmanuel Seyman changed:
What|Removed |Added
---
On Mon, Apr 9, 2012 at 4:58 PM, Daniel J Walsh wrote:
> One suggestion I have heard is to turn the feature off if someone install gdb
> like we do with DrKonji, which might be a better solution then disabling by
> default.
It would be very surprising if merely installing a package changed the
secu
2012/4/9 Daniel J Walsh
> On 04/09/2012 11:11 AM, Frank Ch. Eigler wrote:
> >
> > dwalsh wrote:
> >
> >> I thought I made this clear in my blogs and the feature page that I
> >> wanted this on deny_ptrace on by default. [...]
> >> https://fedoraproject.org/wiki/Features/SELinuxDenyPtrace
> >
> >
On Mon, Apr 9, 2012 at 12:44 PM, Jochen Schmitt wrote:
> On Mon, Apr 09, 2012 at 12:01:40PM -0500, Richard Shaw wrote:
>> Unfortunately upstream's CVS doesn't appear to have the version I
>> need. Perhaps the appended ".9" to the version is really from Debian
>> to keep it from going FTBFS.
>
> Wh
On Mon, Apr 09, 2012 at 12:01:40PM -0500, Richard Shaw wrote:
> Unfortunately upstream's CVS doesn't appear to have the version I
> need. Perhaps the appended ".9" to the version is really from Debian
> to keep it from going FTBFS.
When I take a look at
ftp://ftp.debian.org/debain/pool/main/z/zip
Richard Shaw wrote:
> Unfortunately upstream's CVS doesn't appear to have the version I
> need. Perhaps the appended ".9" to the version is really from Debian
> to keep it from going FTBFS.
Have you tried contacting the Debian maintainer?
--
devel mailing list
devel@lists.fedoraproject.org
https:
Summary of changes:
4ea2abb... Initial import (#810028) (*)
9307b81... Update to 3.03 which fixes incorrect-fsf-address, clarifies (*)
(*) This commit already existed in another branch; no separate mail sent
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-dev
On Mon, Apr 9, 2012 at 11:44 AM, Jochen Schmitt wrote:
> On Mon, Apr 09, 2012 at 11:06:34AM -0500, Richard Shaw wrote:
>> I have found an updated version and patches from Debian which is
>> version 0.1.5.9 which builds and works with my project but I can not
> find any reference to where that sou
The lightweight tag 'perl-Crypt-Primes-0.50-14.fc17' was created pointing to:
cc5374f... Spec clean-up
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/perl-deve
On Mon, Apr 09, 2012 at 11:06:34AM -0500, Richard Shaw wrote:
> I have found an updated version and patches from Debian which is
> version 0.1.5.9 which builds and works with my project but I can not
find any reference to where that source was obtained.
I have get a look on ftp.debian.org and rec
As for why we would package Mozilla extensions... that's easy.
System-wide installation. That way all users would have HTTPS
Everywhere or AdBlock Plus without them having to install it.
Russell Golden
Fedora Project Contributor
niveusl...@niveusluna.org
(972) 836-7128
--
"We are the Borg. Lower y
On Mon, Apr 09, 2012 at 04:06:59PM +0200, Jan Kratochvil wrote:
> On Sun, 08 Apr 2012 19:02:31 +0200, Mark Wielaard wrote:
> > I like the idea to disallow this for say firefox plugins or httpd cgi
> > scripts,
>
> Wouldn't it be better to package Mozilla plugins in Fedora so that they are
> truste
On Mon, 09 Apr 2012 17:56:06 +0200, Paul Wouters wrote:
> Only if you man the helpdesk for answering why users cannot install
> adblock in firefox.
Do you mean mozilla-adblockplus-1.3.10-4.fc16.noarch? And if it is so wanted
feature let it be installed in default Fedora installation and nobody wil
I'm working on package zipios++ as a dependency for another project.
The sourceforge page seems pretty much defunct and the latest source
download there is version 0.1.5 which is FTBFS.
I have found an updated version and patches from Debian which is
version 0.1.5.9 which builds and works with my
On Mon, 9 Apr 2012, Jan Kratochvil wrote:
Wouldn't it be better to package Mozilla plugins in Fedora so that they are
trusted? And then disable Firefox plugins downloads
Only if you man the helpdesk for answering why users cannot install
adblock in firefox.
You cannot take extension addition
Hi,
2012/4/5 Robyn Bergeron :
> At the Go/No-Go meeting it was decided to slip the Beta by an additional
> week[1]. Minutes follow below.
>
> Though the QA team was able to get through all validation testing, it was
> found that preupgrade was not functioning at an acceptable level, thus
> becomin
On 04/09/2012 11:11 AM, Frank Ch. Eigler wrote:
>
> dwalsh wrote:
>
>> I thought I made this clear in my blogs and the feature page that I
>> wanted this on deny_ptrace on by default. [...]
>> https://fedoraproject.org/wiki/Features/SELinuxDenyPtrace
>
> The version of this page that you last e
dwalsh wrote:
> I thought I made this clear in my blogs and the feature page that I wanted
> this on deny_ptrace on by default.
> [...]
> https://fedoraproject.org/wiki/Features/SELinuxDenyPtrace
The version of this page that you last edited [1] (and presumably
as seen by FESCO) had this blurb:
I thought I made this clear in my blogs and the feature page that I wanted
this on deny_ptrace on by default.
http://danwalsh.livejournal.com/49336.html
https://fedoraproject.org/wiki/Features/SELinuxDenyPtrace
http://danwalsh.livejournal.com/49564.html
Even on You Tube.
https://www.youtube.com/
On Mon, 09 Apr 2012 16:28:23 +0200, "Jóhann B. Guðmundsson" wrote:
> Is not upstream, Mozilla in this case, Gnome for shell extensions,
> Google for Androids apps. etc responsible for conducting security
> auditing on extensions/addons they host/provide upstream?
One could automatically trust in F
On 04/09/2012 02:06 PM, Jan Kratochvil wrote:
Wouldn't it be better to package Mozilla plugins in Fedora so that they are
trusted? And then disable Firefox plugins downloads the same way as there is
Firefox updater disabled (--disable-updater) as it would conflict/duplicate
the rpm packaging of
On Sun, 08 Apr 2012 19:02:31 +0200, Mark Wielaard wrote:
> I like the idea to disallow this for say firefox plugins or httpd cgi
> scripts,
Wouldn't it be better to package Mozilla plugins in Fedora so that they are
trusted? And then disable Firefox plugins downloads the same way as there is
Fire
On 04/05/2012 09:43 AM, Kevin Kofler wrote:
Bryn M. Reeves wrote:
Detecting and mounting the file systems is straightforward and that's
what anaconda does. I read the request as wanting to also make the
live environment chroot into the detected sysimage and start the
system up interactively from
On Mon, 2012-04-09 at 00:31 +0200, Kevin Kofler wrote:
> It also
> breaks crash reporters such as DrKonqi (for DrKonqi, we work around this by
> disabling the flag in kde-runtime's %post script, but there are other
> similar debuggers in upstream software, some not packaged in Fedora)
I ask in
On Sun, Apr 08, 2012 at 07:02:31PM +0200, Mark Wielaard wrote:
> Previously https://fedoraproject.org/wiki/Features/SELinuxDenyPtrace
> implied that this feature could be turned on by an administrator,
> but recently it was changed to be on by default. Was that intended?
> The change to selinux-po
On Wed, 2012-04-04 at 00:17 +, Ben Boeckel wrote:
> On Tue, Apr 03, 2012 at 17:54:46 GMT, Chris Adams wrote:
> > Once upon a time, Matthias Clasen said:
> >> That really depends on what use cases we see for our live cds. In my
> >> view, there's really only two:
> >>
> >> The primary use for
On Sun, Apr 8, 2012 at 6:25 PM, Kevin Kofler wrote:
> Björn Persson wrote:
>> So what it boils down to is that you wish you didn't have to wait for the
>> build to complete in Koji before you submit the update in Bodhi
>
> Not really, because I have no idea whether it will build in the first place
Matej Cepl wrote:
> On 9.4.2012 00:31, Kevin Kofler wrote:
>> +1, this broken misfeature really needs to be turned off by default. It
>> also breaks crash reporters such as DrKonqi (for DrKonqi, we work around
>> this by
>
> OK, this is bad ... is it just because somebody ignored DrKonqi (which
>
On Mon, Apr 09, 2012 at 12:20:20PM +0800, Cong Wang wrote:
> On Thu, 2012-04-05 at 07:19 -0400, Neil Horman wrote:
> > On Thu, Apr 05, 2012 at 05:28:10PM +0800, Dave Young wrote:
> > >
> > > Amerigo, we go and return to same point which I asked Neil before.
> > >
> > > Are you a sponsor? can you
On 9.4.2012 00:31, Kevin Kofler wrote:
+1, this broken misfeature really needs to be turned off by default. It also
breaks crash reporters such as DrKonqi (for DrKonqi, we work around this by
OK, this is bad ... is it just because somebody ignored DrKonqi (which
would be very bad indeed) or ar
On 8.4.2012 22:50, Tom Lane wrote:
And, as I said, the alternative is that this gets turned off, by me
and probably a very large fraction of other Fedora users.
Without getting into this discussion much, I would just note a bit of
shocking news for you ... I am afraid you are not an ordinary F
On 04/09/2012 04:55 PM, Nikola Pajkovsky wrote:
> Dave Young writes:
>
>> On 04/09/2012 10:58 AM, Dave Young wrote:
>>
>>> On 04/08/2012 10:54 PM, Nikola Pajkovsky wrote:
>>>
Dave Young writes:
> Hi,
>
> When I testing kdump, the vmcore is successfully captured in
> /s
Dave Young writes:
> On 04/09/2012 10:58 AM, Dave Young wrote:
>
>> On 04/08/2012 10:54 PM, Nikola Pajkovsky wrote:
>>
>>> Dave Young writes:
>>>
Hi,
When I testing kdump, the vmcore is successfully captured in
/sysroot/var/crash which is the /var/crash in rootfs. But after
66 matches
Mail list logo
