On Fri, Mar 29, 2013 at 10:43 PM, Richard W.M. Jones wrote:
>
> On Fri, Mar 29, 2013 at 10:08:37PM +0530, Dhiru Kholia wrote:
> > 1. Hardening flags should be turned on (by default) for all packages
> > which are at comparatively more risk of being exploited or which meet
> > some well-defined cri
Il 30/03/2013 01:16, Carl Byington ha scritto:
I am working on packaging logstash
http://www.logstash.net/
but the build procedure described here
https://github.com/logstash/logstash/wiki/
Building-and-running-logstash-from-source
seems to be incompatible with Fedora packaging. How do other j
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I am working on packaging logstash
http://www.logstash.net/
but the build procedure described here
https://github.com/logstash/logstash/wiki/
Building-and-running-logstash-from-source
seems to be incompatible with Fedora packaging. How do other jru
On Fri, Mar 29, 2013 at 3:01 PM, Petr Pisar wrote:
> On 2013-03-29, Tomas Mraz wrote:
> Basically yes. It's call for semantically separeted API identifier. Now
> you have NEVRA string:
>
> Where we have API? Nowhere because Fedora assumes only one version of
> a package. API should work like Arc
On Fri, Mar 29, 2013 at 05:13:33PM +, Richard W.M. Jones wrote:
> On Fri, Mar 29, 2013 at 10:08:37PM +0530, Dhiru Kholia wrote:
> > Hi,
> >
> > This proposal was originally at https://fedorahosted.org/fesco/ticket/1104
> >
> > (mitr asked me to move the discussion to fedora-devel to get more
On 03/29/2013, Reindl Harald wrote:
>> -fPIE code is larger and takes longer to execute. The cost varies from
>> minimal (< 2%) in many cases to 10% or more for "non-dynamic" arrays on i686
>
> i686 becomes more or less dead
>
> there could be made a difference in SPEC-files to in border
> case
On Fri, Mar 29, 2013 at 10:33 AM, Bohuslav Kabrda wrote:
> Just a quick note:
> Correct me if I'm wrong, but it seems to me that you (and some other
> people) don't distinguish between tooling for accommodating multiple
> versions of packages and actually supporting these packages.
> To me, these
On Fri, Mar 29, 2013 at 11:02 AM, Tomas Mraz wrote:
> > Here is a long list of technical reasons why your desire to have all
> > the parallel installable versions of "foo" called "foo" is not going to
> > work.
>
> I can imagine only one reason for this desire - so that the user can do
> just "y
>>> This is what I am taking about:
>>>
>>> http://www.devconf.cz/slides/mls-pkgmgmt2.pdf
>>> http://www.youtube.com/watch?v=FNwNF19oFqM
The most interesting parts of the presentation IMHO are :
1. the acknowledgement that sometimes, you really need operators such as
AND and OR to express some co
Le Ven 29 mars 2013 01:38, juanmabc a écrit :
> Both are the same package, only changes major version, if from the start
> multiversion would have been integrated, nobody would have think about it
> another way.
I fear you're under the illusion the dearth of multiversion packages in
Fedora is du
Hello,
On Fri, Mar 29, 2013 at 5:38 PM, Dhiru Kholia wrote:
> http://fedoraproject.org/wiki/Hardened_Packages page mentions
> that "FESCo requires some packages to use PIE and relro hardening by
> default."
>
> It would be great if this list could be expanded to include even more
> packages which
Hi there!
Similarly to my colleague, Mr Kruska, I, too, study Masaryk University in Brno,
currently pursuing a bachelor's degree in computer science, and I, too, have
recently joined Red Hat as an Associate Software Engineer in the Base OS team
and as such I'll try my best to help you guys with
CC to the users list because this is a interesting topic at all
Am 29.03.2013 18:48, schrieb John Reiser:
>> Thinking from a security perspective, I find "Hardening flags can only
>> be disabled for other packages at the maintainer's discretion provided
>> enough justification is given to FESCo" t
Dhiru Kholia wrote:
> 1. Hardening flags should be turned on (by default) for all packages
> which are at comparatively more risk of being exploited or which meet
> some well-defined criteria (suggestions welcome).
Such criteria exist and are documented one click away from the page you
linked to:
On Fri, 29 Mar 2013 14:40:35 +0100
Jan Zelený wrote:
> > > This is very valid concern. However I'm not sure it's something
> > > that can be solved just by the multiversion support in rpm/yum,
> > > there are more pieces here to be put together.
> > >
> > > My first impression of this is that so
On Fri, 29 Mar 2013 14:42:14 +0100
Jan Zelený wrote:
> On 29. 3. 2013 at 13:22:40, Petr Pisar wrote:
> > On 2013-03-29, Jan Zelený wrote:
> > > In this case we proposed another solution which was turned down
> > > (I'm not sure exactly why):
> > >
> > > Each package requiring multiversion suppo
commit 78bbdebd7415d84273134f824d06748f7da9ffe7
Author: Miro Hrončok
Date: Fri Mar 29 19:07:24 2013 +0100
Downgraded perl(Match::CLipper) also as BR
slic3r.spec |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/slic3r.spec b/slic3r.spec
index 9221b51..5484f89 10
On Fri, 29 Mar 2013 14:01:29 + (UTC)
Petr Pisar wrote:
>
> What's Architecture good for? To allow multilib. To install more
> instances of the same version. And yum ignores Architecture on
> purpose. But don't tell anybody that. Otherwise he could not claim we
> do not implement parallel ins
commit 7e6ad55132830d6029785d026cb5abc73e635890
Author: Miro Hrončok
Date: Fri Mar 29 18:48:22 2013 +0100
Downgraded Slic3r to 0.9.7
Slic3r 0.9.8 needs perl-Match-Clipper >= 1.17,
but that is not available in Fedora 17.
slic3r-datadir.patch| 27 +
On 03/29/2013 09:38 AM, Dhiru Kholia wrote:
> Lot of network daemons are already using PIE and RELRO (e.g. httpd,
> MariaDB). So a natural question is why packages in same "network
> daemons" class like PostgreSQL, Dovecot and MongoDB aren't being
> hardened?
> Some of the ways to implement this p
Broken upgrade path report for tags f19 -> f20:
NetworkManager:
f19 > f20 (1:NetworkManager-0.9.8.1-1.git20130327.fc19
1:NetworkManager-0.9.8.0-1.fc19)
a2ps:
f19 > f20 (a2ps-4.14-18.fc19 a2ps-4.14-17.fc19)
bandwidthd:
f19 > f20 (bandwidthd-2.0.1-22.fc19 bandwidthd-2.0.1-21.fc19)
bin
On Fri, Mar 29, 2013 at 10:08:37PM +0530, Dhiru Kholia wrote:
> Hi,
>
> This proposal was originally at https://fedorahosted.org/fesco/ticket/1104
>
> (mitr asked me to move the discussion to fedora-devel to get more
> attention and feedback)
>
> ...
>
> http://fedoraproject.org/wiki/Hardened_P
Hi,
This proposal was originally at https://fedorahosted.org/fesco/ticket/1104
(mitr asked me to move the discussion to fedora-devel to get more
attention and feedback)
...
http://fedoraproject.org/wiki/Hardened_Packages page mentions
that "FESCo requires some packages to use PIE and relro hard
Am 29.03.2013 10:29, schrieb Vít Ondruch:
> http://www.devconf.cz/slides/mls-pkgmgmt2.pdf
> http://www.youtube.com/watch?v=FNwNF19oFqM
>
> They are using far more advanced techniques using RPM.
>
> Yes, I am aware that it is slightly of-topic, but that was generic remark.
> The point is, they a
The mchange-commons and c3p0 packages have changed from:
LGPLv2
to a dual licence:
LGPLv2 or EPL
--
Mat Booth
http://fedoraproject.org/get-fedora
___
devel-announce mailing list
devel-annou...@lists.fedoraproject.org
https://admin.fedoraproject.org/m
On Fri, Mar 29, 2013 at 10:51 AM, Eduardo Jorge
wrote:
> It's very important to update gnuchess to version 6.0.3 and xboard
> to version 4.7.0 in Rawhide. These are packages from GNU and they use
> artificial intelligence and they are include in Fedora Spin Gamaes.
> Thank you!
>
> Hav
It's very important to update gnuchess to version 6.0.3 and xboard to
version 4.7.0 in Rawhide. These are packages from GNU and they use
artificial intelligence and they are include in Fedora Spin Gamaes.
Thank you!
Eduardo Jorge
bonvivan150...@gmail.com
--
devel mailin
Dne 29.3.2013 15:51, Jan Zelený napsal(a):
On 29. 3. 2013 at 14:38:49, Vít Ondruch wrote:
Dne 29.3.2013 13:28, Jan Zelený napsal(a):
But the point I was making is that the technical solution of multiversion
packaging has a potential to bring such a mess in spec files that they
become unmaintana
Hi everyone,
I've just submitted my first package so here is some basic
info about myself.
I am student of Masaryk University in Brno, currently
studying for my master's degree. As you might see from
my email address I've been recently hired into Red Hat
(BaseOS team) as an associate software
On 29. 3. 2013 at 14:38:49, Vít Ondruch wrote:
> Dne 29.3.2013 13:28, Jan Zelený napsal(a):
> > But the point I was making is that the technical solution of multiversion
> > packaging has a potential to bring such a mess in spec files that they
> > become unmaintanable and therefore the solution wo
On 2013-03-29, Frantisek Kluknavsky wrote:
> What is the right course of action expected from every affected
> packager? Add autoreconf -vfi and defer contacting upstream until we
> are competent?
If a package uses autotools and bundles old config.sub/guess which does
not support aarch64, then th
Dne 29.3.2013 14:42, Jan Zelený napsal(a):
On 29. 3. 2013 at 10:29:01, Vít Ondruch wrote:
Dne 29.3.2013 02:09, Michael Scherer napsal(a):
Le jeudi 28 mars 2013 à 17:45 +0100, Vít Ondruch a écrit :
If this problem was put first time on the table in 2002,
then there already passed 10 years of ex
On 2013-03-29, Tomas Mraz wrote:
>
> I can imagine only one reason for this desire - so that the user can do
> just "yum install foo" when he just wants the latest version of "foo".
>
Basically yes. It's call for semantically separeted API identifier. Now
you have NEVRA string:
What's Name good f
On Fri, Mar 29, 2013 at 4:22 AM, Peter Robinson wrote:
> A few days. We ultimately do have some false positives but they are
> very few and far between.
>
You also have some false negatives. In my case, the cmusphinx3 and
sphinxtrain packages need fixing, but no bugs were filed for them. (I'm
f
On 29. 3. 2013 at 10:29:01, Vít Ondruch wrote:
> Dne 29.3.2013 02:09, Michael Scherer napsal(a):
> > Le jeudi 28 mars 2013 à 17:45 +0100, Vít Ondruch a écrit :
> >> If this problem was put first time on the table in 2002,
> >> then there already passed 10 years of excuses.
> >
> > Or that in 10 ye
On 29. 3. 2013 at 13:22:40, Petr Pisar wrote:
> On 2013-03-29, Jan Zelený wrote:
> > In this case we proposed another solution which was turned down (I'm not
> > sure exactly why):
> >
> > Each package requiring multiversion support would have all these
> > versions almost the same as they are ri
- Original Message -
> From: "Susi Lehtola"
> To: "Development discussions related to Fedora"
>
> Sent: Friday, March 29, 2013 3:15:31 PM
> Subject: Help with java problem: ant vs eclipse
>
> Hi,
>
>
> I'm trying to update JMol to the version 13 series, but this requires
> the introdu
Dne 29.3.2013 13:28, Jan Zelený napsal(a):
But the point I was making is that the technical solution of multiversion
packaging has a potential to bring such a mess in spec files that they become
unmaintanable and therefore the solution would be practically useless.
Any example here? Could you s
On 29. 3. 2013 at 12:55:54, Petr Pisar wrote:
> On 2013-03-28, Jan Zelený wrote:
> > On 28. 3. 2013 at 13:31:07, Petr Pisar wrote:
> >> E.g. this post has been sent to an hour ago:
> >> > Subject: Re: [Icecast-dev] Packages of icecast 2.4-beta?
> >> >
> >> > > At Sourcefabric we are testing Opus
On 29. 3. 2013 at 13:48:21, Jan Zelený wrote:
> On 29. 3. 2013 at 12:37:18, Richard W.M. Jones wrote:
> > On Fri, Mar 29, 2013 at 01:15:53PM +0100, Jan Zelený wrote:
> > > Example:
> > > python-3.2.3-7.fc17 (metapackage)
> > > python2-2.7.3-7.2.fc17
> > > python3-3.2.3-7.fc17
> > >
> > > Met
On 2013-03-29, Jan Zelený wrote:
> In this case we proposed another solution which was turned down (I'm not sure
> exactly why):
>
> Each package requiring multiversion support would have all these
> versions almost the same as they are right now. The only difference
> would be that there is a me
Hi,
I'm trying to update JMol to the version 13 series, but this requires
the introducion of a couple other packages in Fedora. However, I've run
into problems with jspecview [1] - for some reason I can't get it to
build a proper jar file, some classes always end up missing.
This is a rather odd
On 2013-03-28, Jan Zelený wrote:
> On 28. 3. 2013 at 13:31:07, Petr Pisar wrote:
>> E.g. this post has been sent to an hour ago:
>> > Subject: Re: [Icecast-dev] Packages of icecast 2.4-beta?
>> >
>> > > At Sourcefabric we are testing Opus streams from the Airtime
>> > > broadcast automation syst
On 29. 3. 2013 at 12:37:18, Richard W.M. Jones wrote:
> On Fri, Mar 29, 2013 at 01:15:53PM +0100, Jan Zelený wrote:
> > Example:
> > python-3.2.3-7.fc17 (metapackage)
> > python2-2.7.3-7.2.fc17
> > python3-3.2.3-7.fc17
> >
> > Metapackage "python" could be pointing to whatever version the ma
On Fri, Mar 29, 2013 at 02:09:20AM +0100, Michael Scherer wrote:
> If I am not wrong, on debian, you can have 1 single source package that
> by magic could generate multiple packages for multiple runtimes ( for
> example, for python ). The issue of having multiple stack remain ( ie, 2
> stack just
On Fri, Mar 29, 2013 at 01:15:53PM +0100, Jan Zelený wrote:
> Example:
> python-3.2.3-7.fc17 (metapackage)
> python2-2.7.3-7.2.fc17
> python3-3.2.3-7.fc17
>
> Metapackage "python" could be pointing to whatever version the maintainer
> thinks is the best, obviously the version of the metapac
On 29. 3. 2013 at 05:33:59, Bohuslav Kabrda wrote:
> - Original Message -
>
> > On 28. 3. 2013 at 17:45:27, Vít Ondruch wrote:
> > > Dne 28.3.2013 17:13, seth vidal napsal(a):
> > > > On Thu, 28 Mar 2013 16:36:27 +0100
> > > >
> > > > Vít Ondruch wrote:
> > > >>
> > > >> Ah, are we goin
On 29. 3. 2013 at 11:02:11, Tomas Mraz wrote:
> On Thu, 2013-03-28 at 14:43 -0400, James Antill wrote:
> > On Thu, 2013-03-28 at 13:53 +0100, Vít Ondruch wrote:
> > > Dne 28.3.2013 13:30, Jan Zelený napsal(a):
> > > > On 28. 3. 2013 at 12:59:44, Vít Ondruch wrote:
> > > >> Dne 28.3.2013 12:09, Flor
On 03/28/2013 02:43 PM, Kalev Lember wrote:
> On 28/03/13 14:29, Fedora Branched Report wrote:
>> Compose started at Thu Mar 28 09:15:18 UTC 2013
>
>
>
>> [denemo]
>> denemo-0.9.4-0.fc18.i686 requires libgtksourceview-3.0.so.0
>
> I have fixed up the rest of the gtksourceview broken deps,
On 03/29/2013 11:22 AM, Peter Robinson wrote:
What was the package?
GMP with configure 2.69 (apparently). Autoreconf -fi in use for a long time.
Thank you for the confirmation. What is the right course of action
expected from every affected packager? Add autoreconf -vfi and defer
contacting u
On Fri, Mar 29, 2013 at 11:15:55AM +0200, Ville Skyttä wrote:
> On 2013-03-28 17:48, Richard W.M. Jones wrote:
> > Interestingly a bug *wasn't* filed for libguestfs-tools-c which has a
> > bash-completion script in /etc/bash_completion.d, so whatever script
> > the bug filer used must be wrong in s
On 03/29/2013 12:02 PM, Tomas Mraz wrote:
On Thu, 2013-03-28 at 14:43 -0400, James Antill wrote:
On Thu, 2013-03-28 at 13:53 +0100, Vít Ondruch wrote:
Dne 28.3.2013 13:30, Jan Zelený napsal(a):
On 28. 3. 2013 at 12:59:44, Vít Ondruch wrote:
Dne 28.3.2013 12:09, Florian Festi napsal(a):
This
On Fri, Mar 29, 2013 at 10:08 AM, Frantisek Kluknavsky
wrote:
> Hi,
>
> Please correct me if I am wrong:
> Packagers do not have any real possibility to build and test packages on
> aarch64.
No they do not.
> Arm-koji is 32-bit arm.
> Packagers (some/many) do not even know their packages are sup
Hi,
Please correct me if I am wrong:
Packagers do not have any real possibility to build and test packages on
aarch64.
Arm-koji is 32-bit arm.
Packagers (some/many) do not even know their packages are supposed to
work on aarch64.
I decided to believe the bug report and contacted upstream. It
On Thu, 2013-03-28 at 14:43 -0400, James Antill wrote:
> On Thu, 2013-03-28 at 13:53 +0100, Vít Ondruch wrote:
> > Dne 28.3.2013 13:30, Jan Zelený napsal(a):
> > > On 28. 3. 2013 at 12:59:44, Vít Ondruch wrote:
> > >> Dne 28.3.2013 12:09, Florian Festi napsal(a):
> > >>> This is done to make life
Dne 28.3.2013 19:43, James Antill napsal(a):
Dear James,
I just hear arguments why something not do. Could you please also come
with variant why to do something? Think positive about the issue? You
try to convince me that we are living in prefect world and RPM/YUM are
doing already everything
- Original Message -
> On 28. 3. 2013 at 17:45:27, Vít Ondruch wrote:
> > Dne 28.3.2013 17:13, seth vidal napsal(a):
> > > On Thu, 28 Mar 2013 16:36:27 +0100
> > >
> > > Vít Ondruch wrote:
> > >>
> > >> Ah, are we going to distribute this howtos instead of binary
> > >> RPM's
> > >> now?
Dne 29.3.2013 02:09, Michael Scherer napsal(a):
Le jeudi 28 mars 2013 à 17:45 +0100, Vít Ondruch a écrit :
If this problem was put first time on the table in 2002,
then there already passed 10 years of excuses.
Or that in 10 years, we didn't found a proper solution that was
sustainable.
It
On 2013-03-28 17:48, Richard W.M. Jones wrote:
> Interestingly a bug *wasn't* filed for libguestfs-tools-c which has a
> bash-completion script in /etc/bash_completion.d, so whatever script
> the bug filer used must be wrong in some way.
https://bugzilla.redhat.com/show_bug.cgi?id=922994#c2
--
d
On 28. 3. 2013 at 17:45:27, Vít Ondruch wrote:
> Dne 28.3.2013 17:13, seth vidal napsal(a):
> > On Thu, 28 Mar 2013 16:36:27 +0100
> >
> > Vít Ondruch wrote:
> >>
> >> Ah, are we going to distribute this howtos instead of binary RPM's
> >> now? It is 4 easy steps, everybody can handle it. May be
On Fri, Mar 29, 2013 at 1:56 AM, Adam Williamson wrote:
> On 28/03/13 06:09 PM, Jens Petersen wrote:
>>>
>>> [gnome-applets]
>>> [gnome-panel]
>>
>>
>> Have these not been blocked yet?
>
>
> And according to repoquery, it looks like panel obsoletes applets, and
> classic-session obsoletes panel. I
On Thu, Mar 28, 2013 at 6:52 AM, Jerome Glisse wrote:
> Looking for someone willing to review package needed for supporting
> HD7xxx GPU family in F19
>
> https://bugzilla.redhat.com/show_bug.cgi?id=927269
>
> Cheers,
> Jerome
> --
> devel mailing list
> devel@lists.fedoraproject.org
> https://adm
62 matches
Mail list logo
