Re: F21 Self Contained Change: Security Policy In The Installer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, Mar 14, 2014 at 04:25:48PM -0600, Chris Murphy wrote: > On Mar 14, 2014, at 1:06 PM, "Eric H. Christensen" > wrote: > > On Fri, Mar 14, 2014 at 06:59:18PM +, Matthew Garrett wrote: > >> On Fri, Mar 14, 2014 at 02:57:33PM -0400, Steve Gr

Re: F21 Self Contained Change: Security Policy In The Installer

On Fri, Mar 14, 2014 at 06:24:36PM -0400, Eric H. Christensen wrote: > On Fri, Mar 14, 2014 at 08:01:53PM +, Matthew Garrett wrote: > > If an incorrect choice means that the software the user wants to run > > won't run, that's going to be a problem for the user. And we presumably > > expect t

Re: F21 Self Contained Change: Security Policy In The Installer

On 14 March 2014 16:24, Eric H. Christensen wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On Fri, Mar 14, 2014 at 08:01:53PM +, Matthew Garrett wrote: > > On Fri, Mar 14, 2014 at 03:56:47PM -0400, Eric H. Christensen wrote: > > > On Fri, Mar 14, 2014 at 07:45:53PM +, Matth

Re: F21 Self Contained Change: Security Policy In The Installer

On Mar 14, 2014, at 1:06 PM, "Eric H. Christensen" wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On Fri, Mar 14, 2014 at 06:59:18PM +, Matthew Garrett wrote: >> On Fri, Mar 14, 2014 at 02:57:33PM -0400, Steve Grubb wrote: >>> On Friday, March 14, 2014 06:53:42 PM Matthew G

Re: F21 Self Contained Change: Security Policy In The Installer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, Mar 14, 2014 at 08:01:53PM +, Matthew Garrett wrote: > On Fri, Mar 14, 2014 at 03:56:47PM -0400, Eric H. Christensen wrote: > > On Fri, Mar 14, 2014 at 07:45:53PM +, Matthew Garrett wrote: > > > The failure mode of making the wrong ch

Configurable version of suexec in Debian but not Fedora?!

So a friend of mine has been wrangling with suexec trying to configure it for his needs, and he has become quite furious over the fact that suexec isn't configurable. Then he finds out that Debian actually has a version of suexec[1] that lets you use a conf file to configure suexec. My question is

Re: Help understanding Anaconda source - walk through needed.

Thanks for putting me right, will have to look into this properly. I was mainly looking at Anaconda and F20 for my HP DL140 G3 servers which there are problems with the video with. On 14 March 2014 01:05, Adam Williamson wrote: > On Thu, 2014-03-13 at 14:38 +, Aaron Gray wrote: >> Not sure ye

Re: F21 Self Contained Change: Security Policy In The Installer

On 14 March 2014 13:45, Matthew Garrett wrote: > On Fri, Mar 14, 2014 at 03:41:30PM -0400, Eric H. Christensen wrote: > > On Fri, Mar 14, 2014 at 07:31:55PM +, Matthew Garrett wrote: > > > How does the average user make an informed decision about whether an > > > available security policy is

Re: F21 Self Contained Change: Security Policy In The Installer

On Fri, Mar 14, 2014 at 03:56:47PM -0400, Eric H. Christensen wrote: > On Fri, Mar 14, 2014 at 07:45:53PM +, Matthew Garrett wrote: > > The failure mode of making the wrong choice regarding an encrypted > > partition or the default user being an administrator involves the system > > *continui

Re: F21 Self Contained Change: Security Policy In The Installer

Am 14.03.2014 20:51, schrieb Miloslav Trmač: > 2014-03-14 20:47 GMT+01:00 Reindl Harald >: > > why is only the average user relevant? > > how do usesers get "advanced"? > by notice things which sounds interesting, ignore them the > first time, use

Re: F21 Self Contained Change: Security Policy In The Installer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, Mar 14, 2014 at 07:45:53PM +, Matthew Garrett wrote: > On Fri, Mar 14, 2014 at 03:41:30PM -0400, Eric H. Christensen wrote: > > On Fri, Mar 14, 2014 at 07:31:55PM +, Matthew Garrett wrote: > > > How does the average user make an infor

Re: F21 Self Contained Change: Security Policy In The Installer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, Mar 14, 2014 at 08:51:08PM +0100, Miloslav Trmač wrote: > 2014-03-14 20:47 GMT+01:00 Reindl Harald : > > > why is only the average user relevant? > > > > how do usesers get "advanced"? > > by notice things which sounds interesting, ignore th

Re: F21 Self Contained Change: Security Policy In The Installer

2014-03-14 20:47 GMT+01:00 Reindl Harald : > why is only the average user relevant? > > how do usesers get "advanced"? > by notice things which sounds interesting, ignore them the > first time, use Google and doing the same again no longer > skip things > Offering the user to use one of the pre-d

Re: F21 Self Contained Change: Security Policy In The Installer

2014-03-14 20:41 GMT+01:00 Bill Nottingham : > Now take the general case of all interactive installs. If we accept that > the > end user, in general, does not have the expertise to decide on the details > of the security policy, how does exposing it in the installer in this way > help? You'd need

Re: F21 Self Contained Change: Security Policy In The Installer

Am 14.03.2014 20:31, schrieb Matthew Garrett: > On Fri, Mar 14, 2014 at 02:39:51PM -0400, Eric H. Christensen wrote: >> On Fri, Mar 14, 2014 at 03:00:20PM +, Matthew Garrett wrote: >>> If there's a default policy that would make sense for most workstation >>> users, we should just make that t

Re: F21 Self Contained Change: Security Policy In The Installer

On Fri, Mar 14, 2014 at 03:41:30PM -0400, Eric H. Christensen wrote: > On Fri, Mar 14, 2014 at 07:31:55PM +, Matthew Garrett wrote: > > How does the average user make an informed decision about whether an > > available security policy is appropriate for them? > > I guess we'll have to describ

Re: F21 Self Contained Change: Security Policy In The Installer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, Mar 14, 2014 at 07:31:55PM +, Matthew Garrett wrote: > On Fri, Mar 14, 2014 at 02:39:51PM -0400, Eric H. Christensen wrote: > > On Fri, Mar 14, 2014 at 03:00:20PM +, Matthew Garrett wrote: > > > If there's a default policy that would

Re: F21 Self Contained Change: Security Policy In The Installer

Miloslav Trmač (m...@volny.cz) said: > There are two ways to avoid this limitation and get better security: either > be a security expert or paranoid yourself (and in that case you don't need > anaconda's handholding), or have an expert (that you trust or have to > listen to) make an informed choi

Re: F21 Self Contained Change: Security Policy In The Installer

On Fri, Mar 14, 2014 at 03:06:06PM -0400, Eric H. Christensen wrote: > You're making an assumption that I wouldn't want my personal box to be > hardened at install or that the enterprise has an automated way of > doing a deployments. Why make it harder to use the operating system > when a simp

Re: F21 Self Contained Change: Security Policy In The Installer

On Fri, Mar 14, 2014 at 02:39:51PM -0400, Eric H. Christensen wrote: > On Fri, Mar 14, 2014 at 03:00:20PM +, Matthew Garrett wrote: > > If there's a default policy that would make sense for most workstation > > users, we should just make that the default. If there isn't, how are we > > going

Re: F21 Self Contained Change: Security Policy In The Installer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, Mar 14, 2014 at 06:59:18PM +, Matthew Garrett wrote: > On Fri, Mar 14, 2014 at 02:57:33PM -0400, Steve Grubb wrote: > > On Friday, March 14, 2014 06:53:42 PM Matthew Garrett wrote: > > > Having separate server, workstation and cloud produ

Re: F21 Self Contained Change: Security Policy In The Installer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, Mar 14, 2014 at 12:38:59PM -0400, Jan Lieskovsky wrote: > > On Fri, Mar 14, 2014 at 09:25:16AM -0400, Eric H. Christensen wrote: > > > > > I disagree with this assessment. The workstation is exactly where much of > > > these hardening needs

Re: F21 Self Contained Change: Security Policy In The Installer

On Fri, Mar 14, 2014 at 02:57:33PM -0400, Steve Grubb wrote: > On Friday, March 14, 2014 06:53:42 PM Matthew Garrett wrote: > > Having separate server, workstation and cloud products means we can > > apply separate defaults without requiring user interaction. Beyond that, > > why would an end user

Re: mate-desktop 1.8

On Fri, 14 Mar 2014 10:09:42 -0700 Dan Mashal wrote: > On Mar 14, 2014 7:52 AM, "Brian Millett" wrote: > > > > What is the prospect of getting mate 1.8 for fedora 20? > > Prospect is good. > > We're QAing on Rawhide at the moment. > > Dan > > Sent from my Google Nexus 5 I'm quivering with a

Re: F21 Self Contained Change: Security Policy In The Installer

On Friday, March 14, 2014 06:53:42 PM Matthew Garrett wrote: > On Fri, Mar 14, 2014 at 02:51:10PM -0400, Steve Grubb wrote: > > On Friday, March 14, 2014 03:00:20 PM Matthew Garrett wrote: > > > If there's a default policy that would make sense for most workstation > > > users, we should just make

Re: F21 Self Contained Change: Security Policy In The Installer

On Fri, Mar 14, 2014 at 02:51:10PM -0400, Steve Grubb wrote: > On Friday, March 14, 2014 03:00:20 PM Matthew Garrett wrote: > > If there's a default policy that would make sense for most workstation > > users, we should just make that the default. > > Right now there is just one policy. In there

Re: F21 Self Contained Change: Security Policy In The Installer

On Friday, March 14, 2014 03:00:20 PM Matthew Garrett wrote: > > I disagree with this assessment. The workstation is exactly where much of > > these hardening needs to take place. I can't see an installation that > > wouldn't benefit from this feature. > > If there's a default policy that would m

Re: F20: what connects the lid switch to triggering suspend?

On Fri, Mar 14, 2014 at 12:41 PM, Tomasz Torcz wrote: > systemd-inhibit --list > Fantastic info - Tomasz and Lennart. Thanks! m -- martin.langh...@gmail.com - ask interesting questions - don't get distracted with shiny stuff - working code first ~ http://docs.moodle.org/en/User:Martin

Re: F21 Self Contained Change: Security Policy In The Installer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, Mar 14, 2014 at 03:00:20PM +, Matthew Garrett wrote: > On Fri, Mar 14, 2014 at 09:25:16AM -0400, Eric H. Christensen wrote: > > > I disagree with this assessment. The workstation is exactly where much of > > these hardening needs to ta

Re: F21 Self Contained Change: Security Policy In The Installer

On Fri, Mar 14, 2014 at 12:38:59PM -0400, Jan Lieskovsky wrote: > I am afraid there isn't a default policy that would suit every possible > use case Fedora OS can be used at. Yes, there's something like "common > understanding / agreement" which technologies can be considered safe at > current lev

Re: F21 Self Contained Change: Security Policy In The Installer

2014-03-14 17:01 GMT+01:00 Jan Lieskovsky : > > Jan Lieskovsky (jlies...@redhat.com) said: > > > > I'm looking at this from a different angle. Do we, out of the box in > > anaconda, have a spoke for configuring SELinux policy specifics (or > > downloading new policies)? Do we, out of the box in a

Re: mate-desktop 1.8

On Mar 14, 2014 7:52 AM, "Brian Millett" wrote: > > What is the prospect of getting mate 1.8 for fedora 20? Prospect is good. We're QAing on Rawhide at the moment. Dan Sent from my Google Nexus 5 -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listi

Re: F21 Self Contained Change: Security Policy In The Installer

2014-03-14 16:03 GMT+01:00 Bill Nottingham : > I'm looking at this from a different angle. Do we, out of the box in > anaconda, have a spoke for configuring SELinux policy specifics (or > downloading new policies)? Do we, out of the box in anaconda, have a spoke > for setting the F21 crypto polic

Re: F20: what connects the lid switch to triggering suspend?

On Fri, Mar 14, 2014 at 11:38:31AM -0500, Dan Williams wrote: > > > > The lid switch is exposed as input device in Linux. logind opens that > > device and reacts on it. However it gives DEs the chance to inhibit > > this if they desire so. Gnome at least doesn't inhibit it perminantly > > though,

Re: F21 Self Contained Change: Security Policy In The Installer

> On Fri, Mar 14, 2014 at 09:25:16AM -0400, Eric H. Christensen wrote: > > > I disagree with this assessment. The workstation is exactly where much of > > these hardening needs to take place. I can't see an installation that > > wouldn't benefit from this feature. > > If there's a default polic

Re: F20: what connects the lid switch to triggering suspend?

On Fri, 2014-03-14 at 01:45 +0100, Lennart Poettering wrote: > On Thu, 13.03.14 18:07, Martin Langhoff (martin.langh...@gmail.com) wrote: > > > My Lenovo X220, running up-to-date F20 occasionally gets into a state where > > closing the laptop lid does not trigger suspend. > > > > I want to narrow

[Base] Fedora Base Design Working Group (2014-03-14) meeting minutes and logs

Main topics for today was meeting time & tech specs. On the topic of meeting time we agreed to keep the meeting at 15:00 UTC for now. For tech specs we did a quick 2nd review of the changes lately to Workstation and Server, but none of the changes there are critical for Base. Agreed to star

Re: F21 Self Contained Change: Security Policy In The Installer

On Fri, 2014-03-14 at 11:22 -0400, Jan Lieskovsky wrote: > > On Fri, Mar 14, 2014 at 06:25:03AM -0400, Jan Lieskovsky wrote: > > > > > One hypothetical [*] scenario coming to my mind being the users might be > > > willing to provide customized policy content to Fedora installation. Let's > > > sup

[Bug 1076558] perl-DateTime-1.08 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1076558 Paul Howarth changed: What|Removed |Added Status|NEW |CLOSED CC|

Re: F21 Self Contained Change: Security Policy In The Installer

> Jan Lieskovsky (jlies...@redhat.com) said: > > > Is any Fedora 21 product targeted > > > mainly for enterprise deployment? > > > > The vice versa view. Rather effort to use security configuration, > > vulnerability and patch > > management also in Fedora product(s) (provide necessary tools to al

Re: F21 Self Contained Change: Security Policy In The Installer

> On Fri, Mar 14, 2014 at 06:25:03AM -0400, Jan Lieskovsky wrote: > > > One hypothetical [*] scenario coming to my mind being the users might be > > willing to provide customized policy content to Fedora installation. Let's > > suppose the case there is a SCAP content for vulnerability checking (a

[Bug 1076567] New: perl-Thread-Queue-3.04 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1076567 Bug ID: 1076567 Summary: perl-Thread-Queue-3.04 is available Product: Fedora Version: rawhide Component: perl-Thread-Queue Keywords: FutureFeature, Triaged Assignee: ppi...

Re: F21 Self Contained Change: Security Policy In The Installer

Jan Lieskovsky (jlies...@redhat.com) said: > > Is any Fedora 21 product targeted > > mainly for enterprise deployment? > > The vice versa view. Rather effort to use security configuration, > vulnerability and patch > management also in Fedora product(s) (provide necessary tools to allow it). >

Re: F21 Self Contained Change: Security Policy In The Installer

On Fri, Mar 14, 2014 at 09:25:16AM -0400, Eric H. Christensen wrote: > I disagree with this assessment. The workstation is exactly where much of > these hardening needs to take place. I can't see an installation that > wouldn't benefit from this feature. If there's a default policy that would

Re: F21 Self Contained Change: Security Policy In The Installer

On Fri, Mar 14, 2014 at 06:25:03AM -0400, Jan Lieskovsky wrote: > One hypothetical [*] scenario coming to my mind being the users might be > willing to provide customized policy content to Fedora installation. Let's > suppose the case there is a SCAP content for vulnerability checking (and > ensu

mate-desktop 1.8

What is the prospect of getting mate 1.8 for fedora 20? Thanks. -- Brian Millett "I can't see him through this encounter suit." 'Trust me, its better this way.' -- [ Alexander and Kyle (re: Kosh), "The Gathering"] -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraprojec

Re: F21 Self Contained Change: Security Policy In The Installer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, Mar 14, 2014 at 05:05:28AM -0400, Jaroslav Reznik wrote: > - Original Message - > > > > > > Existing NIST and Red Hat documentation on OpenSCAP says that it's for > > enterprise-level Linux infrastructure. Is any Fedora 21 product t

Re: F21 Self Contained Change: Security Policy In The Installer

> - Original Message - > > > > > > Existing NIST and Red Hat documentation on OpenSCAP says that it's for > > enterprise-level Linux infrastructure. Is any Fedora 21 product targeted > > mainly for enterprise deployment? Is OpenSCAP being retargeted for general > > purpose level infrastru

Re: F21 Self Contained Change: Security Policy In The Installer

> Existing NIST and Red Hat documentation on OpenSCAP says that it's for > enterprise-level Linux infrastructure. The possibilities of SCAP protocol: [1] http://scap.nist.gov/ [2] http://csrc.nist.gov/publications/nistpubs/800-126-rev2/SP800-126r2.pdf [3] http://en.wikipedia.org/wiki/Securit

Re: F21 Self Contained Change: Security Policy In The Installer

> On Thu, Mar 13, 2014 at 02:45:58PM -0400, Jan Lieskovsky wrote: > > > The demos seem to cover the case where there's already data provided > > > from the Kickstart file. What options are presented to the user if > > > there's no oscap entry in Kickstart? Is the user expected to provide a > > > pa

Re: python packages versus pydoc -k

On 03/14/2014 08:05 AM, Bohuslav Kabrda wrote: > - Original Message - >> Sorry, I should have tried pdb first, because this one has nothing to do >> with rpm-python. I can see modname='PyQt4.uic.pyuic', and prior to the >> exception site is a line 'loader = importer.find_module(modname)',

Re: F21 Self Contained Change: Security Policy In The Installer

- Original Message - > > > Existing NIST and Red Hat documentation on OpenSCAP says that it's for > enterprise-level Linux infrastructure. Is any Fedora 21 product targeted > mainly for enterprise deployment? Is OpenSCAP being retargeted for general > purpose level infrastructure. If so,

Re: Retired update still showing in updates-testing

On 13 March 2014 20:01, Rex Dieter wrote: > Did you delete the bodhi updates too? If so, (in short), don't do that. > To tell the truth I don't remember, but I think I did. So updates that are retired should be left as they are without deleting them so they still appear listed in Bodhi? Is thi

Re: Retired update still showing in updates-testing

On 14 March 2014 00:00, Jon wrote: > Done! > > $ koji untag-build --force f19-updates-testing > guacamole-client-0.8.3-5.fc19 > $ koji untag-build --force f20-updates-testing > guacamole-client-0.8.3-5.fc20 > Thanks, --Simone -- You cannot discover new oceans unless you have the courage to lo

Re: python packages versus pydoc -k

- Original Message - > Sorry, I should have tried pdb first, because this one has nothing to do > with rpm-python. I can see modname='PyQt4.uic.pyuic', and prior to the > exception site is a line 'loader = importer.find_module(modname)', which > is where the None came from. I can confirm