Re: F21 System Wide Change: Default Local DNS Resolver

On tis, 2014-04-29 at 11:24 -0400, Simo Sorce wrote: > On Tue, 2014-04-29 at 17:15 +0200, Alexander Larsson wrote: > > On tis, 2014-04-29 at 14:15 +0200, Jaroslav Reznik wrote: > > > = Proposed System Wide Change: Default Local DNS Resolver = > > > https://fedoraproject.org/wiki/Changes/Default_L

Re: F21 System Wide Change: Default Local DNS Resolver

> On Wednesday, 30 April 2014 3:18 AM, Al Dunsmuir wrote: > On my home LAN, I run my own DNSSEC-enabled server using F20 & bind 9. > This local server also is my DHCP and Samba server. As usual, dynamic > clients receive the LAN local domain ID and DNS server ID > automatically. >  > How

python-nose-progressive changed license: GPL to MIT

In its latest bug fix release (1.5.1), python-nose-progressive was relicensed from GPL to MIT. This version is now in rawhide: http://koji.fedoraproject.org/koji/buildinfo?buildID=514208 I will push updates for F19 and F20 soon. Since this is a leaf package and it has a changed to a more permis

Re: fedora-atomic discussion point: /usr/lib/passwd

On Mon, 2014-04-28 at 18:50 +, Colin Walters wrote: > On Mon, Apr 28, 2014 at 1:39 PM, Simo Sorce wrote: > > > > We can do that with SSSD, which we are planning to take over all users > > (though it will leave /etc/passwd on the system for emergency repair > > and > > backward compatibility)

Five Things in Fedora This Week (2014-04-29)

Reposted from http://fedoramagazine.org/five-things-in-fedora-this-week-2014-04-29/ Fedora is a big project, and it’s hard to follow it all. This series highlights interesting happenings in five different areas every week. It isn’t comprehensive news coverage — just quick summaries with links to e

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

On Tue, Apr 29, 2014 at 11:09 PM, Reindl Harald wrote: > > > Am 29.04.2014 23:00, schrieb Chris Adams: >> Once upon a time, Reindl Harald said: >>> google as example for CVE-2014-0038 and as i already explained >>> you: a attacker has no shell, you have two ways to force a existing >>> local expl

Re: F21 System Wide Change: Wayland

On Tue, 2014-04-29 at 14:04 +0200, Jaroslav Reznik wrote: > GNOME is being ported to Wayland. In particular GNOME shell is changed to run > as a Wayland compositor instead of an X11 compositor. Does that mean that the shell will stop working on things like xrdp (which runs Xvnc behind the scenes)

Re: Copr and Playground plugin part of dnf-plugins-core?

On Mon, 2014-04-28 at 09:47 +0200, Miroslav Suchý wrote: > > The votes are equal (48% vs. 52%) so I forwarded it to Env&Stack WG, which is > probably more appropriate than FeSCo. We discussed the issue on today's Env and Stacks WG meeting [1] and agreed on the following: "The Env and Stacks WG'

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

Am 29.04.2014 23:33, schrieb Martin Langhoff: > On Tue, Apr 29, 2014 at 5:28 PM, Chris Adams: > > Once upon a time, Reindl Harald > however, thank you to show me that any discussion with you is worthless > > Right back at you. > > The CoC does say a few things on this topic follo

Re: F21 System Wide Change: Default Local DNS Resolver

On Tuesday 2014-04-29 at 14:15 +0200, Jaroslav Reznik wrote: > = Proposed System Wide Change: Default Local DNS Resolver = > https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver > > Change owner(s): P J P , Pavel Šimerda > , Tomas Hozza > > To install a local DNS resolver trust

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

Em 29-04-2014 18:27, Martin Langhoff escreveu: On Tue, Apr 29, 2014 at 5:12 PM, Reindl Harald mailto:h.rei...@thelounge.net>> wrote: defense in depth means limit the attack surface as much as you can As folks are trying to point out to you, these principles are well understood in this grou

kernel packaging split up landing in Rawhide

Hi All, As part of the F21 "Modular Kernel Packaging for Cloud" Feature[1], I've committed and pushed the kernel packaging split up into kernel-core and kernel-drivers subpackages. For those of you running rawhide, this really shouldn't be a major impact at all. When you do a yum update, you wil

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

On Tue, Apr 29, 2014 at 5:28 PM, Chris Adams wrote: > Once upon a time, Reindl Harald said: > > however, thank you to show me that any discussion with you is worthless > > Right back at you. > The CoC does say a few things on this topic. I am finding Reindl's trollish behavior extremely annoyi

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

Once upon a time, Reindl Harald said: > however, thank you to show me that any discussion with you is worthless Right back at you. -- Chris Adams -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproj

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

On Tue, Apr 29, 2014 at 5:12 PM, Reindl Harald wrote: > defense in depth means limit the attack surface as much as you can > As folks are trying to point out to you, these principles are well understood in this group. However, _any minimally usable environment will have a scripting engine_ -- /b

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

Am 29.04.2014 23:20, schrieb Chris Adams: > Once upon a time, Reindl Harald said: >> defense in depth means limit the attack surface as much as you can > > No, because "as much as you can" is turn the system off and bury it in > concrete (with an armed guard). > > The goal is "as much as pract

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

Once upon a time, Reindl Harald said: > defense in depth means limit the attack surface as much as you can No, because "as much as you can" is turn the system off and bury it in concrete (with an armed guard). The goal is "as much as practical". Trying to remove things that are needed is not pr

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

Am 29.04.2014 23:09, schrieb Andrew Lutomirski: > If you want to go down that path, set up selinux to prevent execing > things that oughtn't to be execed. But trying to prevent exploits > from working by removing every possible helper from the path is a > losing proposition and is just not worth

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

On Tue, Apr 29, 2014 at 1:57 PM, Marcelo Ricardo Leitner wrote: > Em 29-04-2014 17:04, Andrew Lutomirski escreveu: > >> On Tue, Apr 29, 2014 at 12:48 PM, Reindl Harald >> wrote: >>> >>> >>> >>> Am 29.04.2014 21:36, schrieb Andrew Lutomirski: On Tue, Apr 29, 2014 at 12:33 PM, Reindl Hara

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

Am 29.04.2014 23:00, schrieb Chris Adams: > Once upon a time, Reindl Harald said: >> google as example for CVE-2014-0038 and as i already explained >> you: a attacker has no shell, you have two ways to force a existing >> local exploit by a web-application: >> >> A: try to get a complete script

Re: F21 System Wide Change: Default Local DNS Resolver

On Tue, Apr 29, 2014 at 12:41 PM, Matthew Miller wrote: > On Tue, Apr 29, 2014 at 09:29:00AM -0700, Andrew Lutomirski wrote: >> OTOH, it would be straightforward to write a tiny stub that forwards >> 127.0.0.1:53 to something outside the container. > > Is this tiny stub a process running inside th

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

Once upon a time, Reindl Harald said: > google as example for CVE-2014-0038 and as i already explained > you: a attacker has no shell, you have two ways to force a existing > local exploit by a web-application: > > A: try to get a complete script on the machine and execute it > B: find a very lik

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

Em 29-04-2014 17:04, Andrew Lutomirski escreveu: On Tue, Apr 29, 2014 at 12:48 PM, Reindl Harald wrote: Am 29.04.2014 21:36, schrieb Andrew Lutomirski: On Tue, Apr 29, 2014 at 12:33 PM, Reindl Harald wrote: simple example: * binary XYZ is vulerable for privilege escalation This makes no

Orphaning spectrum in Fedora

That’s spectrum1 which has been long dead upstream, and there is no further development in upstream (for spectrum2 which would be a replacement), so I don't want to drag it further. I’ll keep it in EPEL 5,6 and if any bug happens, I’ll patch it. Any takers? Yeah, I thought so Matěj --

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

On Tue, Apr 29, 2014 at 4:16 PM, Reindl Harald wrote: > > don't get me wrong but you are talking bullshit > Reindl, your SNR is way way high. Maybe try sending /less/ emails, concentrating in being clear and helpful? Don't worry, there is _always_ someone who's wrong on the internet. You can't a

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

Am 29.04.2014 22:22, schrieb Chris Adams: > Once upon a time, Reindl Harald said: >> don't get me wrong but you are talking bullshit > > Put up or shut up i shut when i say - not when you say https://www.google.com/search?q=local+root+exploit+CVE google as example for CVE-2014-0038 and as i a

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

Once upon a time, Reindl Harald said: > don't get me wrong but you are talking bullshit Put up or shut up. > you can't download whatever you like to do in any random situation > and excutue it like in a sehll - if you have only *one command* through > a web application you need to achieve that t

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

Am 29.04.2014 21:59, schrieb Chris Adams: > Once upon a time, Reindl Harald said: >> simple example: >> >> * binary XYZ is vulerable for privilege escalation > > A local, non-privileged binary cannot be "vulerable for privilege > escalation". If I can run a non-privileged binary to escalate, th

[389-devel] please review: Ticket 47777 - attribute uniqueness plugin fails when set as a chaining component

https://fedorahosted.org/389/ticket/4 https://fedorahosted.org/389/attachment/ticket/4/0001-Ticket-4-attribute-uniqueness-plugin-fails-when-.patch -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel

Re: F21 System Wide Change: Default Local DNS Resolver

- Original Message - > = Proposed System Wide Change: Default Local DNS Resolver = > https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver > > Change owner(s): P J P , Pavel Šimerda > , Tomas Hozza Ops, I was just pinged by Pavlix that the team planned this Change for F22

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

On Tue, Apr 29, 2014 at 12:48 PM, Reindl Harald wrote: > > > Am 29.04.2014 21:36, schrieb Andrew Lutomirski: >> On Tue, Apr 29, 2014 at 12:33 PM, Reindl Harald >> wrote: >>> simple example: >>> >>> * binary XYZ is vulerable for privilege escalation >> >> This makes no sense... > > for you > >>>

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

Once upon a time, Reindl Harald said: > simple example: > > * binary XYZ is vulerable for privilege escalation A local, non-privileged binary cannot be "vulerable for privilege escalation". If I can run a non-privileged binary to escalate, then there is a problem with some other part of the sys

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

Am 29.04.2014 21:31, schrieb Daniel J Walsh: > On 04/29/2014 03:17 PM, Chris Adams wrote: >> Once upon a time, Reindl Harald said: >>> wrong question - is /bin/sh used? >>> if the answer is yes then the anser to your question is no >>> >>> the point is remove anything *unneeded* from production

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

On Tue, Apr 29, 2014 at 03:31:45PM -0400, Daniel J Walsh wrote: > > On 04/29/2014 03:17 PM, Chris Adams wrote: > > Once upon a time, Reindl Harald said: > >> wrong question - is /bin/sh used? > >> if the answer is yes then the anser to your question is no > >> > >> the point is remove anything *u

EPEL Fedora 6 updates-testing report

The following Fedora EPEL 6 Security updates need testing: Age URL 737 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6 84 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0440/fwsnort-1.6.4-1.el6 79 https://admin.fedoraproject.org/updates/FED

EPEL Fedora 5 updates-testing report

The following Fedora EPEL 5 Security updates need testing: Age URL 737 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5 192 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.20.12-1.el5 72 https://admin.fedoraproject.org/updat

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

Am 29.04.2014 21:36, schrieb Andrew Lutomirski: > On Tue, Apr 29, 2014 at 12:33 PM, Reindl Harald > wrote: >> simple example: >> >> * binary XYZ is vulerable for privilege escalation > > This makes no sense... for you >> * we talk about a *local* exploit until now > > ...I don't even know w

Re: F21 System Wide Change: Default Local DNS Resolver

On Tue, Apr 29, 2014 at 09:29:00AM -0700, Andrew Lutomirski wrote: > OTOH, it would be straightforward to write a tiny stub that forwards > 127.0.0.1:53 to something outside the container. Is this tiny stub a process running inside the container? What starts that process? What about in the "single

Re: Firefox Gtk3 test package

Kẏra riseup.net> writes: > Martin Stransky redhat.com> writes: > > > How do you enable it? Can you file a BZ# for that at bugzilla.redhat.com? > > In about:config, set the browser.tabs.remote preference to 'true' > > More info here: https://wiki.mozilla.org/Electrolysis > > did you mean the m

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

On Tue, Apr 29, 2014 at 12:33 PM, Reindl Harald wrote: > simple example: > > * binary XYZ is vulerable for privilege escalation This makes no sense... > * we talk about a *local* exploit until now ...I don't even know what you're trying to say here... > * a bad configured webserver allows syst

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

Am 29.04.2014 21:17, schrieb Chris Adams: > Once upon a time, Reindl Harald said: >> wrong question - is /bin/sh used? >> if the answer is yes then the anser to your question is no >> >> the point is remove anything *unneeded* from production systems >> that are best practices for many years and

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

On 04/29/2014 03:17 PM, Chris Adams wrote: > Once upon a time, Reindl Harald said: >> wrong question - is /bin/sh used? >> if the answer is yes then the anser to your question is no >> >> the point is remove anything *unneeded* from production systems >> that are best practices for many years and

Re: F21 System Wide Change: Default Local DNS Resolver

On Tue, Apr 29, 2014 at 12:17 PM, P J P wrote: > Hi, > >> On Tuesday, 29 April 2014 10:08 PM, Andrew Lutomirski wrote: but the container itself runs in a network namespace, so it gets its own loopback device. This will mean 127.0.0.1:53 points to the container itself, not t

Re: F21 System Wide Change: Default Local DNS Resolver

  Hi, > On Tuesday, 29 April 2014 10:08 PM, Andrew Lutomirski wrote: >>> but the container itself runs in a network namespace, so it gets its own >>> loopback device. This will mean 127.0.0.1:53 points to the container itself, >>> not the host, so dns resolving in the container will not work.  

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

Once upon a time, Reindl Harald said: > wrong question - is /bin/sh used? > if the answer is yes then the anser to your question is no > > the point is remove anything *unneeded* from production systems > that are best practices for many years and for good reasons No, the point is that "remove a

Re: F21 System Wide Change: Wayland

On Tue, Apr 29, 2014 at 02:04:56PM +0200, Jaroslav Reznik wrote: > This change is targeted at F21. For F20, we aim for having an experimental > GNOME shell Wayland compositor available, without necessarily having all the > surrounding desktop infrastructure ported. To avoid destabilizing the X >

Re: F21 System Wide Change: Default Local DNS Resolver

> On Tuesday, 29 April 2014 9:29 PM, Paul Wouters wrote: > Note that FreeBSD also picked unbound recently for the exact same task.  True! -> http://www.freebsdnews.net/2013/09/20/freebsd-10s-new-technologies-and-features/ --- Regards    -Prasad http://feedmug.com -- devel mailing list devel@li

Re: F21 System Wide Change: Default Local DNS Resolver

   Hi, > On Tuesday, 29 April 2014 8:59 PM, Dan Williams wrote: > If NetworkManager is being used, users already don't touch resolv.conf, > they edit /etc/sysconfig/network-scripts/ifcfg-* files and use > DNS1/DNS2/DNS3 and SEARCHES to set DNS information.   Yes, true!   > If NetworkManager is n

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

Am 29.04.2014 20:51, schrieb Chris Adams: > Once upon a time, Marcelo Ricardo Leitner said: >> You're considering only the escalation way to do it, but there are >> other ways to exploit code laying around, like when some web pages >> don't sanitize the URL enough and end up allowing executing >>

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

Once upon a time, Marcelo Ricardo Leitner said: > You're considering only the escalation way to do it, but there are > other ways to exploit code laying around, like when some web pages > don't sanitize the URL enough and end up allowing executing > something in the system, much like sql injection

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

Em 29-04-2014 12:27, Lennart Poettering escreveu: On Tue, 29.04.14 10:37, Daniel J Walsh (dwa...@redhat.com) wrote: On 04/29/2014 06:33 AM, Lennart Poettering wrote: On Mon, 28.04.14 17:01, Daniel J Walsh (dwa...@redhat.com) wrote: The problem is lots of services require systemd because th

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

On Tue, 2014-04-29 at 18:14 +0200, Lennart Poettering wrote: > On Tue, 29.04.14 18:03, Alexander Larsson (al...@redhat.com) wrote: > > systemd => cryptsetup-libs => device-mapper-libs => device-mapper > > > > Don't have time to look up the details atm, but iptable was reached via > > initscripts s

Re: F21 Self Contained Change: LVM Cache Logical Volumes

On Tue, Apr 29, 2014 at 02:48:51PM +0200, Jaroslav Reznik wrote: > = Proposed Self Contained Change: LVM Cache Logical Volumes = > https://fedoraproject.org/wiki/Changes/Cache_Logical_Volumes > > Anaconda team signed as co-owners of this Change. > > The dracut team must provide boot support. If

Re: F21 System Wide Change: Default Local DNS Resolver

On Tue, Apr 29, 2014 at 8:18 AM, Chuck Anderson wrote: > On Tue, Apr 29, 2014 at 05:15:57PM +0200, Alexander Larsson wrote: >> On tis, 2014-04-29 at 14:15 +0200, Jaroslav Reznik wrote: >> > = Proposed System Wide Change: Default Local DNS Resolver = >> > https://fedoraproject.org/wiki/Changes/Def

local dns server and flushing negative cache

Looks like we will be able to flush the negative cache between networks in the next version of unbound. Paul ps. this is why I love unbound. Request a useful feature, get it :) -- Forwarded message -- Date: Tue, 29 Apr 2014 04:50:05 From: W.C.A. Wijngaards To: Paul Wouters Su

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

On Tue, 29.04.14 18:03, Alexander Larsson (al...@redhat.com) wrote: > On tis, 2014-04-29 at 17:40 +0200, Lennart Poettering wrote: > > On Tue, 29.04.14 16:58, Alexander Larsson (al...@redhat.com) wrote: > > > > > On tis, 2014-04-29 at 12:33 +0200, Lennart Poettering wrote: > > > > On Mon, 28.04.1

Re: F21 System Wide Change: Default Local DNS Resolver

On Tue, 2014-04-29 at 17:39 +0200, Petr Spacek wrote: > On 29.4.2014 17:27, Colin Walters wrote: > > [ Dropping devel-announce ] > > > > On Tue, Apr 29, 2014 at 11:15 AM, Alexander Larsson > > wrote: > >> > >> Not sure how to fix something like that though... > > > > I think in both cases (host a

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

On tis, 2014-04-29 at 17:40 +0200, Lennart Poettering wrote: > On Tue, 29.04.14 16:58, Alexander Larsson (al...@redhat.com) wrote: > > > On tis, 2014-04-29 at 12:33 +0200, Lennart Poettering wrote: > > > On Mon, 28.04.14 17:01, Daniel J Walsh (dwa...@redhat.com) wrote: > > > > > > > The problem

Re: EPEL Python 3.4 for 7

On Sat, Apr 26, 2014 at 09:13:12PM -0600, Orion Poplawski wrote: > On 04/26/2014 06:55 PM, Toshio Kuratomi wrote: > > > > On Apr 26, 2014 11:37 AM, "Orion Poplawski" > > wrote: > > > >> One interesting change from RHEL7 beta->rc is the dropping of libdb4 > >> which py

Re: F21 System Wide Change: Default Local DNS Resolver

On Tue, 29 Apr 2014, P J P wrote: Similarly, what do we tell users who used to edit /etc/resolv.conf to do in the new system?   We tell users to never edit the '/etc/resolv.conf' file and ensure that the local resolver is listening at 127.0.0.1:53. We should leave a comment in resolv.conf

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

On Tue, Apr 29, 2014 at 11:47 AM, Miloslav Trmač wrote: > 2014-04-29 17:40 GMT+02:00 Lennart Poettering : >> >> On Tue, 29.04.14 16:58, Alexander Larsson (al...@redhat.com) wrote: >> > Its around 15 megs or so, although on rhel7 its 20 megs larger because >> > of a dependency that kmod has on /usr

Re: F21 Self Contained Change: Docker Cloud Image

On Tue, Apr 29, 2014 at 10:01 AM, Miloslav Trmač wrote: Is anything needed for the potential os-tree -based updates system? Definitely! There's a short term and long term plan. Short term: * Run a separate set of server(s) to do "treecompose". Would require some basic level of integration

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

2014-04-29 17:40 GMT+02:00 Lennart Poettering : > On Tue, 29.04.14 16:58, Alexander Larsson (al...@redhat.com) wrote: > > Its around 15 megs or so, although on rhel7 its 20 megs larger because > > of a dependency that kmod has on /usr/bin/nm (binutils) that doesn't > > seem to be there on fedora k

Re: F21 Self Contained Change: Docker Cloud Image

On Tue, Apr 29, 2014 at 10:35:46AM -0500, Dennis Gilmore wrote: > > * Release engineering: N/A (not a System Wide Change) > Releng will be needed to make the docker images, and upload them where > they need to go, so this is not true Of course that is absolutely true. We should fix that in the fe

Re: EPEL Python 3.4 for 7

On Mon, Apr 28, 2014 at 01:45:52PM -0400, Aaron Knister wrote: > I think it's a little unrealistic to expect the vendor to namespace their > packages although it would be nice and probably the right thing to do. > If you buy from Red Hat, you should complain to them. That might have more effect th

Re: F21 Self Contained Change: Docker Cloud Image

On Tue, Apr 29, 2014 at 04:01:05PM +0200, Miloslav Trmač wrote: > > * Release engineering: N/A (not a System Wide Change) > Is anything needed for the potential os-tree -based updates system? Possibly. It depends on the exact implementation. > == Upgrade/compatibility impact == > Do the cloud-ini

Re: [RFC] plans for initscripts in F22

On Thu, Apr 24, 2014 at 04:38:07PM +0200, Lukáš Nykrýn wrote: > Network initscript. This will be probably the most controversial part. > In fedora 21 we will have three different tools for networking > (initscripts, NetworkManager and systemd-networkd) and all of them > will be installed by default

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

On Tue, 29.04.14 16:58, Alexander Larsson (al...@redhat.com) wrote: > On tis, 2014-04-29 at 12:33 +0200, Lennart Poettering wrote: > > On Mon, 28.04.14 17:01, Daniel J Walsh (dwa...@redhat.com) wrote: > > > > > The problem is lots of services require systemd because they ship a > > > unit file a

Re: F21 System Wide Change: Default Local DNS Resolver

On 29.4.2014 17:27, Colin Walters wrote: [ Dropping devel-announce ] On Tue, Apr 29, 2014 at 11:15 AM, Alexander Larsson wrote: Not sure how to fix something like that though... I think in both cases (host and container) it would be best if the local resolver offered a local-only API (e.g.

Re: F21 Self Contained Change: Docker Cloud Image

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 29 Apr 2014 14:35:55 +0200 Jaroslav Reznik wrote: > = Proposed Self Contained Change: Docker Cloud Image = > https://fedoraproject.org/wiki/Changes/Docker_Cloud_Image > > Change owner(s): Cloud SIG / Sandro Mathys > > New Fedora product: F

Re: F21 System Wide Change: Default Local DNS Resolver

2014-04-29 17:15 GMT+02:00 Alexander Larsson : > On tis, 2014-04-29 at 14:15 +0200, Jaroslav Reznik wrote: > > = Proposed System Wide Change: Default Local DNS Resolver = > > https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver > > > To install a local DNS resolver trusted for the DN

Re: F21 System Wide Change: Default Local DNS Resolver

[ Dropping devel-announce ] On Tue, Apr 29, 2014 at 11:15 AM, Alexander Larsson wrote: Not sure how to fix something like that though... I think in both cases (host and container) it would be best if the local resolver offered a local-only API (e.g. unix domain sockets, kdbus). Would req

Re: F21 System Wide Change: Default Local DNS Resolver

On Tue, 2014-04-29 at 22:10 +0800, P J P wrote: >Hello, > > On Tuesday, 29 April 2014 7:22 PM, Miloslav Trmač wrote: > >So what exactly happens on upgrade? Before the upgrade, > >most resolv.conf files will not point to 127.0.0.1. > >What will they point to after the upgrade, and if they will

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

On Tue, 29.04.14 10:37, Daniel J Walsh (dwa...@redhat.com) wrote: > > On 04/29/2014 06:33 AM, Lennart Poettering wrote: > > On Mon, 28.04.14 17:01, Daniel J Walsh (dwa...@redhat.com) wrote: > > > >> The problem is lots of services require systemd because they ship a > >> unit file and want syste

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

On tis, 2014-04-29 at 11:21 -0400, Josh Boyer wrote: > On Tue, Apr 29, 2014 at 10:58 AM, Alexander Larsson wrote: > > On tis, 2014-04-29 at 12:33 +0200, Lennart Poettering wrote: > >> On Mon, 28.04.14 17:01, Daniel J Walsh (dwa...@redhat.com) wrote: > >> > >> > The problem is lots of services req

Re: default local DNS failover solution needed, nscd?

On Fri, Apr 25, 2014 at 03:58:44PM -0700, Andrew Lutomirski wrote: > > https://sourceware.org/ml/libc-alpha/2012-12/msg00416.html > > I've never understood why something like nscd is even worth trying to > support. There's a simple, well specified protocol that program can > use to talk to a DNS

Re: F21 System Wide Change: Default Local DNS Resolver

On Tue, 2014-04-29 at 17:15 +0200, Alexander Larsson wrote: > On tis, 2014-04-29 at 14:15 +0200, Jaroslav Reznik wrote: > > = Proposed System Wide Change: Default Local DNS Resolver = > > https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver > > > > Change owner(s): P J P , Pavel Šim

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

On Tue, Apr 29, 2014 at 10:58 AM, Alexander Larsson wrote: > On tis, 2014-04-29 at 12:33 +0200, Lennart Poettering wrote: >> On Mon, 28.04.14 17:01, Daniel J Walsh (dwa...@redhat.com) wrote: >> >> > The problem is lots of services require systemd because they ship a >> > unit file and want system

Re: F21 System Wide Change: Default Local DNS Resolver

On Tue, Apr 29, 2014 at 05:15:57PM +0200, Alexander Larsson wrote: > On tis, 2014-04-29 at 14:15 +0200, Jaroslav Reznik wrote: > > = Proposed System Wide Change: Default Local DNS Resolver = > > https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver > > > > Change owner(s): P J P , Pa

Re: F21 System Wide Change: Default Local DNS Resolver

On tis, 2014-04-29 at 14:15 +0200, Jaroslav Reznik wrote: > = Proposed System Wide Change: Default Local DNS Resolver = > https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver > > Change owner(s): P J P , Pavel Šimerda > , Tomas Hozza > > To install a local DNS resolver trusted

Re: Deprecate setjmp/longjmp? [was Re: Maybe it's time to get rid of tcpwrappers/tcpd?]

2014-04-27 19:02 GMT-03:00 Andrew Price : > On 24/04/14 15:13, Lennart Poettering wrote: >> >> We probably should make setjmp()-freeness a requirement for >> all code included in Fedora. > > > Would it be worth the effort, and how feasible is it anyway? > - Do we have any usage statistics? > - How

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

On tis, 2014-04-29 at 12:33 +0200, Lennart Poettering wrote: > On Mon, 28.04.14 17:01, Daniel J Walsh (dwa...@redhat.com) wrote: > > > The problem is lots of services require systemd because they ship a > > unit file and want systemctl reload to happen. Systemd then triggers a > > require for ud

Re: F21 System Wide Change: Default Local DNS Resolver

> On Tuesday, 29 April 2014 7:56 PM, Matthew Miller wrote: > Can the proposal owners clarify for me how this is intended to impact the > cloud products?   Cloud products is somewhat of a hazy area(at-least for me). It's unclear how things operate there. Any information about how we could/should a

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

On 04/29/2014 06:33 AM, Lennart Poettering wrote: > On Mon, 28.04.14 17:01, Daniel J Walsh (dwa...@redhat.com) wrote: > >> The problem is lots of services require systemd because they ship a >> unit file and want systemctl reload to happen. Systemd then triggers a >> require for udev and kmod, w

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

On 04/28/2014 06:44 PM, Adam Jackson wrote: > On Mon, 2014-04-28 at 17:01 -0400, Daniel J Walsh wrote: >> The problem is lots of services require systemd because they ship a >> unit file and want systemctl reload to happen. Systemd then triggers a >> require for udev and kmod, which docker conta

Re: We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

On 04/29/2014 06:31 AM, Lennart Poettering wrote: > On Mon, 28.04.14 15:11, Toshio Kuratomi (a.bad...@gmail.com) wrote: > >> On Apr 28, 2014 5:01 PM, "Daniel J Walsh" wrote: >>> The problem is lots of services require systemd because they ship a >>> unit file and want systemctl reload to happen.

Re: F21 System Wide Change: Default Local DNS Resolver

> To install a local DNS resolver trusted for the DNSSEC validation running > on 127.0.0.1:53. This must be the only name server entry in > /etc/resolv.conf. Can the proposal owners clarify for me how this is intended to impact the cloud products? There's general resistance to having more servic

Re: F21 System Wide Change: Default Local DNS Resolver

   Hello, On Tuesday, 29 April 2014 7:22 PM, Miloslav Trmač wrote: >So what exactly happens on upgrade? Before the upgrade, >most resolv.conf files will not point to 127.0.0.1. >What will they point to after the upgrade, and if they will point to 127.0.0.1, >which package will actually do that, a

Re: F21 Self Contained Change: LVM Cache Logical Volumes

Hello, 2014-04-29 14:48 GMT+02:00 Jaroslav Reznik : > = Proposed Self Contained Change: LVM Cache Logical Volumes = > https://fedoraproject.org/wiki/Changes/Cache_Logical_Volumes > > * Other developers: N/A (not a System Wide Change) > ... so this might be a system-wide change after all? Anyway

Re: F21 Self Contained Change: Docker Cloud Image

Hello, 2014-04-29 14:35 GMT+02:00 Jaroslav Reznik : > = Proposed Self Contained Change: Docker Cloud Image = > https://fedoraproject.org/wiki/Changes/Docker_Cloud_Image > > == Scope == > > * Release engineering: N/A (not a System Wide Change) > Is anything needed for the potential os-tree -based

Re: F21 System Wide Change: Default Local DNS Resolver

Hello, 2014-04-29 14:15 GMT+02:00 Jaroslav Reznik : > = Proposed System Wide Change: Default Local DNS Resolver = > https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver > == Upgrade/compatibility impact == > So what *exactly* happens on upgrade? Before the upgrade, most resolv.c

Meeting minutes from Env-and-Stacks WG meeting (2014-04-29)

#fedora-meeting: Env and Stacks (2014-04-29) Meeting started by mmaslano at 12:04:50 UTC. The full logs are available at http://meetbot.fedoraproject.org/fedora-meeting/2014-04-29/env-and-stacks.2014-04-29-

Re: F21 System Wide Change: Application Installer Continued

2014-04-29 13:57 GMT+02:00 Jaroslav Reznik : > = Proposed System Wide Change: Application Installer Continued = > https://fedoraproject.org/wiki/Changes/AppInstallerContinued > > == Release Notes == > The application installer, gnome-software is now more fully integrated and > provides more funct

[perl-WWW-OrangeHRM-Client/f19] 0.7.2 bump

commit 379d5b68f385e8845f3aa108485c3a655e00b5da Author: Petr Písař Date: Tue Apr 29 14:47:28 2014 +0200 0.7.2 bump .gitignore |1 + perl-WWW-OrangeHRM-Client.spec |5 - sources|2 +- 3 files changed, 6 insertions(+), 2 deletions(

F21 Self Contained Change: LVM Cache Logical Volumes

= Proposed Self Contained Change: LVM Cache Logical Volumes = https://fedoraproject.org/wiki/Changes/Cache_Logical_Volumes Change owner(s): Alasdair G. Kergon , David Cantrell , Dave Lehman LVM can now use fast block devices (e.g. SSDs and PCIe Flash) to improve the performance of larger but

F21 Self Contained Change: Docker Cloud Image

= Proposed Self Contained Change: Docker Cloud Image = https://fedoraproject.org/wiki/Changes/Docker_Cloud_Image Change owner(s): Cloud SIG / Sandro Mathys New Fedora product: Fedora Docker Cloud Image - Docker host ready to go. == Detailed Description == Fedora Cloud agreed to make a base ima

F21 System Wide Change: Default Local DNS Resolver

= Proposed System Wide Change: Default Local DNS Resolver = https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver Change owner(s): P J P , Pavel Šimerda , Tomas Hozza To install a local DNS resolver trusted for the DNSSEC validation running on 127.0.0.1:53. This must be the o

F21 System Wide Change: Wayland

= Proposed System Wide Change: Wayland = https://fedoraproject.org/wiki/Changes/Wayland Change owner(s): Matthias Clasen and the desktop team Port the GNOME desktop to Wayland. == Detailed Description == GNOME is being ported to Wayland. In particular GNOME shell is changed to run as a Wayl

F21 System Wide Change: Application Installer Continued

= Proposed System Wide Change: Application Installer Continued = https://fedoraproject.org/wiki/Changes/AppInstallerContinued Change owner(s): Richard Hughes for the implementation, Ryan Lerch and Allan Day for the design Fully integrate the new application installer with Fedora, and complete

Re: an that is why we need a firewall -> Re: When a yum update sets up an MTA ...

On 04/28/2014 08:09 PM, Florian Weimer wrote: On 04/28/2014 12:42 PM, David Woodhouse wrote: Actually, I think the best way to fix this is with SELinux, rather than iptables. Why go for an overly complex solution where authorised processes have to prod a firewall dæmon to change the iptables co

  1   2   >