Re: Granting a capability to a service

On Tuesday, July 21, 2015 01:02:25 AM Reindl Harald wrote: > Am 20.07.2015 um 23:34 schrieb Steve Grubb: > > On Monday, July 20, 2015 12:45:28 PM Andrew Lutomirski wrote: > >> On Mon, Jul 20, 2015 at 12:26 PM, Steve Grubb wrote: > >>> The real problem with capabilities is there is no way to say, I

Re: Granting a capability to a service

Am 20.07.2015 um 23:34 schrieb Steve Grubb: On Monday, July 20, 2015 12:45:28 PM Andrew Lutomirski wrote: On Mon, Jul 20, 2015 at 12:26 PM, Steve Grubb wrote: The real problem with capabilities is there is no way to say, I trust this child process with this capability, but don't let it get in

Re: Improving our processes for new contributors.

On Mon, 20 Jul 2015 17:34:09 +1000, Nick Coghlan wrote: > Don't underestimate the explanatory power of worked examples -snip- Don't underestimate them how? I fail to see what your response has to do with the paragraph from my mail you've quoted. Some of the current (and past) problems with the

Re: Self Introduction: Beat Küng

Hello! On Monday, 20 July 2015 at 07:58, Beat Küng wrote: [...] > I've been a Fedora user for a while now, and I'm looking forward to be > part of the Fedora project and contribute to it! Welcome! It seems that many follow this path. We're looking forward to your contributions! Regards, Dominik

Re: Granting a capability to a service

On Mon, Jul 20, 2015 at 2:34 PM, Steve Grubb wrote: > On Monday, July 20, 2015 12:45:28 PM Andrew Lutomirski wrote: >> On Mon, Jul 20, 2015 at 12:26 PM, Steve Grubb wrote: >> > On Monday, July 20, 2015 11:09:39 AM Andrew Lutomirski wrote: >> >> On Jul 20, 2015 11:05 AM, "Florian Weimer" wrote: >

Re: Geeqie... I'll take it -- but I'd like co-maintainers! [was Re: Orphaned Geeqie]

On Mon, 20 Jul 2015 14:57:49 -0400, Matthew Miller wrote: > I am interested, and I'll pick it up. However, I'd definitely > appreciate co-maintainers, and particularly someone who could generate > security patches if need be, given the state of upstream. The state is uncertain, but that's not spe

Re: Granting a capability to a service

On Monday, July 20, 2015 12:45:28 PM Andrew Lutomirski wrote: > On Mon, Jul 20, 2015 at 12:26 PM, Steve Grubb wrote: > > On Monday, July 20, 2015 11:09:39 AM Andrew Lutomirski wrote: > >> On Jul 20, 2015 11:05 AM, "Florian Weimer" wrote: > >> > On 07/20/2015 05:59 PM, Steve Grubb wrote: > >> > >

Re: shared-mime-info and desktops

On Mon, 2015-07-20 at 13:37 -0600, Kevin Fenzi wrote: > On Mon, 20 Jul 2015 08:21:33 -0400 (EDT) > Bastien Nocera wrote: > > > > > > > - Original Message - > > > On Thu, 16 Jul 2015 12:33:52 -0500 > > > Rex Dieter wrote: > > > > > > > +1 I'm in favor, but ship it as mimeapps.list to

Re: Granting a capability to a service

On Mon, Jul 20, 2015 at 12:26 PM, Steve Grubb wrote: > On Monday, July 20, 2015 11:09:39 AM Andrew Lutomirski wrote: >> On Jul 20, 2015 11:05 AM, "Florian Weimer" wrote: >> > On 07/20/2015 05:59 PM, Steve Grubb wrote: >> > > Today, any application that wants to manipulate capabilities needs to be

Re: [POC-change] Fedora packages point of contact updates

On Mon, 20 Jul 2015 20:02:38 +0200 Jan Chaloupka wrote: ...snip... > >> > >> Sources: https://github.com/pypingou/fedora-owner-change > > Looks broken to me > > > > Confirming. Changed PoC of about 40 packages of mine. Mailing lists (especially high volume ones) aren't too good for tracki

Re: shared-mime-info and desktops

On Mon, 20 Jul 2015 08:21:33 -0400 (EDT) Bastien Nocera wrote: > > > - Original Message - > > On Thu, 16 Jul 2015 12:33:52 -0500 > > Rex Dieter wrote: > > > > > +1 I'm in favor, but ship it as mimeapps.list to comply with > > > modern related standards, see: > > > http://standards.fr

Re: Hosting End-Of-Life Fedora Base images?

Isn't it true the install media ISOs are available indefinitely? And if so the security cat is already out of the bag, so that's not a very good argument. I'd say if we wanted to do something better it would be an image that's usable for both VM and containers, and would be the state of that versio

Re: Granting a capability to a service

On Monday, July 20, 2015 11:09:39 AM Andrew Lutomirski wrote: > On Jul 20, 2015 11:05 AM, "Florian Weimer" wrote: > > On 07/20/2015 05:59 PM, Steve Grubb wrote: > > > Today, any application that wants to manipulate capabilities needs to be > > > capability aware. > > > > The application does not

Re: Hosting End-Of-Life Fedora Base images?

On 07/20/2015 02:52 PM, Adam Miller wrote: On Mon, Jul 20, 2015 at 1:46 PM, Przemek Klosowski wrote: Modern package-based systems like Fedora achieved a practical "patch early and often" setup with responsive security posture, but they are subject to creeping subsystem incompatibilities. Contai

Geeqie... I'll take it -- but I'd like co-maintainers! [was Re: Orphaned Geeqie]

On Mon, Jul 20, 2015 at 01:16:08PM +0200, Michael Schwendt wrote: > If you're interested in this image viewer, feel free to adopt the > package. I am interested, and I'll pick it up. However, I'd definitely appreciate co-maintainers, and particularly someone who could generate security patches if

Planned Outage: Build and Cloud - 2015-07-21 21:00 UTC

Planned Outage: Build and Cloud - 2015-07-21 21:00 UTC There will be an outage starting at 2015-07-21 21:00 UTC, which will last approximately 3 hours. To convert UTC to your local time, take a look at http://fedoraproject.org/wiki/Infrastructure/UTCHowto or run: date -d '2015-07-21 21:00

Re: Hosting End-Of-Life Fedora Base images?

On Mon, Jul 20, 2015 at 1:46 PM, Przemek Klosowski wrote: > On 07/20/2015 02:13 PM, Dennis Gilmore wrote: > > On Monday, July 20, 2015 01:00:34 PM Josh Boyer wrote: > > On Mon, Jul 20, 2015 at 12:39 PM, Adam Miller > > wrote: > > There was an issue ticket filed against the Fedora Docker Base > Im

Re: Hosting End-Of-Life Fedora Base images?

On 07/20/2015 02:13 PM, Dennis Gilmore wrote: On Monday, July 20, 2015 01:00:34 PM Josh Boyer wrote: On Mon, Jul 20, 2015 at 12:39 PM, Adam Miller wrote: There was an issue ticket filed against the Fedora Docker Base Images[0] github repo requesting that older End-Of-Life'd (EOL'd) Fedora rel

Re: Hosting End-Of-Life Fedora Base images?

On Monday, July 20, 2015 01:00:34 PM Josh Boyer wrote: > On Mon, Jul 20, 2015 at 12:39 PM, Adam Miller > > wrote: > > Hello all, > > > > There was an issue ticket filed against the Fedora Docker Base > > > > Images[0] github repo requesting that older End-Of-Life'd (EOL'd) > > Fedora releas

Re: Granting a capability to a service

On Jul 20, 2015 11:05 AM, "Florian Weimer" wrote: > > On 07/20/2015 05:59 PM, Steve Grubb wrote: > > > Today, any application that wants to manipulate capabilities needs to be > > capability aware. > > The application does not want to manipulate capabilities. I do not want > to run it as full roo

Re: Granting a capability to a service

On 07/20/2015 05:59 PM, Steve Grubb wrote: > Today, any application that wants to manipulate capabilities needs to be > capability aware. The application does not want to manipulate capabilities. I do not want to run it as full root. I don't want to add additional SUID/fscaps to the file syste

Re: [POC-change] Fedora packages point of contact updates

On 07/20/2015 06:37 PM, Vít Ondruch wrote: Dne 20.7.2015 v 12:02 nob...@fedoraproject.org napsal(a): Change in package status over the last 168 hours 0 packages were orphaned 0 packages were retired ---

Re: Granting a capability to a service

On Jul 20, 2015 4:20 AM, "Florian Weimer" wrote: > > On 07/18/2015 03:53 PM, Andrew Lutomirski wrote: > > > Nothing. Inheritable capabilities are nearly useless. > > Wow. > > The program that sparked this thread is a Go program. So basically, we > have these options if we do not want to run with

Re: Hosting End-Of-Life Fedora Base images?

On Mon, Jul 20, 2015 at 12:39 PM, Adam Miller wrote: > Hello all, > There was an issue ticket filed against the Fedora Docker Base > Images[0] github repo requesting that older End-Of-Life'd (EOL'd) > Fedora releases be made available as docker images[1] and I'm not > personally very inclined

Re: Hosting End-Of-Life Fedora Base images?

On 20 July 2015 at 10:39, Adam Miller wrote: > Hello all, > There was an issue ticket filed against the Fedora Docker Base > Images[0] github repo requesting that older End-Of-Life'd (EOL'd) > Fedora releases be made available as docker images[1] and I'm not > personally very inclined to do th

Re: Base Design WG agenda meeting 20th June 2015 14:15 UTC on #fedora-meeting-2

On 13.07.2015 16:40, Harald Hoyer wrote: > Agenda: > > - define the minimal install > - define the docker base image > - minimal disk image for importing into libvirt > - generic installer? > - Open Floor > > Please add items by replying to this mail. > Minutes:

Hosting End-Of-Life Fedora Base images?

Hello all, There was an issue ticket filed against the Fedora Docker Base Images[0] github repo requesting that older End-Of-Life'd (EOL'd) Fedora releases be made available as docker images[1] and I'm not personally very inclined to do this because I think EOL'd releases should be left alone o

Re: [POC-change] Fedora packages point of contact updates

Dne 20.7.2015 v 12:02 nob...@fedoraproject.org napsal(a): > Change in package status over the last 168 hours > > > 0 packages were orphaned > > > 0 packages were retired > > > 0 packages unorphaned >

[POC-change] Fedora packages point of contact updates

Change in package status over the last 168 hours 0 packages were orphaned 0 packages were retired 0 packages unorphaned - 0 packages were unretired 0

Re: Orphaned Geeqie

On Mon, Jul 20, 2015 at 05:37:18PM +0200, Martin Kolman wrote: > > This is my primary image viewer still... I'm not able to take it > > over, but as a user, I'd be very grateful if someone did. :) > Also my primary image viewer & same sentiment! :) I'm also in the same situation -- it's one of th

Re: Granting a capability to a service

On Monday, July 20, 2015 04:27:35 PM Florian Weimer wrote: > >> The algorithm documented in capabilities(7) suggests that retaining > >> effective capabilities across an execve system call absolutely requires > >> file capabilities (the inheritable part). > > > > > > > > No. You can start off as r

Re: Orphaning Tremulous

On Mon, Jul 20, 2015 at 12:49:13 +0200, Jan Kaluža wrote: I'm orphaning tremulous and tremulous-data packages. The upstream is dead and it fails to compile against new speex in rawhide. I think the package is more or less ready for retirement, but maybe someone else would like to fix the sp

Re: Orphaned Geeqie

On Mon, 2015-07-20 at 11:32 -0400, Digimer wrote: > On 20/07/15 07:16 AM, Michael Schwendt wrote: > > Hello, everyone! > > > > In pkgdb, I've orphaned "geeqie" for Fedora devel and Fedora 23: > > https://admin.fedoraproject.org/pkgdb/package/geeqie/ > > > > If you're interested in this image view

Re: Orphaned Geeqie

On 20/07/15 07:16 AM, Michael Schwendt wrote: > Hello, everyone! > > In pkgdb, I've orphaned "geeqie" for Fedora devel and Fedora 23: > https://admin.fedoraproject.org/pkgdb/package/geeqie/ > > If you're interested in this image viewer, feel free to adopt the > package. > > I wish I had good new

Re: Self Introduction: Ilya Gradina

On Mon, Jul 20, 2015 at 06:16:18PM +0300, Ilya Gradina wrote: > My name is Ilya Gradina, I am a former student of mathematician, I am > interested in numerical methods and mathematics software. Unfortunately I Welcome Ilya! Thanks for joining us. If you haven't looked already, you might also want

Self Introduction: Ilya Gradina

Hi all, My name is Ilya Gradina, I am a former student of mathematician, I am interested in numerical methods and mathematics software. Unfortunately I don't have no experience in FLOSS, but I like it as user and want to help as maintainer/developer. I want to start contributing with packaging gi

Re: F-23 Branched report: 20150720 changes

On Mon, 20 Jul 2015 08:09:06 -0400 Stephen Gallagher wrote: > On Mon, 2015-07-20 at 14:06 +0200, Pierre-Yves Chibon wrote: > > On Mon, Jul 20, 2015 at 01:58:49PM +0200, Vít Ondruch wrote: > > > What is wrong with the reports? Why broken dependencies are not > > > checked/reported? Why there is no

Re: Granting a capability to a service

On 07/20/2015 04:21 PM, Steve Grubb wrote: > On Saturday, July 18, 2015 10:42:43 AM Florian Weimer wrote: >> Let's assume I want to start a service as an ordinary user, but allow to >> bind it to a privileged port. The program implementing the service does >> not manipulate capabilities in any way

Re: Granting a capability to a service

On Saturday, July 18, 2015 10:42:43 AM Florian Weimer wrote: > Let's assume I want to start a service as an ordinary user, but allow to > bind it to a privileged port. The program implementing the service does > not manipulate capabilities in any way. > > I came up with with this system unit for

[ANN] python-sphinx-latex is back

Heads-up to package maintainers whose packages make use of Sphinx for documentation generation -- previously our packaging seesaw between two extremes (under-specified dependencies on TeXlive, as in #882166 -- or excessive dependencies as in #1220339). Splitting the LaTeX builders into a separate

Re: Granting a capability to a service

On 07/20/2015 02:34 PM, Zbigniew Jędrzejewski-Szmek wrote: > On Sat, Jul 18, 2015 at 10:42:43AM +0200, Florian Weimer wrote: >> Let's assume I want to start a service as an ordinary user, but allow to >> bind it to a privileged port. The program implementing the service does >> not manipulate capa

Re: Orphaning Tremulous

On Mon, 2015-07-20 at 12:49 +0200, Jan Kaluža wrote: > Hi, > > I'm orphaning tremulous and tremulous-data packages. The upstream is > dead and it fails to compile against new speex in rawhide. I think > the package is more or less ready for retirement, but maybe someone > else would like to fix

Re: Improving our processes for new contributors.

Dne 17.7.2015 v 00:28 Mikolaj Izdebski napsal(a): > On 07/16/2015 07:53 PM, Zbigniew Jędrzejewski-Szmek wrote: >> One thing which I find very annoying when creating new packages is the >> need to use bare rpmbuild commands. I find the split between >> ~/rpmbuild/{SPECS,SOURCES} anachronistic (*), a

Re: Granting a capability to a service

On Sat, Jul 18, 2015 at 10:42:43AM +0200, Florian Weimer wrote: > Let's assume I want to start a service as an ordinary user, but allow to > bind it to a privileged port. The program implementing the service does > not manipulate capabilities in any way. socket activation would be a much simpler a

Re: shared-mime-info and desktops

- Original Message - > On Thu, 16 Jul 2015 12:33:52 -0500 > Rex Dieter wrote: > > > +1 I'm in favor, but ship it as mimeapps.list to comply with modern > > related standards, see: > > http://standards.freedesktop.org/mime-apps-spec/mime-apps-spec-1.0.html#file > > > > Proposal: ship a

Re: shared-mime-info and desktops

- Original Message - > On Thu, 2015-07-16 at 12:33 -0500, Rex Dieter wrote: > > +1 I'm in favor, but ship it as mimeapps.list to comply with modern related > > standards, see: > > http://standards.freedesktop.org/mime-apps-spec/mime-apps-spec-1.0.html#file > > The modern spec is what pro

Re: F-23 Branched report: 20150720 changes

On Mon, 2015-07-20 at 14:06 +0200, Pierre-Yves Chibon wrote: > On Mon, Jul 20, 2015 at 01:58:49PM +0200, Vít Ondruch wrote: > > What is wrong with the reports? Why broken dependencies are not > > checked/reported? Why there is no Rawhide report at all? > > When we have branched and have the two re

Re: F-23 Branched report: 20150720 changes

On Mon, Jul 20, 2015 at 01:58:49PM +0200, Vít Ondruch wrote: > What is wrong with the reports? Why broken dependencies are not > checked/reported? Why there is no Rawhide report at all? When we have branched and have the two reports they can run a/ maybe not at the same time b/ maybe not at the sa

Re: F-23 Branched report: 20150720 changes

What is wrong with the reports? Why broken dependencies are not checked/reported? Why there is no Rawhide report at all? Thx Vít -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-co

F-23 Branched report: 20150720 changes

Compose started at Mon Jul 20 07:15:03 UTC 2015 New package: dropbox-api-command-1.17-5.fc23 Dropbox API wrapper command New package: gap-pkg-crystcat-1.1.6-1.fc23 Crystallographic groups catalog New package: php-guzzlehttp-promises-1.0.1-3.fc23 Guzzle promi

Re: Granting a capability to a service

On 07/18/2015 03:53 PM, Andrew Lutomirski wrote: > Nothing. Inheritable capabilities are nearly useless. Wow. The program that sparked this thread is a Go program. So basically, we have these options if we do not want to run with full capabilities: (a) Run with UID=0 with restricted capabilit

Orphaned Geeqie

Hello, everyone! In pkgdb, I've orphaned "geeqie" for Fedora devel and Fedora 23: https://admin.fedoraproject.org/pkgdb/package/geeqie/ If you're interested in this image viewer, feel free to adopt the package. I wish I had good news about its current state of development, but things have turnt

Orphaning Tremulous

Hi, I'm orphaning tremulous and tremulous-data packages. The upstream is dead and it fails to compile against new speex in rawhide. I think the package is more or less ready for retirement, but maybe someone else would like to fix the speex incompatibility and keep it in Fedora for few more r

Re: Improving our processes for new contributors.

On 17 July 2015 at 18:17, Michael Schwendt wrote: > But else, I don't think this would improve the process for new contributors > significantly. As one can see, the new contributors manage to submit packages > into the queue, and they even point at koji test-builds. One problem is that > a growing