2016-09-29 16:58 GMT+02:00 Stephen John Smoogen :
> https://www.stigviewer.com/stig/vmware_esxi_v5/2013-01-15/finding/GEN002140-ESXI5-46
This is titled
"All shells referenced in /etc/passwd must be listed in the
/etc/shells file, except any shells specified for the purpose of
preventing logi
On Thu, Sep 29, 2016 at 9:58 PM, Kevin Kofler wrote:
> Stephen John Smoogen wrote:
>> Well that boat sailed in 2001... so have you been removing it from
>> your /etc/shells in the last 15 years?
>
> No, because I was not aware that Fedora had been shipping with this security
> hole for 15 years! O
On 9/29/2016 5:55 PM, Kevin Kofler wrote:
Nobody should ever add this at all. And most definitely not Fedora.
The behavior the original poster pointed out:
| - su -s /bin/bash - nologinuser (if "nologinuser" has /sbin/nologin as the
| default shell) succeeds with /bin/bash if auth is successful [
On 29 September 2016 at 21:58, Kevin Kofler wrote:
> Stephen John Smoogen wrote:
>> Well that boat sailed in 2001... so have you been removing it from
>> your /etc/shells in the last 15 years?
>
> No, because I was not aware that Fedora had been shipping with this security
> hole for 15 years! Of
Stephen John Smoogen wrote:
> Well that boat sailed in 2001... so have you been removing it from
> your /etc/shells in the last 15 years?
No, because I was not aware that Fedora had been shipping with this security
hole for 15 years! Of course I immediately fixed it upon reading this
thread.
On 29 September 2016 at 20:55, Kevin Kofler wrote:
> Stephen John Smoogen wrote:
>> One of the reasons for it to be in /etc/shells was that various audit
>> systems failed an OS if it wasn't. [Various government and bank
>> security audit tools have rules like
>> https://www.stigviewer.com/stig/vm
Stephen John Smoogen wrote:
> One of the reasons for it to be in /etc/shells was that various audit
> systems failed an OS if it wasn't. [Various government and bank
> security audit tools have rules like
> https://www.stigviewer.com/stig/vmware_esxi_v5/2013-01-15/finding/GEN002140-ESXI5-46
> ]
On Thu, 2016-09-29 at 16:51 -0600, Chris Murphy wrote:
> But I don't
> think QA clearly understands what cloud image(s) are release blocking,
> as previously they were just the non-atomic images.
I don't know what's going on with all this crap, but so far as I'm
concerned I understand perfectly we
On Thu, Sep 29, 2016 at 4:32 PM, Chris Murphy wrote:
> Also I read in the Fedora magazine meeting that just wrapped up 30
> minutes ago, that Atomic is the default for F25 (among Cloud
> deliverables). To my ears, "default" and "primary" download sound like
> they'd be release blocking. And the p
Missing expected images:
Xfce raw-xz armhfp
Cloud_base raw-xz i386
Failed openQA tests: 3/102 (x86_64), 1/17 (i386), 1/2 (arm)
New failures (same test did not fail in 25-20160926.n.0):
ID: 37372 Test: arm Minimal-raw_xz-raw.xz base_services_start_arm
URL: https://openqa.fedoraproject.org/
OK my confusion definitely reduced but still some remains and they may
only be trivial details:
Cloud WG has explicitly mentioned an Atomic WG more than once, most
recently yesterday
17:40:46 #topic Open Floor
17:41:07 what about making the Atomic WG?
[...snip...]
17:42:45 sayan: I assumed t
On Thu, 2016-09-29 at 22:15 +, Fedora compose checker wrote:
> Missing expected images:
>
> Kde live i386
> Workstation live i386
> Kde live x86_64
> Cloud_base raw-xz x86_64
> Cloud_base raw-xz i386
> Kde raw-xz armhfp
> Minimal raw-xz armhfp
> Workstation live x86_64
>
> Failed openQA tests
Missing expected images:
Kde live i386
Workstation live i386
Kde live x86_64
Cloud_base raw-xz x86_64
Cloud_base raw-xz i386
Kde raw-xz armhfp
Minimal raw-xz armhfp
Workstation live x86_64
Failed openQA tests: 49/79 (x86_64), 11/15 (i386)
ID: 37282 Test: x86_64 Server-dvd-iso install_defau
On Thu, 2016-09-29 at 15:08 -0700, Adam Williamson wrote:
>
> That error means the anaconda install failed. The way livemedia_creator
> works is that it actually runs an anaconda install using the kickstart
> specified - using its 'install to a directory' method if you pass --no-
> virt, otherwise
On Thu, 2016-09-29 at 15:34 -0300, Sergio Belkin wrote:
> Hi,
>
> I've tried to create a Live ISO using livemedia-creator, and followed the
> steps from
> https://fedoraproject.org/wiki/Livemedia-creator-_How_to_create_and_use_a_Live_CD
> .
>
> But I cannot do it, these is the errors:
>
> sudo l
I am trying to package [1] in fedora and there is a name conflict with an
old/retired
package [2] that no longer has an upstream. I have talked with the old
maintainer (cc'd)
and we would like to unretire the package and allow for the new project to
assume the name
in rpm.
I'm attempting to f
Hi,
I've tried to create a Live ISO using livemedia-creator, and followed the
steps from
https://fedoraproject.org/wiki/Livemedia-creator-_How_to_create_and_use_a_Live_CD
.
But I cannot do it, these is the errors:
sudo livemedia-creator --ks
/home/sergio/Descargas/Pagure/flat-fedora-live-base.ks
Hi all.
I'm about to push Sundials 2.7.0 on Rawhide branch; following libraries
will change their soname:
*cvode* 1.0.0 --> 2.9.0
*cvodes* 2.0.0 --> 2.9.0
*arkode* 1.0.0 --> 1.1.0
*ida*2.0.0 --> 2.9.0
*idas* 2.0.0 --> 1.3.0
*kinsol* 1.0.0 --> 2.9.0
Release note from upstream:
http://compu
(cross post from kernel)
We're starting to see a fall off in F23 karma. The kernel gets new
releases fairly frequently so this may start to slow down how fast F23
gets new kernels. If you still have an F23 system, please remember to
test and give karma for new kernels. A big thanks to those wh
On Thu, 2016-09-29 at 16:21 +, Fedora compose checker wrote:
> Missing expected images:
>
> Cloud_base raw-xz i386
>
> Failed openQA tests: 3/102 (x86_64), 1/17 (i386)
>
> New failures (same test did not fail in 25-20160928.n.0):
>
> ID: 37156 Test: x86_64 Workstation-live-iso desktop_u
Tomas Mraz wrote:
> My personal recommendation would be to follow the application's upstream
> recommendation.
This is of course the best approach, as the upstream project will have good
reasons to use a particular crypto foundation for the project.
> What we should strive for is to limit the u
On Thu, 2016-09-29 at 16:23 +, Fedora compose checker wrote:
> Missing expected images:
>
> Cloud_base raw-xz i386
> Atomic raw-xz x86_64
>
> Failed openQA tests: 9/102 (x86_64), 2/17 (i386), 1/2 (arm)
>
> New failures (same test did not fail in Rawhide-20160928.n.0):
>
> ID: 37036 Test
Missing expected images:
Cloud_base raw-xz i386
Atomic raw-xz x86_64
Failed openQA tests: 9/102 (x86_64), 2/17 (i386), 1/2 (arm)
New failures (same test did not fail in Rawhide-20160928.n.0):
ID: 37036 Test: x86_64 Workstation-boot-iso install_default
URL: https://openqa.fedoraproject.org
Missing expected images:
Cloud_base raw-xz i386
Failed openQA tests: 3/102 (x86_64), 1/17 (i386)
New failures (same test did not fail in 25-20160928.n.0):
ID: 37156 Test: x86_64 Workstation-live-iso desktop_update_graphical
URL: https://openqa.fedoraproject.org/tests/37156
Old failures (
On Thu, Sep 29, 2016 at 11:17:51AM -0400, Stephen Gallagher wrote:
> Also membership on a WG isn't required for taking action; anyone who has
+1 to this point.
> they see fit. The WG exists mainly as an advisory body like FESCo:
> it's really there mostly to set general direction and resolve
> d
On 09/27/2016 07:11 PM, Chris Murphy wrote:
> Hi,
>
> I was asked to start this in today's Server meeting. The genesis for
> me was, I have more questions than answers and I'm fairly convinced
> I'm not the only person who's kinda shrugging not knowing what all the
> questions even are. Answers ar
On 29 September 2016 at 04:54, Toby Goodwin wrote:
>>nologin is listed in /etc/shells since 2002 [1].
>
> This seems like a extraordinary mistake, and I agree with Jonathan
> Kamens' comment on the original ticket [1]. I note that his concerns
> were never adequately answered; the only response wa
On Thu, Sep 29, 2016 at 10:36 AM, Igor Gnatenko wrote:
> On Thu, Sep 29, 2016 at 10:08 AM, Tomas Hozza wrote:
>> On 09/29/2016 06:19 AM, Bojan Smojver wrote:
>>> Could someone with sufficient access please spin up an update of bind
>>> for F-24 and other flavours of Fedora. That CVE looks like a
On 29 September 2016 6:08:13 PM AEST, Tomas Hozza wrote:
>I'll be pushing the updates shortly.
Cool, thanks.
--
Bojan
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
On 09/29/2016 10:36 AM, Igor Gnatenko wrote:
> On Thu, Sep 29, 2016 at 10:08 AM, Tomas Hozza wrote:
> > On 09/29/2016 06:19 AM, Bojan Smojver wrote:
> >> Could someone with sufficient access please spin up an update of bind
> >> for F-24 and other flavours of Fedora. That CVE looks like a pretty
>nologin is listed in /etc/shells since 2002 [1].
This seems like a extraordinary mistake, and I agree with Jonathan
Kamens' comment on the original ticket [1]. I note that his concerns
were never adequately answered; the only response was a hand-wavy "well
we did it and it doesn't seem to have br
From 958e51e734086d8a8caeec6cf19c2da998f57bf1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?=
Date: Thu, 29 Sep 2016 10:52:05 +0200
Subject: 0.60 bump
---
.gitignore| 1 +
perl-Test2-Suite.spec | 5 -
sources | 2 +-
3 files changed, 6 insertio
On 29 Sep 2016, at 08:51, Nikos Mavrogiannopoulos wrote:
> I'd like to underline the part _preferrably the version recommended by
> upstream_ of Packaging:CryptoPolicies. I believe it is best for us to
> use the code that upstream primarily considers best for the
> application.
+1.
Regards,
Gra
On Thu, Sep 29, 2016 at 10:08 AM, Tomas Hozza wrote:
> On 09/29/2016 06:19 AM, Bojan Smojver wrote:
>> Could someone with sufficient access please spin up an update of bind
>> for F-24 and other flavours of Fedora. That CVE looks like a pretty
>> serious DoS. This has already been fixed in RHEL.
>
On 09/29/2016 06:19 AM, Bojan Smojver wrote:
> Could someone with sufficient access please spin up an update of bind
> for F-24 and other flavours of Fedora. That CVE looks like a pretty
> serious DoS. This has already been fixed in RHEL.
>
> Thanks,
>
Hi.
I'll be pushing the updates shortly. The
On Wed, 2016-09-28 at 11:43 -0400, Matthew Miller wrote:
> On Wed, Sep 28, 2016 at 03:13:34PM +0100, Tomasz Kłoczko wrote:
> >
> > Is it any official Fedora policy/call to move away from openssl?
>
> As far as I know, no. There was this attempt:
> https://fedoraproject.org/wiki/FedoraCryptoConsol
On 28.9.2016 16:13, Tomasz Kłoczko wrote:
BTW openssl changes.
Is it any official Fedora policy/call to move away from openssl?
I'm asking because I've noticed that some packages seems have been
switched from openssl to gnutls.
Examples of those packages is wget:
* Tue Jul 26 2016 Tomas Hozza ma
37 matches
Mail list logo
