Re: Remove old GPG keys?

On 11/01/2017 10:37 PM, Kevin Fenzi wrote: On 11/01/2017 01:07 PM, Christopher wrote: On Wed, Nov 1, 2017 at 3:26 PM Kevin Fenzi wrote: On 10/31/2017 01:08 PM, Christopher wrote: [...] I personally don't see much advantage in expiring old keys or the like. The only attack vector I can see i

[Fedocal] Reminder meeting : Final release Go/No-Go Meeting

Dear all, You are kindly invited to the meeting: Final release Go/No-Go Meeting on 2017-11-02 from 17:00:00 to 19:00:00 UTC At fedora-meetin...@irc.freenode.net The meeting will be about: Source: https://apps.fedoraproject.org/calendar/meeting/8239/ _

[Fedocal] Reminder meeting : Fedora Modular Server 27 Beta Release Go/No-Go - 4th round

Dear all, You are kindly invited to the meeting: Fedora Modular Server 27 Beta Release Go/No-Go - 4th round on 2017-11-02 from 17:00:00 to 19:00:00 UTC At fedora-meetin...@irc.freenode.net The meeting will be about: Source: https://apps.fedoraproject.org/calendar/meeting/8374/

Fedora Modular 27 compose report: 20171102.n.0 changes

OLD: Fedora-Modular-27-20171101.n.2 NEW: Fedora-Modular-27-20171102.n.0 = SUMMARY = Added images:0 Dropped images: 0 Added packages: 0 Dropped packages:0 Upgraded packages: 0 Downgraded packages: 0 Size of added packages: 0.00 B Size of dropped packages

Re: [HEADS-UP] unannounced libfastjson ABI change breaks rsyslog

On Wed, Nov 1, 2017 at 5:49 PM Dominik 'Rathann' Mierzejewski < domi...@greysector.net> wrote: > Dear Fedora, > > ..snip.. > This breaks, for example, rsyslog-8.30.0-3, which was compiled against > libfastjson-0.99.7, but didn't go out together with it, so when I ran > dnf update, the set contai

please help us test the f27 cloud images in RC1.2

You can grab the image download links and fill out the results here: https://fedoraproject.org/wiki/Test_Results:Fedora_27_RC_1.2_Cloud Unfortunately only half the AMIs uploaded: Fedora-Cloud-Base-27-1.2.x86_64 EC2 (us-east-1) ami-acaa02d6 paravirtual gp2

Re: [Test-Announce] Fedora 27 Candidate RC-1.2 Available Now!

On Thu, 2017-11-02 at 11:46 +1100, Steven Haigh wrote: > > I'm not sure if this has been evaluated as a blocker... > https://bugzilla.redhat.com/show_bug.cgi?id=1507766 No, because it hasn't been proposed as one. > If I understand the test cases, seems it belongs here: > https://fedoraproject.o

Re: Remove old GPG keys?

Jonny Heggheim writes: On 11/01/2017 11:51 PM, Sam Varshavchik wrote: > I don't think much of expiring either. But keys for prior releases > should simply be removed, as part of the upgrade process, or on the > first boot after a successfull upgrade. > > Now, if we go this way, we have to make

Re: [Test-Announce] Fedora 27 Candidate RC-1.2 Available Now!

On 2017-11-02 11:33, Adam Williamson wrote: On Wed, 2017-11-01 at 23:19 +, rawh...@fedoraproject.org wrote: According to the schedule [1], Fedora 27 Candidate RC-1.2 is now available for testing. Please help us complete all the validation testing! For more information on release validation t

Re: [Test-Announce] Fedora 27 Candidate RC-1.2 Available Now!

On Wed, 2017-11-01 at 23:19 +, rawh...@fedoraproject.org wrote: > According to the schedule [1], Fedora 27 Candidate RC-1.2 is now > available for testing. Please help us complete all the validation > testing! For more information on release validation testing, see: > https://fedoraproject.org/

Re: Remove old GPG keys?

On 11/01/2017 11:51 PM, Sam Varshavchik wrote: > I don't think much of expiring either. But keys for prior releases > should simply be removed, as part of the upgrade process, or on the > first boot after a successfull upgrade. > > Now, if we go this way, we have to make sure we don't turn a bad >

Fedora Modular 27 compose report: 20171101.n.2 changes

OLD: Fedora-Modular-27-20171101.n.1 NEW: Fedora-Modular-27-20171101.n.2 = SUMMARY = Added images:0 Dropped images: 0 Added packages: 10 Dropped packages:6 Upgraded packages: 32 Downgraded packages: 7 Size of added packages: 172.94 MiB Size of dropped packages

[Test-Announce] Fedora 27 Candidate RC-1.2 Available Now!

According to the schedule [1], Fedora 27 Candidate RC-1.2 is now available for testing. Please help us complete all the validation testing! For more information on release validation testing, see: https://fedoraproject.org/wiki/QA:Release_validation_test_plan Test coverage information for the curr

Re: Building of OkHttp 3.9.0 fails

On 11/01/2017 09:46 PM, Jonny Heggheim wrote: > It looks like your patch is corrupting AndroidPlatform.java, how/why did > you create it? Or did you port it from okhttp2? I think this patch would work better https://jonny.fedorapeople.org/okhttp-3.9.0-rm-android-stuff.patch Another issue; is see

Re: Remove old GPG keys?

Kevin Fenzi writes: I personally don't see much advantage in expiring old keys or the like. The only attack vector I can see is tricking someone into installing a package from an EOL release with a known vulnerablity, but if you can do that you likely can get them to just download it and install

[HEADS-UP] unannounced libfastjson ABI change breaks rsyslog

Dear Fedora, it looks like the libfastjson-0.99.7 update that was submitted as an update for all branches contained an unannounced ABI break: $ abipkgdiff --d1 libfastjson-debuginfo-0.99.6-1.fc26.x86_64.rpm --d2 libfastjson-debuginfo-0.99.7-1.fc26.x86_64.rpm --devel1 libfastjson-devel-0.99.6-1.fc

Re: Building of OkHttp 3.9.0 fails

Hi Martin! On 11/01/2017 07:22 PM, Martin Gansser wrote: > [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-compiler-plugin:3.6.1:compile > (default-compile) on project okhttp: Compilation failure: Compilation failure: > [ERROR] > /home/martin/rpmbuild/BUILD/okhttp-parent-3.9.0/

Re: Remove old GPG keys?

On 11/01/2017 01:19 PM, Przemek Klosowski wrote: > On 11/01/2017 03:14 PM, Kevin Fenzi wrote: >> The only attack vector I can see is tricking someone into installing a >> package from an EOL release with a known vulnerablity, but if you can do >> that you likely can get them to just download it and

Re: Remove old GPG keys?

On 11/01/2017 01:07 PM, Christopher wrote: > On Wed, Nov 1, 2017 at 3:26 PM Kevin Fenzi wrote: > >> On 10/31/2017 01:08 PM, Christopher wrote: >>> >>> Why wouldn't the keys have expiration dates, following best practices? An >>> expired key is a bit friendlier of a nudge off of using outdated and

Re: Remove old GPG keys?

On 11/01/2017 03:14 PM, Kevin Fenzi wrote: The only attack vector I can see is tricking someone into installing a package from an EOL release with a known vulnerablity, but if you can do that you likely can get them to just download it and install it or Is it possible to compromise an old key,

Re: Remove old GPG keys?

On Wed, Nov 1, 2017 at 3:26 PM Kevin Fenzi wrote: > On 10/31/2017 01:08 PM, Christopher wrote: > > > > Why wouldn't the keys have expiration dates, following best practices? An > > expired key is a bit friendlier of a nudge off of using outdated and > > unsupported RPMs than a revoked key, which

Re: Remove old GPG keys?

On 10/31/2017 01:08 PM, Christopher wrote: > > Why wouldn't the keys have expiration dates, following best practices? An > expired key is a bit friendlier of a nudge off of using outdated and > unsupported RPMs than a revoked key, which indicates a potential > compromise. I would expect any GPG ke

Re: Building of OkHttp 3.9.0 fails

thanks for your explanation, i added the two line as you mentioned. %pom_xpath_remove 'pom:plugin[pom:artifactId="maven-compiler-plugin"]//pom:compilerId' %pom_xpath_remove 'pom:plugin[pom:artifactId="maven-compiler-plugin"]//pom:dependencies' have the next bugs to do with the fact that the And

Fedora Modular bikeshed compose report: 20171026.n.0 changes

OLD: Fedora-Modular-Bikeshed-20171026.n.0 NEW: Fedora-Modular-Bikeshed-20171026.n.0 = SUMMARY = Added images:0 Dropped images: 0 Added packages: 0 Dropped packages:0 Upgraded packages: 0 Downgraded packages: 0 Size of added packages: 0.00 B Size of dropped pac

Fedora 27-20171101.n.0 compose check report

Missing expected images: Workstation live i386 Kde live i386 Failed openQA tests: 11/137 (x86_64), 2/22 (i386), 1/2 (arm) New failures (same test did not fail in 27-20171031.n.0): ID: 163763 Test: i386 Everything-boot-iso install_default URL: https://openqa.fedoraproject.org/tests/163763 I

Re: Building of OkHttp 3.9.0 fails

On 2017-11-01 15:45, Martin Gansser wrote: Hi, when trying to compile okhttp with the okhttp.spec file from [1] i get this error messages: ... [WARNING] Some problems were encountered while building the effective model for com.squareup.okhttp3.sample:guide:jar:3.9.0 [WARNING] 'build.plugins.p

Re: 'configure' error on x86_64/ppc64 only

On Wed, 1 Nov 2017 17:29:37 +0100 Antonio Trande wrote: > Hi all. > > 'configure' command of 'mld2p4' package is failing on Rawhide > x86_64/ppc64 only with: > > > checking for working installation of PSBLAS... yes. > > checking for version of PSBLAS... Done > > configure: error: PSBLAS version

Re: [Rawhide] gawk API changes heads up

Thanks for the info. In that case there's nothing holding me from doing the rebase (I'm already in contact with gawk extensions developer). My guess is that the new gawk version will land in Rawhide tomorrow then. Best regards, David Kaspar [Dee'Kej] *Associate Software Engineer* *Brno, Czech Rep

Fedora Modular 27 compose report: 20171101.n.1 changes

OLD: Fedora-Modular-27-20171101.n.0 NEW: Fedora-Modular-27-20171101.n.1 = SUMMARY = Added images:0 Dropped images: 0 Added packages: 2 Dropped packages:0 Upgraded packages: 0 Downgraded packages: 0 Size of added packages: 1.91 MiB Size of dropped packages

'configure' error on x86_64/ppc64 only

Hi all. 'configure' command of 'mld2p4' package is failing on Rawhide x86_64/ppc64 only with: > checking for working installation of PSBLAS... yes. > checking for version of PSBLAS... Done > configure: error: PSBLAS version major "unknown". It happens on koji, not with 'rpmbuild' and 'mock'. Ca

Re: libical 3.0.0 changes license to LGPLv2.1 or MPLv2.0

Hi, On Wed, 2017-11-01 at 14:56 +0100, Igor Gnatenko wrote: > Do you know that LGPLv2.1 is wrong license tag in Fedora[0]? Nope, I do not. Thanks for the pointer. > You should use LGPLv2+ or MPLv2.0 They do not say "and later", thus the current LGPLv2 is more accurate. I'm going to corr

long waiting times for COPR jobs

Hello, lately, COPR pending job queues are holding jobs for pretty long time (even hours). This is a buggy behaviour and we will be doing our best to fix this issue in the following days. Thank your for your patience COPR team ___ devel-announce mailing

[Guidelines change] Changes to the packaging guidelines

Here are the recent changes to the packaging guidelines. - Following releng approval, the restrictions on the use of rich/Boolean dependencies have been lifted. * https://fedoraproject.org/wiki/Packaging:Guidelines#Rich.2FBoolean_dependencies * https://pagure.io/packaging-committee/issue/55

Review Swaps

I have a few simple C++ based review requests that I'm willing to perform review swaps for: flnet - Amateur Radio Net Control Station https://bugzilla.redhat.com/show_bug.cgi?id=1060852 flwkey - Modem program for the K1EL Winkeyer series https://bugzilla.redhat.com/show_bug.cgi?id=1321081 linsim

Re: [HEADS-UP] droping file_contexts.bin from selinux-policy-targeted package

On Wed, Nov 01, 2017 at 09:59:29AM +0100, Igor Gnatenko wrote: > On Wed, 2017-11-01 at 09:46 +0100, Petr Lautrbach wrote: > > Hi, > > > > we are going to drop file_contexts.bin from selinux-policy-targeted > > package. > > > > file_contexts.bin file is regenerated by sefcontext_compile utility >

Re: CI projects in Copr

We have finished the SCM source type implementation. You can read more in this blog post: https://clime.github.io/2017/10/24/COPR-SCM.html Thank you for the feedback! clime On Wed, Sep 27, 2017 at 10:28 PM, Michal Novotny wrote: > Hello, > > On Tue, Sep 5, 2017 at 5:50 PM, Petr Stodulka wrote:

Re: libical 3.0.0 changes license to LGPLv2.1 or MPLv2.0

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, 2017-11-01 at 12:58 +0100, Milan Crha wrote: > Hello, > with the update to libical 3.0.0 the sources changed the license from > LGPLv2 or MPLv1.1 to LGPLv2.1 or MPLv2.0, as mentioned in the > upstream > list here: > http://lists.infrade

Building of OkHttp 3.9.0 fails

Hi, when trying to compile okhttp with the okhttp.spec file from [1] i get this error messages: ... [WARNING] Some problems were encountered while building the effective model for com.squareup.okhttp3.sample:guide:jar:3.9.0 [WARNING] 'build.plugins.plugin.version' for org.codehaus.mojo:animal-

Re: Remove old GPG keys?

On 10/31/2017 04:15 PM, Sam Varshavchik wrote: > David Cantrell writes: > >> I don't really consider this a thing about saving space or making the >> output of 'rpm -qa' look nicer or something, but rather being good users >> of GPG.  If we create and then phase out signing keys, then part of our

Re: Remove old GPG keys?

On 10/31/2017 04:08 PM, Christopher wrote: > On Tue, Oct 31, 2017 at 3:06 PM David Cantrell > wrote: > > On 10/31/2017 11:32 AM, R P Herrold wrote: > > On Tue, 31 Oct 2017, David Cantrell wrote: > > > >>> # rpm -qa gpg-pubkey --qf "%{version}-%{release

Re: fedpkg failed to retire package

On Wed, Nov 1, 2017 at 8:46 PM, Zamir SUN wrote: > Hi Chenxiong, > >> What's the fedpkg version are you using? >> > > I was using fedpkg-1.28-1.fc26.noarch that day. > I try update and get 1.29-5.fc26 now. While I already executed on all > branches of portpub. So do I need to run fedpkg retire aga

Re: Self Introduction: Stefan Hajnoczi

On Wed, Nov 1, 2017 at 11:31 AM, Richard W.M. Jones wrote: > On Wed, Nov 01, 2017 at 11:25:05AM +, Stefan Hajnoczi wrote: >> Hi Fedora, >> I have just submitted my first Fedora package, git-publish - Prepare >> and store patch revisions as git tags: >> https://bugzilla.redhat.com/show_bug.cgi?

Re: fedpkg failed to retire package

Hi Chenxiong, > What's the fedpkg version are you using? > I was using fedpkg-1.28-1.fc26.noarch that day. I try update and get 1.29-5.fc26 now. While I already executed on all branches of portpub. So do I need to run fedpkg retire again with this new version? Thanks. -- Ziqian SUN (Zamir) GP

libical 3.0.0 changes license to LGPLv2.1 or MPLv2.0

Hello, with the update to libical 3.0.0 the sources changed the license from LGPLv2 or MPLv1.1 to LGPLv2.1 or MPLv2.0, as mentioned in the upstream list here: http://lists.infradead.org/pipermail/libical-devel/2017-May/000764.html Bye, Milan

Re: Self Introduction: Stefan Hajnoczi

On Wed, Nov 01, 2017 at 11:25:05AM +, Stefan Hajnoczi wrote: > Hi Fedora, > I have just submitted my first Fedora package, git-publish - Prepare > and store patch revisions as git tags: > https://bugzilla.redhat.com/show_bug.cgi?id=1508384 > > I've used Copr up until now but it's time to make

[Heads-up] libical 3.0.0 to reach rawhide, replacing libical-glib

Hello, I'd like to give a heads up about a plan to update libical to its 3.0.0 release in rawhide once I figure out some details about its build. This release also obsoletes libical-glib package, the project had been added into libical itself. I currently plan to push the update on Monday,

Re: [HEADS-UP] droping file_contexts.bin from selinux-policy-targeted package

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, 2017-11-01 at 09:46 +0100, Petr Lautrbach wrote: > Hi, > > we are going to drop file_contexts.bin from selinux-policy-targeted > package. > > file_contexts.bin file is regenerated by sefcontext_compile utility > every time > policy is rebui

[HEADS-UP] droping file_contexts.bin from selinux-policy-targeted package

Hi, we are going to drop file_contexts.bin from selinux-policy-targeted package. file_contexts.bin file is regenerated by sefcontext_compile utility every time policy is rebuilt, e.g. during update, after semodule -B, ... and this file contains pre compiled pcre regexes from file_contexts. We ad

SDL2_image changes license from LGPLv2+ to LGPLv2+ and zlib

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Since 2.0.2, SVG support is included.. And as usual, in a bad way by bundling some library with custom changes. Now it is nanosvg where upstream never had any releases. - -- - -Igor Gnatenko -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEhLFO09aHZVq