Re: Copr delete-by-default expiration policy still unacceptable

Dne 13. 10. 22 v 17:06 Neal Gompa napsal(a): Considering services like packagecloud.io and others exist and do manage to make money storing repositories and builds, I think it's pretty workable for COPR too. It would require some advertising and such to get it out there, but it'd be workable. W

Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

On 10/13/22 17:31, Neal Gompa wrote: On Thu, Oct 13, 2022 at 9:58 AM Kevin Kofler via devel wrote: Neal Gompa wrote: No, because when you do things like mirror repositories (especially for private mirrors), that signature is the only way to verify the integrity. HTTPS is only transport encryp

Re: Heads up! OpenImageIO 2.4 series coming to rawhide

On 2022-10-12 07:14, Ben Beasley wrote: Since we are in the final freeze for F37, and the update breaks ABI (and API), the Updates Policy for stable releases applies, and an exception request would need to be submitted and approved first. https://docs.fedoraproject.org/en-US/fesco/Updates_Pol

Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

On 10/13/22 19:35, Demi Marie Obenour wrote: On 10/13/22 04:23, Panu Matilainen wrote: On 10/13/22 10:53, Neal Gompa wrote: On Thu, Oct 13, 2022 at 3:29 AM Panu Matilainen wrote: On 10/13/22 07:18, Kevin Kofler via devel wrote: For the last 20 years or so, RPM has used a home-grown OpenPGP

Re: Ridiculous new Red Hat Bugzilla password security requirements

On Fri, Oct 14, 2022 at 1:39 AM Kevin Kofler via devel wrote: > ... but this is absolutely absurd. To (mis) quote Randy Bush: "their application, their rules". If you don't like them, find another provider. I hope that RedHat quickly supports passkeys, where this all becomes moot. Unless you sh

Ridiculous new Red Hat Bugzilla password security requirements

Hi, today, Red Hat Bugzilla forced me to change my password because apparently a password of 9 random alphanumeric+symbol characters (1 symbol, 8 mixed-case alphanumeric) is suddenly no longer considered secure enough. This is absolutely ridiculous for a bug tracker. It is not like that passwor

Re: Non-responsive maintainer check for volter

Scott Talbert wrote: > This is a non-responsive maintainer check for volter (Volker Fröhlich). > Does anyone know how to contact this user? > > https://bugzilla.redhat.com/show_bug.cgi?id=2134665 Volker basically left Fedora packaging almost a year ago: https://lists.fedoraproject.org/archives/li

Non-responsive maintainer check for mikedep333

This is a non-responsive maintainer check for mikedep333 (Michael DePaulo). Does anyone know how to contact this maintainer? https://bugzilla.redhat.com/show_bug.cgi?id=2134659 ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe sen

Non-responsive maintainer check for ivazquez

This is a non-responsive maintainer check for ivazquez (Ignacio Vazquez-Abrams). Does anyone know how to contact this user? https://bugzilla.redhat.com/show_bug.cgi?id=2134660 ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send

Non-responsive maintainer check for volter

This is a non-responsive maintainer check for volter (Volker Fröhlich). Does anyone know how to contact this user? https://bugzilla.redhat.com/show_bug.cgi?id=2134665___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email t

Non-responsive maintainer check for wolfy

This a non-responsive maintainer check for wolfy (manuel wolfshant). Does anyone know how to contact this maintainer? https://bugzilla.redhat.com/show_bug.cgi?id=2134664 ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an ema

Re: Advice needed: Pantheon desktop broken on Fedora 37 (yes, worse than usual)

Den tors 13 okt. 2022 kl 17:01 skrev Neal Gompa : > On Thu, Oct 13, 2022 at 10:58 AM Neal Gompa wrote: > > > > On Thu, Oct 13, 2022 at 10:55 AM Michael J Gruber > wrote: > > > > > > Thanks for all your work! > > > > > > Dropping pantheon is not the only fallout of GNOME's schedule around > our r

Re: F38 proposal: Ostree Native Container (Phase 2, stable) (System-Wide Change proposal)

On Thu, Oct 13, 2022 at 3:08 PM Ben Cotton wrote: > > == Contingency Plan == > * Contingency mechanism: Continue to ship things the way we ship them today > * Contingency deadline: Dunno > * Blocks release? No I suggest the branch day (2023-02-07) as the contingency deadline here. -- Ben Cotton

F38 proposal: Ostree Native Container (Phase 2, stable) (System-Wide Change proposal)

https://fedoraproject.org/wiki/Changes/OstreeNativeContainerStable This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steer

Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

Let's Encrypt also supports the dns-01 challenge[1] that doesn't require any publicly available IPs. Using dns verification is required to obtain a Let's Encrypt wildcard certificate. While I tend to prefer using the dns-01 challenge approach when possible, not all DNS providers have made it eas

Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

On Thu, Oct 13, 2022 at 4:57 PM Maxwell G via devel wrote: > Let's Encrypt also supports the dns-01 challenge[1] that doesn't require > any publicly available IPs. Using dns verification is required to obtain a > Let's Encrypt wildcard certificate. While I tend to prefer using the dns-01 challen

Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

On 10/13/22 11:28, Demi Marie Obenour wrote: systemd (yes, systemd) is considering using Rust, though it has not yet started including it, and there is already Rust code in Mesa IIRC. Don't forget the Python 'cryptography' package... also a Rust user. It's here to stay, at least for the forese

Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

On Thu Oct 13, 2022 at 17:12 +0200, Kevin Kofler via devel wrote: > > And using Let's Encrypt for private mirrors is sufficiently painful that I > > wouldn't recommend it. > > Set up a subdomain like vpn.example.com, point it to the public IP, then > configure the VPN's internal DNS to resolve vpn

Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

On 10/13/22 04:23, Panu Matilainen wrote: > On 10/13/22 10:53, Neal Gompa wrote: >> On Thu, Oct 13, 2022 at 3:29 AM Panu Matilainen wrote: >>> >>> On 10/13/22 07:18, Kevin Kofler via devel wrote: > For the last 20 years or so, RPM has used a home-grown OpenPGP parser > for dealing with key

Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

On 10/13/22 11:18, Kevin Kofler via devel wrote: > Fabio Valentini wrote: >> Do you have suggestions for improving this situation? I think we're >> pretty close to doing the best we can with packaging Rust projects, >> given the current limitations of the language (i.e. the support for >> building

Re: Copr delete-by-default expiration policy still unacceptable

On Thu, Oct 13, 2022 at 3:56 PM Josh Boyer wrote: > > On Thu, Oct 13, 2022 at 11:04 AM Gary Buhrmaster > wrote: > > > > On Thu, Oct 13, 2022 at 2:25 PM Josh Boyer > > wrote: > > > > > Would you be willing to pay for that feature? > > > > A "freemium" COPR service? > > > > I suspect that that wo

Re: Copr delete-by-default expiration policy still unacceptable

On Thu, Oct 13, 2022 at 11:04 AM Gary Buhrmaster wrote: > > On Thu, Oct 13, 2022 at 2:25 PM Josh Boyer wrote: > > > Would you be willing to pay for that feature? > > A "freemium" COPR service? > > I suspect that that would be such a > niche service that the cost per user > (to pay for the overhea

Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

On Thu, Oct 13, 2022 at 11:38 AM Demi Marie Obenour wrote: > > On 10/13/22 08:14, Neal Gompa wrote: > > On Thu, Oct 13, 2022 at 4:24 AM Panu Matilainen wrote: > >> > >> On 10/13/22 10:53, Neal Gompa wrote: > >>> On Thu, Oct 13, 2022 at 3:29 AM Panu Matilainen > >>> wrote: > > On 10/13

Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

On 10/13/22 08:14, Neal Gompa wrote: > On Thu, Oct 13, 2022 at 4:24 AM Panu Matilainen wrote: >> >> On 10/13/22 10:53, Neal Gompa wrote: >>> On Thu, Oct 13, 2022 at 3:29 AM Panu Matilainen wrote: On 10/13/22 07:18, Kevin Kofler via devel wrote: >> For the last 20 years or so, RPM ha

Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

On Thu, Oct 13, 2022 at 3:13 PM Kevin Kofler via devel wrote: > > Neal Gompa wrote: > > I'm not going to get into this too much, but suffice to say, it's not > > universally accessible as a CA. > > I would very much be interested in those details though. As I recall, the current LE root certifica

Re: Copr delete-by-default expiration policy still unacceptable

Don't get me wrong, the folks who work on Koji and Copr are great, but even they'll admit that they're woefully underfunded. The compose tooling, PDC, etc. are also examples of this problem. Can't agree enough. Hats off to the COPR folks. Without it, even it current state, RH/Fed ecosystem is,

Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

Fabio Valentini wrote: > Do you have suggestions for improving this situation? I think we're > pretty close to doing the best we can with packaging Rust projects, > given the current limitations of the language (i.e. the support for > building "true shared Rust libraries" is still very limited and

Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

Neal Gompa wrote: > I'm not going to get into this too much, but suffice to say, it's not > universally accessible as a CA. I would very much be interested in those details though. I do not see anybody being excluded from Let's Encrypt, not even countries under US embargo (e.g., over 30 site

Re: Copr delete-by-default expiration policy still unacceptable

On Thu, Oct 13, 2022 at 11:04 AM Gary Buhrmaster wrote: > > On Thu, Oct 13, 2022 at 2:25 PM Josh Boyer wrote: > > > Would you be willing to pay for that feature? > > A "freemium" COPR service? > > I suspect that that would be such a > niche service that the cost per user > (to pay for the overhea

Re: Copr delete-by-default expiration policy still unacceptable

On Thu, Oct 13, 2022 at 2:25 PM Josh Boyer wrote: > Would you be willing to pay for that feature? A "freemium" COPR service? I suspect that that would be such a niche service that the cost per user (to pay for the overheads to create and maintain it) would not be acceptable to anyone. _

Re: Copr delete-by-default expiration policy still unacceptable

Il 13/10/22 16:48, Kevin Kofler via devel ha scritto: > > What makes Copr so interesting is that it is offered at no cost to all > Fedora contributors. But it has always been treated as an unloved stepchild > by Red Hat and has never received the kind of resources, e.g., OBS has. Is there any chan

Re: Advice needed: Pantheon desktop broken on Fedora 37 (yes, worse than usual)

On Thu, Oct 13, 2022 at 10:58 AM Neal Gompa wrote: > > On Thu, Oct 13, 2022 at 10:55 AM Michael J Gruber > wrote: > > > > Thanks for all your work! > > > > Dropping pantheon is not the only fallout of GNOME's schedule around our > > release. (I do understand why we wanted it in.) > > Pantheon's

Re: Advice needed: Pantheon desktop broken on Fedora 37 (yes, worse than usual)

On Thu, Oct 13, 2022 at 10:55 AM Michael J Gruber wrote: > > Thanks for all your work! > > Dropping pantheon is not the only fallout of GNOME's schedule around our > release. (I do understand why we wanted it in.) Pantheon's struggles are more evidence of GNOME's lack of courtesy to the larger

Re: Copr delete-by-default expiration policy still unacceptable

On Thu, Oct 13, 2022 at 10:48 AM Kevin Kofler via devel wrote: > > Josh Boyer wrote: > > Would you be willing to pay for that feature? > > Probably not, because at that point, it would probably be cheaper to just > set up a mirror or even a full-fledged build system on a VPS somewhere. Or > even t

Re: Copr delete-by-default expiration policy still unacceptable

On Thu, Oct 13, 2022 at 10:48 AM Kevin Kofler via devel wrote: > > Josh Boyer wrote: > > Would you be willing to pay for that feature? > > Probably not, because at that point, it would probably be cheaper to just > set up a mirror or even a full-fledged build system on a VPS somewhere. Or > even t

Re: Advice needed: Pantheon desktop broken on Fedora 37 (yes, worse than usual)

Thanks for all your work! Dropping pantheon is not the only fallout of GNOME's schedule around our release. (I do understand why we wanted it in.) ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.

Re: Copr delete-by-default expiration policy still unacceptable

Josh Boyer wrote: > Would you be willing to pay for that feature? Probably not, because at that point, it would probably be cheaper to just set up a mirror or even a full-fledged build system on a VPS somewhere. Or even to use OBS, though I do not know what their retention policies for old repo

Re: Copr delete-by-default expiration policy still unacceptable

You do have to admit that this happens only as a result of: - wanting to support EOLed chroots - not wanting to support non EOLed chroots (for those projects) - not receiving notification e-mails - not logging onto the web UI for more than 75 days All of this in combination, and knowingly, as you

Re: Heads-up: llhttp 8.0.0 coming to Rawhide

The llhttp package will instead be updated to version 8.1.0, which was released after the original announcement. The schedule and other details for this update remain unchanged. Release notes for version 8.1.0: https://github.com/nodejs/llhttp/releases/tag/release%2Fv8.1.0 Source diff: https

Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

On Thu, Oct 13, 2022 at 9:58 AM Kevin Kofler via devel wrote: > > Neal Gompa wrote: > > No, because when you do things like mirror repositories (especially > > for private mirrors), that signature is the only way to verify the > > integrity. HTTPS is only transport encryption from a particular > >

Re: Copr delete-by-default expiration policy still unacceptable

On Thu, Oct 13, 2022 at 8:41 AM Kevin Kofler via devel wrote: > > Miroslav Suchý wrote: > > Dne 13. 10. 22 v 6:12 Kevin Kofler via devel napsal(a): > >> I am really angry at Copr's expiration policy once again. It looks like I > >> missed the deadline to renew the expired chroots (I still do not g

Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

Neal Gompa wrote: > No, because when you do things like mirror repositories (especially > for private mirrors), that signature is the only way to verify the > integrity. HTTPS is only transport encryption from a particular > connection. HTTPS protects against a MITM on the connection introducing i

Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

On Thu, Oct 13, 2022 at 3:31 PM Kevin Kofler via devel wrote: > > The dependency on LLVM is not even the worst issue in my eyes. LLVM is also > used by other core projects, e.g., mesa, these days. > > The worst issue I see with Rust is the way libraries are "packaged", which > just implies install

Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

On Thu, Oct 13, 2022 at 9:31 AM Kevin Kofler via devel wrote: > > Neal Gompa wrote: > > This is also the underlying reason why Red Hat has resisted > > implementing signed repository metadata and enforcing it by default. > > Of course this is a bit of a catch-22 as well, as there's no > > motivati

Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

Neal Gompa wrote: > This is also the underlying reason why Red Hat has resisted > implementing signed repository metadata and enforcing it by default. > Of course this is a bit of a catch-22 as well, as there's no > motivation to find a solution because neither Fedora nor RHEL offer > signed reposi

Re: Copr delete-by-default expiration policy still unacceptable

On Thu, 13 Oct 2022 at 08:49, Kevin Kofler via devel < devel@lists.fedoraproject.org> wrote: > Miroslav Suchý wrote: > > Dne 13. 10. 22 v 6:12 Kevin Kofler via devel napsal(a): > >> I am really angry at Copr's expiration policy once again. It looks like > I > >> missed the deadline to renew the ex

Re: Copr delete-by-default expiration policy still unacceptable

Miroslav Suchý wrote: > Dne 13. 10. 22 v 6:12 Kevin Kofler via devel napsal(a): >> I am really angry at Copr's expiration policy once again. It looks like I >> missed the deadline to renew the expired chroots (I still do not get any >> notification mails, they end up eaten in a spam filter somewher

Re: Advice needed: Pantheon desktop broken on Fedora 37 (yes, worse than usual)

On Wed, Aug 24, 2022 at 12:55 AM Miro Hrončok wrote: > > On 23. 08. 22 23:46, Fabio Valentini wrote: > > even if the advice is: "yes, retire the packages, rather > > than leave them broken, they can be added back once they have been > > fixed" > > Knowing nothing about Pantheon or GObject C, I do

Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

On Thu, Oct 13, 2022 at 4:24 AM Panu Matilainen wrote: > > On 10/13/22 10:53, Neal Gompa wrote: > > On Thu, Oct 13, 2022 at 3:29 AM Panu Matilainen wrote: > >> > >> On 10/13/22 07:18, Kevin Kofler via devel wrote: > For the last 20 years or so, RPM has used a home-grown OpenPGP parser >

Fedora 37 compose report: 20221013.n.0 changes

OLD: Fedora-37-20221012.n.0 NEW: Fedora-37-20221013.n.0 = SUMMARY = Added images:0 Dropped images: 1 Added packages: 0 Dropped packages:0 Upgraded packages: 0 Downgraded packages: 0 Size of added packages: 0 B Size of dropped packages:0 B Size of upgraded

Fedora rawhide compose report: 20221013.n.0 changes

OLD: Fedora-Rawhide-20221012.n.0 NEW: Fedora-Rawhide-20221013.n.0 = SUMMARY = Added images:2 Dropped images: 6 Added packages: 5 Dropped packages:23 Upgraded packages: 81 Downgraded packages: 0 Size of added packages: 4.44 MiB Size of dropped packages

Re: F39 proposal: Replace DNF with DNF5 (System-Wide Change proposal)

On Thu, Oct 13, 2022 at 10:36:52AM +0300, Panu Matilainen wrote: > On 10/12/22 17:47, Stephen Smoogen wrote: > > > > > > On Wed, 12 Oct 2022 at 10:32, Kevin P. Fleming > > wrote: > > > > On 10/12/22 08:59, Stephen Smoogen wrote: > > > Maybe call it the Fedo

Re: F39 proposal: Replace DNF with DNF5 (System-Wide Change proposal)

So, coming back to the steps needed for this to happen as discussed in the FESCo ticket, I think the first one is to decide how users can start testing dnf5 on "expendable" machines. The proposal says that dnf5 can be installed in parallel with dnf. I think this doesn't highlight what things wi

Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

On 10/13/22 10:53, Neal Gompa wrote: On Thu, Oct 13, 2022 at 3:29 AM Panu Matilainen wrote: On 10/13/22 07:18, Kevin Kofler via devel wrote: For the last 20 years or so, RPM has used a home-grown OpenPGP parser for dealing with keys and signatures. That parser is rather infamous for its limit

Re: F39 proposal: Replace DNF with DNF5 (System-Wide Change proposal)

Heh, I would really prefer to stay with "dnf", but thx everybody for brainstorming the name. I like the proposals ;) Vít Dne 12. 10. 22 v 15:59 Stephen Smoogen napsal(a): On Wed, 12 Oct 2022 at 09:49, Miroslav Suchý wrote: Dne 12. 10. 22 v 12:28 Vít Ondruch napsal(a): > So since

Re: F39 proposal: Replace DNF with DNF5 (System-Wide Change proposal)

Dne 12. 10. 22 v 15:48 Miroslav Suchý napsal(a): Dne 12. 10. 22 v 12:28 Vít Ondruch napsal(a): So since I don't think the DNF5 name and especially the package name was elaborated here and my wish in package review to have the package name just `dnf` was completely ignored [1], I'll ask here.

Re: Copr delete-by-default expiration policy still unacceptable

Dne 13. 10. 22 v 6:12 Kevin Kofler via devel napsal(a): I am really angry at Copr's expiration policy once again. It looks like I missed the deadline to renew the expired chroots (I still do not get any notification mails, they end up eaten in a spam filter somewhere), so once again a lot of data

Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

On Thu, Oct 13, 2022 at 3:29 AM Panu Matilainen wrote: > > On 10/13/22 07:18, Kevin Kofler via devel wrote: > >> For the last 20 years or so, RPM has used a home-grown OpenPGP parser > >> for dealing with keys and signatures. That parser is rather infamous > >> for its limitations and flaws, and e

Re: F39 proposal: Replace DNF with DNF5 (System-Wide Change proposal)

On 10/12/22 17:47, Stephen Smoogen wrote: On Wed, 12 Oct 2022 at 10:32, Kevin P. Fleming > wrote: On 10/12/22 08:59, Stephen Smoogen wrote: > Maybe call it the Fedora Update Manager 'FUM' ? Unless we're going to call it RUM when it makes its way into

Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

On 10/13/22 07:18, Kevin Kofler via devel wrote: For the last 20 years or so, RPM has used a home-grown OpenPGP parser for dealing with keys and signatures. That parser is rather infamous for its limitations and flaws, and especially in recent years has proven a significant burden to RPM developm