g (including xenstored,
libvirt daemon and few others) and it's very annoying and fragile to do
that from inside chroot.
So, we do have a use case for Initial Setup.
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
signature.asc
Description: PGP signature
--
___
ich is a good practice and very easy to do. After all, these
> > signatures don't just protect by authenticating the source of the
> > package, but they also verify the package integrity to protect against
> > file corruption.
> >
> > Whatever inconvenience there i
; >
>
> We've discussed an RPM-specific format upstream. Debian and Arch both
> have their own formats that are tailored to their package systems, and
> RPM may have one too, eventually.
For context, the discussion is here:
https://github.c
pre-measured safe kernel
cmdline (perhaps even hardcoded into kernel binary), while still being
able to instruct initrd where to look for the root fs. Of course, initrd
would need to be careful about parsing this piece of information
(probably having some allowlist of options allowed in this ca
own CA to avoid trusting the whole
DigiCert (or other single CA), but personally I think the downsides
overweights the benefits
And this is just about the connection part, not about integrity of the
server itself... BTW, I do hope that signing keys are stored somewhere
else.
--
Best
n the integrity of the [HTTPS connection to]
mirrors.fedoraproject.org server (or any of CAs trusted by the system) -
a rather fragile single point of failure.
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
signature.asc
Description
different
packages for different archs). Alternatively, -debuginfo repo, but that
feels weird.
> But all this is getting a bit ahead. Someone needs to come up with the
> contents and tools to make/read/do cool things with them first. :)
There is one in progress alrea
e not upstream, or just
nobody had time to do it? If the latter, can I help with this somehow?
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
signature.asc
Description: PGP signature
___
devel mailing list -- devel@lists.fedoraproj
where like "oh, we've found a bug in an update
system, so you need to execute this very part that is vulnerable to get
it fixed".
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
signature.asc
Description: PGP signature
_
commits/rawhide
>
> One would hope that filed bugs would get addressed, then.
> But, not here. Fair enuf.
Actually, the buggy file (/etc/grub.d/20_linux_xen) belongs to the grub2
package, so the bug is assigned to a wrong package.
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things
On Thu, Feb 04, 2021 at 10:56:43PM -0500, Neal Gompa wrote:
> On Thu, Feb 4, 2021 at 9:23 PM Kevin Fenzi wrote:
> >
> > On Fri, Feb 05, 2021 at 12:17:28AM +0100, Marek Marczykowski-Górecki wrote:
> > >
> > > Does it make sense?
> >
> > That does make
y it is more logical to include in a
binary RPM - a build output. In fact, Archlinux does exactly that (in
their package format). If it would be in an SRPM, then you'd need to
rebuild/modify SRPM _after_ building binary RPMs, which feels wrong...
Does it make sense?
--
Best Regards,
Marek Marczykowsk
robosignatory and pungi developers (links to the issues on those in the
> infra ticket).
I'll look into it. I am vaguely familiar with pungi code, but not so
much with robosignatory.
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which peop
.redhat.com/buglist.cgi?bug_status=__open__&classification=Fedora&product=Fedora&query_format=advanced&short_desc=CVE&short_desc_type=allwordssubstr
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally rea
On Tue, Nov 03, 2020 at 12:24:45AM -0500, Neal Gompa wrote:
> On Tue, Nov 3, 2020 at 12:16 AM Marek Marczykowski-Górecki
> wrote:
> > Is it possible to enable the first one, but leave the second to the
> > user, until DNF is adjusted for better UX around the keys? That would
>
).
Is there any dnf command similar to `rpm --import`, to preemptively
import the key, or the only option is to accept the prompt? I can't find
anything about it in dnf's man page...
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in w
could reduce damage in case of
metalink-hosting server compromise.
I don't know much about Fedora infrastructure, but perhaps there is
still something I could help with?
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1868639
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A:
t
state for the base system.
[1]
https://oss-security.openwall.org/wiki/mailing-lists/distros#linux-distribution-security-contacts-list
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-post
On Tue, Jun 04, 2019 at 08:20:50AM -0400, Neal Gompa wrote:
> On Tue, Jun 4, 2019 at 8:16 AM Florian Weimer wrote:
> >
> > * Marek Marczykowski-Górecki:
> >
> > > I'd like to request unretire osslsigncode[1]. Originally it was retired
> > > because of b
de
[2] https://github.com/mtrojnar/osslsigncode
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1424037#c9
[4] https://koji.fedoraproject.org/koji/taskinfo?taskID=35260552
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read
> named Xwayland running as well. This CVE affects the X server named
> Xorg.
If I understand this CVE correctly, it doesn't matter what X server is
running (if any at all). Do matter what setuid-root Xorg binary is
installed (or not).
--
Best Regards,
Marek Marczykowski-Górecki
Invisible T
t; or "System Wide" Change, or what should
specifically be listed in "Scope". If IRC would be more appropriate for
such discussion, that's fine for me too.
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it
On Fri, Oct 12, 2018 at 03:44:38PM -0600, Chris Murphy wrote:
> On Fri, Oct 12, 2018 at 4:30 AM, Marek Marczykowski-Górecki
> wrote:
> > On Thu, Oct 11, 2018 at 09:24:08PM -0600, Chris Murphy wrote:
> >> Why does efiboot.img have a 32MiB limit?
> >
> > Because &qu
On Thu, Oct 11, 2018 at 09:24:08PM -0600, Chris Murphy wrote:
> On Thu, Oct 11, 2018 at 6:37 PM, Marek Marczykowski-Górecki
> wrote:
> > Hi all!
> >
> > I'm new on this list. I work on Qubes OS, where Fedora is used as a base
> > distribution.
> >
> &g
1e3e1006013772528078914f491d14c1f
[3] https://reproducible-builds.org/specs/source-date-epoch/
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
25 matches
Mail list logo