Hello,
Could someone please help to review this package request?
-> https://bugzilla.redhat.com/show_bug.cgi?id=2259602
Thank you.
---
-Prasad
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lis
s?
* Removing orphaned packages may not be easy, as other packages may depend on
them.
Thank you.
---
-P J P
http://feedmug.com
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@li
sooner.
* Fedora security team was more looking into auditing and improving Fedora
distribution security
via safe default configurations and policies etc. While also following up
with maintainers
for fixing CVE bugs sooner.
Thank you.
---
-P J P
http://feedmug.com
__
part of all themes
We are looking for talks and workshops which appeal to the beginner,
intermediate and advanced participant in community projects.
The CFP is NOW OPEN! Ready to submit your proposal? Visit
-> http://devconf.in/
Questions? Please write to us at
Thank you.
--
Hello,
Please see -> https://devconf.info/in/cfp
CFP closes: 4 May 2018
Accepted speakers confirmation: 4 June 2018
Conference Dates: 4, 5 August, 2018, Bengaluru, India
We invite you to submit a proposal to speak at DevConf.in 2018. This
is the second DevConf.in conference where free and open
ssues.
It contains CVSS v2 and v3 computation utilities and interactive
calculator compatible with both Python v2 and v3.
Its licence has been changed from GPLv3+ to LGPLv3+.
-> https://github.com/skontar/cvss/issues/6
Thank you.
---
-P J P
http://feedmug.com
--
devel mailin
//github.com/iovisor/bcc> - which
> provides tooling around the new eBPF infrastructure in the kernel. This
> might eventually need some fixes upstream first so the build process is
> streamlined within Fedora.
Cool, sounds like a plan! Welcome aboard!! :) (just shout if you need
anythi
masq
> * howto get domainname set automatically from dhcp
Dhcp configuration manual should help with that.
---
-P J P
http://feedmug.com
--
devel mailing list
devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
->
https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver#How_To_Test
Please let us know if you face any difficulties. Thank you.
--- -P J P
http://feedmug.com
--
devel mailing list
devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
es to build a
strong solution.
[*] https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver
Thank you.
---
-P J P
http://feedmug.com
--
devel mailing list
devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
ange
request.
---
-P J P
http://feedmug.com
--
devel mailing list
devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
orkManager APIs, I wonder why is it separately
conducting captive portal detection on its own?
IMHO NetworkManager is best placed and best suited to conduct network probes
and notify other applications via its APIs. NM could be our one solid system
wide solution for everything that is network
uration changes to indicate 'trusted' character of a resolver was
proposed to upstream glibc, but that is yet to be resolved properly.
-> https://www.sourceware.org/ml/libc-alpha/2014-11/msg00426.html
---
Regards
-P J P
http://feedmug.com
--
devel mailing list
devel@lists.fedorapr
additional
> configuration available for testing?
As per F23 schedule, it's post 28 Jul 2015
-> https://fedoraproject.org/wiki/Releases/23/Schedule
---
Regards
-P J P
http://feedmug.com
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman
t him an email, let's see.
Thank you.
---
Regards
-P J P
http://feedmug.com
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Hello,
Please see:
-> https://bugzilla.redhat.com/show_bug.cgi?id=1209124
Does anyone know where to contact Mr Michael Stahnke, the rubygem-activesupport
EPEL branch maintainer. The package needs to be updated with few fixes.
Thank you.
---
Regards
- P J P
http://feedmug.
> On Wednesday, 14 January 2015 10:44 PM, Simo Sorce wrote:
>> "Anaconda installer OR maybe OpenSSH package needs to create
>> initial set of authentication keys for 'root' user."
>
> Sorry, but what is the point of this operation, wrt auth with keys issue ?
Well, it can be used it to exp
Hi,
> On Wednesday, 14 January 2015 8:01 PM, Simo Sorce wrote:
> Ok, I state my opposition to without-password too inequivocably here.
> Mostly because it is just the same as 'no', given there is no way, in a
> regular install to seed a key into the root account.
>
> Except you have no mechani
Hello Simo,
> On Wednesday, 14 January 2015 2:29 AM, Simo Sorce wrote:
> Sorry this is false. You got enough emails telling you this
> change is undesirable, that's the definition of opposition
> and means you have no _consensus_.
IIUC, that was for disabling remote root access completely wi
Hello Dennis,
> On Tuesday, 13 January 2015 10:05 PM, Dennis Gilmore wrote:
> There is no consensus on that.
Well, no opposition as such either. How is it done otherwise,
do we conduct votes to establish consensus, is that a usual practice?
> I do not do enough installs that I use kickstart
Hello,
Please see: (shared by 'fenrus02' on IRC)
-> https://stribika.github.io/2015/01/04/secure-secure-shell.html
Here are few more recommendations for sshd(8) configurations, mostly pertaining
to encryption algorithms.
Does it make sense to incorporate any of the suggestions from there?
Hello Miloslav, all
> On Tuesday, 13 January 2015 10:26 AM, P J P wrote:
> So, we do seem to have consensus(at least no opposition) for
> 'PermitRootLogin=without-password' option. I'll update the feature
> page with it and details about the specific use-cases.
> On Tuesday, 13 January 2015 4:24 AM, Volker Sobek wrote:
> Maybe this difference can be addressed together with what ever is
> decided upon in this discussion? I think having some consistency here
> would be good.
IMO, the install image consistency issues need to be handled separately and
cou
On Tuesday, 13 January 2015 1:10 AM, Stephen John Smoogen wrote:
>Sorry if I am misunderstanding but the feature is to address brute
>forcing the root account so that they do not get root access to the server.
Right.
>I am saying that this isn't a speed-bump because they are already trying
>to
> On Tuesday, 13 January 2015 3:06 AM, Miloslav Trmač wrote:
> (The general theme of this mail: Being flexible is fine, and establishing
> this
> through this discussion is great; however, ultimately the Change proposal
> needs
> to document the _specific outcome_ of that discussion.²)
I und
On Tuesday, 13 January 2015 12:05 AM, Stephen John Smoogen wrote:
>I don't see how this is the case. All we have done is move the
>first line of the root-kit script to calling sudo via the password
>that was used to open the account up. Since many of Linux systems
>are single user boxes.. it is mos
> On Monday, 12 January 2015 11:27 PM, Mike Pinkerton wrote:
> Sure, if the tool provides the ability to tweak the install to enable
> password-based root login, then one can log in after installation,
> upload keys, configure sshd, etc. The question is whether the tool
> that is available has
Hello Paul,
> On Monday, 12 January 2015 11:18 PM, Paul Wouters wrote:
> What if I told you Neo, that there are no strong passwords?
> Passwords are weak. Some are less weak than others. I'd rather
> teach people to use ssh keys for remote access and only restrict
> passwords to console/physical
ason was to
> mitigate BF even "P J P " told us here
> that not.
No! Again, intention is to keep malicious users from gaining 'root' access
via BF attacks. It is quite similar to why we run services as non-root users,
instead of root. If at all break-in happens, it is
> On Monday, 12 January 2015 8:47 PM, Mike Pinkerton wrote:
> Not just virtualized deployments, but also in remote installs on bare
> metal.
Okay and the '%post' install section trick won't help there?
IIUC, it'd depend on which tool/application is used to do such remote
installations and if
> On Monday, 12 January 2015 8:32 PM, Paul Wouters wrote:
> do you use PrzemekKlosowski as your username on your fedora? I doubt it.
> It is more likely to be przemek, klosowski or pklosowski. In fact, often
> this is revealed in mail headers (eg "sendmail invoked by user paul").
> More often, peop
> On Monday, 12 January 2015 5:59 PM, Milan Keršláger wrote:
> You are (instead of completly mitigating), only raising complexity a
> little bit (ie not completly avoiding), which is what is "Security
> through obscurity" about (ie. by hiding source code, the attacker only
> solve more complex pro
Hello,
> On Monday, 12 January 2015 4:09 PM, Ian Malone wrote:
> > On 12 January 2015 at 09:20, Milan Keršláger
>> 4) Blocking root access means forcing admins to log as normal user and
>> then do su/sudo and providing root password, which is far less secure
>> than disable root password aut
Hello Milan,
> On Monday, 12 January 2015 3:11 PM, Milan Keršláger wrote:
> No, this is not good idea as I wrote few minutes ago because it does not
> improve security, it just provide feeling of better security, see:
> https://en.wikipedia.org/wiki/Security_through_obscurity
I disagree. Fir
Hello,
> On Sunday, 11 January 2015 2:27 PM, Peter Robinson wrote:
>>> Earlier in the discussions I was told that this is not really an issue: in
>>> production, about every server with remote access also has a KVM.
>>
>> Often not the case in small business or third party hosted environments.
> On Saturday, 10 January 2015 1:34 AM, Mike Pinkerton wrote:
> Even if you want to do key-based authentication rather than password,
> you still need to use password initially to get the key onto the
> remote box.
True!
---
Regards
-Prasad
http://feedmug.com
--
devel mailing list
devel@lis
Hello,
I'm writing a common reply for consolidation and brevity. I'll try to cover all
the concerns raised so far.
- Idea behind this feature is to keep malicious users from gaining 'root'
access to remote systems. Restricting remote root login increases the
difficulty level in that, which
> On Wednesday, 24 December 2014 11:01 PM, Mike Pinkerton wrote:
> Remotely installed on bare metal.
I see. Is there a provision that you could edit the kick-start file? Or
supply parameters to it?? If so, it could be possible to enable remote root
login post install. If not, let's see how we
> On Wednesday, 24 December 2014 3:07 PM, Andrew Haley wrote:
> At some loss of usability. To often we hear "This is better for
> security, therefore we should do it" without considering the usability
> trade-off.
It'll help if you could define this some loss of usability. If it is about
remo
Hello,
Please see:
-> https://bugzilla.redhat.com/show_bug.cgi?id=1104041#c6
-> https://admin.fedoraproject.org/pkgdb/package/dcmtk/
Mr Mario, the current maintainer is looking for a co-maintainer for the 'dcmtk'
Fedora package. If you are interested, please apply for the co-maintainer
co
> On Thursday, 27 November 2014 4:49 PM, Reindl Harald wrote:
> so why not consider disable sshd at all and make a checkbox
> in Anaconda "ssh support yes/no" because after somebody says "yes"
> it's his clearly decision and he is responsible to secure it with key-only
> auth
Sure these are op
Hello Tomas,
> On Thursday, 27 November 2014 3:05 PM, Tomas Mraz wrote:
>> - Original Message -
>> On Wed, Nov 26, 2014 at 11:48 AM, Scott Schmit wrote:
>>
>> Look, this is a basic system configuration. It's not "Cripple Mr.
>> Onion". Pick *one* setting, and let people know from that
Hi,
> On Tuesday, 25 November 2014 10:00 PM, Gabriel Ramirez wrote:
> I have a server which only runs several VM's with specific services, no
> need user accounts in the host or in the VM's,
>
> so you propose when I reiinstall any of them create a user account in
> each of them, that will c
Hello Matthew,
> On Tuesday, 25 November 2014 9:21 PM, Matthew Miller wrote:
> Keep in mind that in cloud, cloud-init does the same thing (instead of
> firstboot).
Ah I see, cool!
---
Regards
-Prasad
http://feedmug.com
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fed
> On Tuesday, 25 November 2014 9:07 PM, Simo Sorce wrote:
> My machines get joined to an IPA domain as soon as they are finished
> installing, I do *not* want a local user, it would be a liability.
Well, I think this is more specific case for which remote 'root' login could
be enabled by user.
> On Tuesday, 25 November 2014 8:53 PM, Kevin Fenzi wrote:
> > On Tue, 25 Nov 2014 09:56:59 -0500
> Simo Sorce wrote:
>
>> We can install machine w/o user accounts, removing the ability to log
>> in as root via ssh means those machines will not be accessible.
>
> This has been the reason this has
> On Monday, 24 November 2014 2:59 PM, P J P wrote:
> > On Sunday, 23 November 2014 1:59 AM, Rahul Sundaram wrote:
>> I would suggesting going through the feature process...
>> Having FESCo review a proposal is useful as well.
>
> Right, makes sense. I'
On Sunday, 23 November 2014 1:59 AM, Rahul Sundaram wrote:
>I would suggesting going through the feature process. Although the config
>file change itself is trivial, there are multiple components that require
>coordination with several teams (Anaconda, Fedora Security team, openSSH,
>GNOME etc), t
On Saturday, 22 November 2014 9:28 PM, Rahul Sundaram wrote:
>This seems pretty tricky to ensure. Anaconda doesn't enforce
>an additional user because that could be done via the initial
>setup or gnome initial setup. IIRC, the interactions between
>them were pretty non obvious already.
Yes, t
> On Saturday, 22 November 2014 4:29 PM, Felix Schwarz wrote
> I'm ok with no root login assuming that one can ssh into the machine (and
> become root somehow) after an install (this is along the lines of what Harald
> Reindl mentioned yesterday).
Yes, true. One would definitely need a non-user
> On Saturday, 22 November 2014 1:39 AM, Richard W.M. Jones wrote:
>> On Fri, Nov 21, 2014 at 09:11:51AM +0100, Florian Weimer wrote:
>> The latter. We have to install authorized_keys inside the VM
>> anyway, so we can touch sshd_config, too.
>
> Virt-builder has a new '--ssh-inject' feature (in
> On Friday, 21 November 2014 1:24 PM, Florian Weimer wrote:
>> On 11/21/2014 08:34 AM, Jan Kratochvil wrote:
>> Almost all of my Fedora installations are test VMs where
>> any security is irrelevant.
Okay. But does enabling root login offer any significant benefit in that?
IOW, if it's disab
Hello,
Sshd(8) daemon by default allows remote users to login as root.
1. Is that really necessary?
2. Lot of users use their systems as root, without even creating a non-root
user.
Such practices need to be discouraged, not allowing remote root login
could be
useful in that.
Hello all,
See -> https://fedoraproject.org/wiki/FAD_Pune_Security_1
Date: Say, 1st Nov 2014
Venue: Red Hat Inc. Tower-10, Magarpatta City, Near Hadapsar, Pune, India.
On 1st Nov 2014, we plan to host a Fedora Activity Day(FAD) geared towards
triaging security bugs in Fedora. The day would s
Hello,
> On Sunday, 21 September 2014 9:18 PM, Stephen Gallagher wrote:
> * Salt Lake City, Utah, USA[1]
> * Colorado Springs, Colorado, USA[2]
> * Rochester, New York, USA[3]
> * Cape Cod, Massachusetts, USA[4]
>
> - -5: I would not want to attend Flock if it was held in this location.
> 0: Th
Hello Chris,
> On Wednesday, 10 September 2014 9:15 PM, Chris Murphy wrote:
> Well I have no idea what's on the screen at the time of the hang. Maybe a
> cell phone photo would be useful. Or maybe you should use the debug kernel
> which
> was one of Paul Wouters suggestions. Or you could go
Hi,
> On Wednesday, 10 September 2014 12:28 PM, poma wrote:
> dr. acut?
Can't say for sure. I added "rdshell rd.debug" parameters to the boot command
line, again it throws a long list of debug messages from -
/lib/dracut-lib.sh@xxx. Messages are about trying to setup
/etc/sysconfig/network-
Hi,
After removing 'rhgb quiet' and adding 'systemd.log_level=debug
systemd.log_target=console' it generates a huge pile of debug messages at halts
at - Switching root.
I tried booting the _same_ 3.16.0 kernel on another F20 machine, it stops at
the same spot. :(
---
Regards
-Prasad
http
Hello Daniel, Chris,
Thank you so much for sharing the links and the notes, much appreciate it.
> On Wednesday, 10 September 2014 12:23 AM, Daniel J Walsh wrote:
> > Did you try to boot with enforcing=0?
> To see if it is an SELinux issue?
Yes I tried with enforcing=0, it does not seem to
Hello,
I've been trying to boot into kernel-3.16.0 on a F19 machine. But it just stops
after saying
...
[OK] Reached target Initrd Default target
System is not hung, but there is no activity/progress either. I did search
about it, some say it's because of SELinux. But other kernels do boot
On Sunday, 7 September 2014 1:34 PM, "Pál, László" wrote:
>Yes, it was yum but I have the same for dnf. The error message is installed
>package is not available (both for kernel and headers). How much time needed
>to able to install a package after pushed to stable?
Well, once pushed to stable,
Hello Pal,
On Sunday, 7 September 2014 12:57 PM, "Pál, László" wrote:
>A few weeks ago I had to upgrade my kernel due to some nvidia related issue.
>Installed package kernel-headers-3.15.10-200.fc20.x86_64 (from updates) not
>available.
>Error: Nothing to do
What was the yum command used h
> On Wednesday, 30 April 2014 3:18 AM, Al Dunsmuir wrote:
> On my home LAN, I run my own DNSSEC-enabled server using F20 & bind 9.
> This local server also is my DHCP and Samba server. As usual, dynamic
> clients receive the LAN local domain ID and DNS server ID
> automatically.
>
> How
Hi,
> On Tuesday, 29 April 2014 10:08 PM, Andrew Lutomirski wrote:
>>> but the container itself runs in a network namespace, so it gets its own
>>> loopback device. This will mean 127.0.0.1:53 points to the container itself,
>>> not the host, so dns resolving in the container will not work.
> On Tuesday, 29 April 2014 9:29 PM, Paul Wouters wrote:
> Note that FreeBSD also picked unbound recently for the exact same task.
True! ->
http://www.freebsdnews.net/2013/09/20/freebsd-10s-new-technologies-and-features/
---
Regards
-Prasad
http://feedmug.com
--
devel mailing list
devel@li
Hi,
> On Tuesday, 29 April 2014 8:59 PM, Dan Williams wrote:
> If NetworkManager is being used, users already don't touch resolv.conf,
> they edit /etc/sysconfig/network-scripts/ifcfg-* files and use
> DNS1/DNS2/DNS3 and SEARCHES to set DNS information.
Yes, true!
> If NetworkManager is n
> On Tuesday, 29 April 2014 7:56 PM, Matthew Miller wrote:
> Can the proposal owners clarify for me how this is intended to impact the
> cloud products?
Cloud products is somewhat of a hazy area(at-least for me). It's unclear how
things operate there. Any information about how we could/should a
Hello,
On Tuesday, 29 April 2014 7:22 PM, Miloslav Trmač wrote:
>So what exactly happens on upgrade? Before the upgrade,
>most resolv.conf files will not point to 127.0.0.1.
>What will they point to after the upgrade, and if they will point to 127.0.0.1,
>which package will actually do that, a
Hi,
(sorry for the delayed response, I was away past few days)
2014-04-26 0:51 GMT+02:00 Chuck Anderson wrote:
>> Main goal is to have local DNSSEC-validating resolver.
>
>I, as the OP, did not intend that as the goal, although I have no
>problem with that as a different goal. My intent was t
Hi,
> On Tuesday, 15 April 2014 4:02 PM, Petr Spacek wrote:
> We need real data.
Please see -> https://www.piratepad.ca/p/dnssec-requisites-configurations
I've collected the major functionalities people wish to have with a default DNS
resolver along with couple of 'unbound' configurations th
Hello Petr,
> On Tuesday, 15 April 2014 4:02 PM, Petr Spacek wrote:
> Instructions for testing on Fedora 20+ are available on:
> https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver#How_To_Test
>
> Please, run dnssec-trigger and let exclamations like "It can't possibly
> work!"
Hello,
Please see:
-> http://www.ietf.org/mail-archive/web/dane/current/msg06469.html
-> https://www.ietf.org/mail-archive/web/dane/current/msg06658.html
These two threads are about handling of Authenticated Data(AD) bit by the stub
resolvers. There two proposed solutions for this problem:
> On Saturday, 12 April 2014 4:55 PM, William Brown wrote:
> This isn't how DNS works . You populate your cache from the ISP, who
> queries above them and so on up to the root server.
> http://technet.microsoft.com/en-us/library/cc961401.aspx
Hmmn. There are two ways a local resolver can b
> On Saturday, 12 April 2014 12:41 PM, William Brown wrote:
> PS: The unreliable ISP I perceive as:
> 1) They often return no query within an acceptable time period
> 2) They return invalid or incorrect zone data
> 3) They mess with TTLs or other zone data
Right.
> Consider, I get home, and ope
> On Saturday, 12 April 2014 11:11 AM, William Brown wrote:
> Say I have freshly installed my fedora system at home. I then boot it up
> and start to use it. My laptop is caching DNS results all the while from
> the "unreliable" ISP.
>
> I then go to work and suddenly things don't work.
>
> Havin
> On Saturday, 12 April 2014 10:33 AM, P J P wrote:
> >> On Saturday, 12 April 2014 2:13 AM, Paul Wouters wrote:>
>> It's rude to bypass the global DNS caching infrastructure. That would
>> significantly load people's DNS servers with more queries. There is
> On Saturday, 12 April 2014 7:38 AM, Simo Sorce wrote:
> Not true, in many networks you want it, for example in corporate
> networks. You really want to be able to resolve the local resources and
> they are only resolvable if you consult the local DNS as provided to you
> by DHCP.
True. The loc
> On Saturday, 12 April 2014 3:55 AM, Chuck Anderson wrote:
> I think there needs to be more emphasis on the /other/ benefit, the
> whole reason I brought this up this time:
Sure; I tried to cover it in the detailed description as
===
...Apart from trust, these name servers are often known to b
Hello Kevin, Paul
> On Saturday, 12 April 2014 2:16 AM, Kevin Fenzi wrote:
>> I've been running this solution on fedora for about five years now. It
>> works reasonably well, and anyone who is on this list surely has could
>> try it out. Because of lack of NM integration I would not call it
>>
> On Saturday, 12 April 2014 2:13 AM, Paul Wouters wrote:>
> It's rude to bypass the global DNS caching infrastructure. That would
> significantly load people's DNS servers with more queries. There is no
> reason not to try and use ISP's DNS caches.
You mean let local resolver forward queries t
On Saturday, 12 April 2014 1:35 AM, Miloslav Trmač wrote:
>The goal is to have DNSSEC validation in a system-wide, dedicated code,
>trusted for that purpose; i.e. unbound does DNSSEC validation for
>every application, with a centralized configuration and cache,
>so no application needs or should d
Hi,
> On Saturday, 12 April 2014 12:56 AM, Dan Williams wrote:
> We want to make sure that any local caching nameserver that we do use
> doesn't rely exclusively on file-based configuration, or if it does,
> it's able to re-read that configuration file using SIGHUP or some
> seamless reload fu
Hello Dan,
> On Saturday, 12 April 2014 12:51 AM, Dan Williams wrote:
> NM has had local caching nameserver capability built-in since Fedora 12
> or something like that. Set 'dns=dnsmasq' in the [main] section
> of /etc/NetworkManager/NetworkManager.conf and NM will spawn dnsmasq in
> a local
> On Saturday, 12 April 2014 12:40 AM, Bruno Wolff III wrote:
> It looks like your proposal is going to break things for people using
> some wifi hotspots.
Why, how?
---
Regards
-Prasad
http://feedmug.com
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/m
> On Saturday, 12 April 2014 12:28 AM, Bruno Wolff III wrote:
> I think there should be something explicitly about how this is going to
> work with captive portals that lie about dns in order to get people's
> web browsers to go to their sign in page.
Sorry, I did not get the question. Could
Hello,
> On Thursday, 10 April 2014 11:39 PM, P J P wrote:
> I plan to file a feature/change request for this one. I got caught up with
> other
> work this past week so could not do it. Will start with it right away.
Please see ->
https://fedoraproject.o
Hello Chuck,
Thank you so much for brining this up.
> On Thursday, 10 April 2014 8:12 PM, Chuck Anderson wrote:
> I think this needs to be revisited. We need an independent,
> system-wide DNS cache, and always point resolv.conf to 127.0.0.1 to
> solve this fundamental design problem with how n
> On Tuesday, 15 October 2013 12:51 PM, Jan Zelený wrote:
> Even though yum might handle the resolution a little better (and dnf probably
> will do that, feel free to check it), the ultimate culprit here is a very
> poor
> packaging and both dnf and yum have only a limited set of options what t
> On Monday, 14 October 2013 8:05 PM, Eric H. Christensen
> wrote:
> I believe he is assuming that xchat has a direct relationship with bluez
> which,
> I'm guessing here as I haven't checked, probably isn't the case.
> Because bluez affects something that xchat depends on xchat is getting th
> On Sunday, 13 October 2013 1:47 AM, Reindl Harald
> wrote:
> *bullshit* you have no clue what the result of a specific broken dependency
> would be nor have yum, dnf or even god
Well, when no-one has a clue, assuming the worst is just _one_ way of doing
things.
> says who?
> in case of b
> On Sunday, 13 October 2013 1:46 AM, Bruno Wolff III wrote:
> Your example of removing kernel is even more esoteric. Fedora wouldn't
> work at all without it.
Well, kernel one works when there are multiple kernels installed. It happens
when yum installs a new kernel update. Each kernel bri
> On Sunday, 13 October 2013 12:50 AM, Reindl Harald
> wrote:
> there is no if and but if a package has a dependency than it has one - period
Sure, it has dependency. That does not make it an _absolutely_ requirement
to have a functional system. Because the dependency relationship could be
> On Sunday, 13 October 2013 12:04 AM, Reindl Harald
> wrote:
> and your "list possible affected packages but allow me to remove" ends
> *exactly* there
No, it does not. If yum is protecting users from un-installing a package
which could render the whole system unusable or unresponsive, wha
> On Saturday, 12 October 2013 11:23 PM, Reindl Harald
> wrote:
> if you want get a feeling in waht these ends type the follwoing as root
> after you prepeared a rescue-disc because not rpm, nor yum nor even sshd
> will work any longer and you need to copy the package files by hand
> to their loc
> On Saturday, 12 October 2013 10:43 PM, Reindl Harald
> wrote:
> *why* should it be addressed in yum or DNF?
>
> if a package pulls un-needed dependencies the package has
> to be fixed and *not* worked around it - period
Yes, agreed. But that might probably involve fixing the package review
> On Saturday, 12 October 2013 10:31 PM, Samuel Sieb wrote:
> If there's a bug, then this is it. You should not be able to remove bluez
> because there are dependencies on it.
Well, remove_leaf_only=1 restricts dependency resolution to the leaf nodes
only, that is why it allows removing blu
> On Saturday, 12 October 2013 10:19 PM, Reindl Harald
> wrote:
> that's why i get that mad if packagers careless add new deps because
> they enable whatever function in a package instead split the new
> ones in additional subpackages
I see. If it is a packaging error, how does DNF plan to ad
Hello
It is an often experience that I try to remove a package(ex: bluez, kernel,
gnome-bluetooth) and yum(8) prompts me to remove nearly 200-300MB worth of
critical packages, which has no connection(ex. kernel => Xchat OR bluez =>
gedit etc.) with the package I want to remove. Recently I
Hello Adam,
- Original Message -
> From: Adam Williamson
> Subject: Re: About F19 Firewall
>
> That's ironic: just yesterday - without having yet read this discussion
> - I used the firewalld on my laptop to lock down the 'public' zone to
> allow nothing at all (not mdns or ssh), make
- Original Message -
> From: poma
> Subject: Re: About F19 Firewall
>> Ex. Say I start virt-manager, it prompts me for authentication, I enter
> password and click [Ok]. It starts libvirtd in the background, creates
> interfaces, adds firewall rules etc. etc.
> This must be a new featur
1 - 100 of 148 matches
Mail list logo
