On Thu, Apr 04, 2024 at 10:41:19PM +0200, Fabio Valentini wrote:
> If you really don't mind jumping through multiple hoops just because
> you want to use "fedpkg local" instead of "fedpkg mockbuild", then I
> guess I can't stop you.
>
> All I *can* do is tell you that you're not going to like the
t can be run by others
to check that the included binary is legit.
Call it "Reproducible Tests" to go along with reproducible builds.
Cryptography has the same concept now, learning from the Dual EC DBRG
backdoor: https://en.wikipedia.org/wiki/Nothing-up-my-sleeve_number
So "nothing-up
On Mon, Apr 01, 2024 at 09:06:16AM +0900, Dominique Martinet wrote:
> Scott Schmit wrote on Sun, Mar 31, 2024 at 05:02:44PM -0400:
> > Deleting the tests makes no sense to me either, but it seems like a
> > mechanism that ensures the test code can't change the build outputs (o
On Sun, Mar 31, 2024 at 04:09:36PM -0400, Ben Beasley wrote:
> On 3/31/24 2:12 PM, Kevin Kofler via devel wrote:
> > But the fact is:
> >
> > What WOULD have stopped this attack: (one or more of:)
> > * Deleting ALL unit tests in %prep (and then of course not trying to run
> > them later).
> While
$ touch file
$ lsattr -v file
628580 file
## ^ no change...
## data change:
$ echo test > file
$ lsattr -v file
628580 file
## ^ still no change
$ rm file
$ touch file
$ lsattr -v file
628582 file
## ^ now different
--
Sco
On Fri, Jul 03, 2020 at 10:37:43AM -0600, Chris Murphy wrote:
> On Thu, Jul 2, 2020 at 10:29 PM Scott Schmit wrote:
> >
> > On Sun, Jun 28, 2020 at 03:40:11PM -0600, Chris Murphy wrote:
> > > Databases and VM images are things btrfs is bad at out of the box.
> >
On Sun, Jun 28, 2020 at 03:40:11PM -0600, Chris Murphy wrote:
> Databases and VM images are things btrfs is bad at out of the box.
> Most of this has to do with fsync dependency of other file systems.
> Btrfs is equipped to deal with an fsync heavy world out of the box,
> using treelog enabled by d
On Mon, Nov 04, 2019 at 03:14:34PM +0100, Dario Lesca wrote:
> Il giorno lun, 04/11/2019 alle 08.38 -0500, Neal Gompa ha scritto:
> > What defines it as experimental?
>
> https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC
> > Using MIT Kerberos is still considered experi
On Wed, Jan 16, 2019 at 12:05:46PM +0100, Björn 'besser82' Esser wrote:
> Am Dienstag, den 15.01.2019, 23:16 -0500 schrieb Scott Schmit:
> > On Wed, Jan 02, 2019 at 04:14:59PM -0500, Ben Cotton wrote:
> > > == Documentation ==
> > > The version of the libxcryp
ecurity of the user's sensitive
data silently." Especially since it appears that this will the wording
that goes into the release notes.
> == Release Notes ==
> See the paragraph about documentation above.
See objections above.
--
Scott Schmit
smime.p7s
De
On Fri, Jun 16, 2017 at 03:35:46PM +0200, Igor Gnatenko wrote:
> > > > What does "Recommends" do on upgrade?
> > > >
> > > > In other words if Recommends was used and a new perl version had
> > > > new modules in
> > > > the core package would an upgrade of perl pull them in as you
> > > > would e
On Mon, Feb 06, 2017 at 11:15:59AM +0100, Ondrej Kozina wrote:
> On 02/03/2017 05:42 PM, Nathanael D. Noblet wrote:
> >
> > Also what are the risks of enabling this?
>
> There's nice overview for it:
> http://asalor.blogspot.cz/2011/08/trim-dm-crypt-problems.html
>
> In short (beside other facts
On Sat, Dec 17, 2016 at 01:07:52PM -0500, Scott Schmit wrote:
> On Sat, Dec 17, 2016 at 06:05:49PM +0100, Nicolas Chauvet wrote:
> > Maybe we need to rename FUTURE by QUITE_SOON instead, because the
> > error you have pointed is about sha-1 been deprecated:
> >
> > Acc
On Sat, Dec 17, 2016 at 06:05:49PM +0100, Nicolas Chauvet wrote:
> Maybe we need to rename FUTURE by QUITE_SOON instead, because the
> error you have pointed is about sha-1 been deprecated:
>
> According to this blog, chrome will remove support for sha-1
> certificates on 1 January 2017 (it's an o
On Tue, Dec 13, 2016 at 05:54:54PM +0100, Florian Weimer wrote:
> On 12/13/2016 12:17 PM, Lennart Poettering wrote:
> > On Mon, 12.12.16 21:22, Paul Wouters (p...@nohats.ca) wrote:
> > > For us (libreswan) it probably makes less sense to restrict address
> > > family in the daemon. Our daemon just
On Fri, Dec 09, 2016 at 11:29:29AM -0500, Stephen John Smoogen wrote:
> Ah thanks. I have fixed the title and added a reverse stacked graph
>
> https://smooge.fedorapeople.org/fedora-all-stacked-ma.png
What happened in late 2014?
smime.p7s
Description: S/MIME cryptographic signature
___
On Sat, Nov 12, 2016 at 03:33:10PM +1030, Glen Turner wrote:
> > RFC 2606[1] reserves several TLDs that may never be registered for
> > public usage. Out of those, going with
> > Fedora-.localhost
> > seems like the best bet.
>
> The *reason* localhost is a reserved name is to discourage
On Sun, Apr 24, 2016 at 01:15:15AM +0200, Lars Seipel wrote:
> On Sat, Apr 23, 2016 at 02:57:55PM +0200, Kevin Kofler wrote:
> > Matthew Garrett wrote:
> > > Remote attestation is a mechanism by which […]
> >
> > How does the remote machine know that what is answering is a physical TPM
> > and no
On Fri, Jan 22, 2016 at 09:42:11AM +0100, Jan Kurik wrote:
> = Proposed Self Contained Change: Ping IPv6 =
> https://fedoraproject.org/wiki/Changes/PingIpv6#Ping_IPv6
>
> Change owner(s):
> * Jan Synacek, Nikos Mavrogiannopoulos
>
> ping should be able to work with IPv6 and IPv4 addresses, elimi
ur
> zones. I think that's a completely fair requirement to make, and if
> you did sign your domains then this should really mean "don't allow
> anything below my domain except what I define here or delegated".
Why would you say that? Split horizon with DNSS
domain is not secured and the spoofing will still work as
long as the local name server uses the name server provided by the
router for its answers. I think this is the default as long as the
router supports recursive resolution, EDNS0, and doesn't corrupt
RRSIG/NSEC/... records.
--
Scott S
On Fri, Dec 04, 2015 at 02:54:44PM -0500, James Antill wrote:
> On Fri, 2015-12-04 at 15:55 +0100, David Tardon wrote:
> > On Thu, Dec 03, 2015 at 04:13:56PM -0500, James Antill wrote:
> > > That helps, but then what? The user understands (s)he now has to find
> > > out how to fix it, and they hav
On Wed, Nov 11, 2015 at 01:54:32PM -0500, Adam Jackson wrote:
> ===
> #fedora-meeting: FESCO (2015-11-11)
> ===
The meeting summary isn't showing the resolutions from the meetings
properly. Reading the summary...
> Meeting summary
>
On Tue, Nov 03, 2015 at 01:12:09PM -0500, Pavel Simerda wrote:
> You can of course have combinations. We can add that once we have
> specific test cases that would show importance of a standalone category
> for such a setup. Otherwise one would usually view IPv6 global and IPv6
> local communicatio
On Tue, Nov 03, 2015 at 09:50:53AM -0800, Moez Roy wrote:
> The IPv6 updates are breaking stuff (and probably increasing the
> attack surface):
>
> Bug 1231946 - unbound-anchor ignores net.ipv6.conf.all.disable_ipv6=1
> in /etc/sysctl.conf
> https://bugzilla.redhat.com/show_bug.cgi?id=1231946
>
>
On Thu, Oct 29, 2015 at 11:15:10AM -0400, Pavel Simerda wrote:
> I am writing to Fedora development mailing lists to get opinions
> and ideas regarding our project on improving IPv6 support in
> Fedora across its components.
>
> https://fedoraproject.org/wiki/QA/Networking
>
> Most prominent subp
On Mon, Sep 14, 2015 at 09:09:47PM +0200, Reindl Harald wrote:
> Am 14.09.2015 um 21:04 schrieb Adam Williamson:
> >But just two posts ago you were drawing a distinction between an 'OS'
> >and a 'distribution' and saying that Fedora ought to be a distribution
> >not an OS.
> >
> >So basically you'r
andling DHCPv6-PD (a strong non-laptop use
case for NM if I ever saw one), I was told that router configurations
were out of scope for NM (at least, at that point in time).
Has that changed? (Or maybe I'm misremembering some nuance...)
--
Scott Schmit
smime.p7s
Description: S/MIME cryptog
k you.
>
> We can install machine w/o user accounts, removing the ability to log
> in as root via ssh means those machines will not be accessible.
>
> If you want to remove root access that should be conditionally done at
> firstboot only if a user account was created.
It seem
collected 745 messages of discussion, mention in
automated emails, etc. And this was all before it ever went into a
release as the default init system. And I'm only counting messages on
fedora-devel.
--
Scott Schmit
smime.p7s
Description: S/MIME cryptographic signature
--
devel mailing list
d
users from ever getting the default shell due to the
configuration of authorized_keys. However, it doesn't need/want a
password allowing standard login (though the admin will do "su -
gitolite" from root for initial setup or version migration).
See http://gitolite.com/gitolite/how.html fo
On Sun, Jan 19, 2014 at 12:23:42PM -0500, Scott Schmit wrote:
> On Sat, Jan 18, 2014 at 11:47:37PM -0500, Rahul Sundaram wrote:
> > On Sat, Jan 18, 2014 at 8:20 PM, Andre Robatino wrote:
> > > I replaced the typo scriplet -> scriptlet in several places in that page,
> >
On Sat, Jan 18, 2014 at 11:47:37PM -0500, Rahul Sundaram wrote:
> On Sat, Jan 18, 2014 at 8:20 PM, Andre Robatino wrote:
> > I replaced the typo scriplet -> scriptlet in several places in that page,
> > including the anchor link. Don't know if that breaks any existing links.
>
> Thanks. I just se
ory. I remember doing this at school when I was using lab
machines.
What's the issue here?
--
Scott Schmit
smime.p7s
Description: S/MIME cryptographic signature
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
yes, the device name
will change, and it will matter.
The analogy I heard that defends this behavior is to think of the USB
network device as a mere converter between USB and the network -- you
wouldn't expect to be able to plug a network cable into an arbitrary
slot, would you?
--
Scott Schm
On Mon, Feb 04, 2013 at 03:03:08PM +0100, Kay Sievers wrote:
> On Thu, Jan 31, 2013 at 2:45 PM, Scott Schmit wrote:
> > Current:
> > em1 -> enp2s0
>
> That is expected, and actually the right thing to do. Udev cannot
> apply such "it looks like it is embedded&
> allows to easily create complex firewall rules without the knowledge
> of iptables syntax.
Where is this language documented, or is it still to be designed?
--
Scott Schmit
smime.p7s
Description: S/MIME cryptographic signature
--
devel mailing list
devel@lists.fedoraproject.org
https:/
eature entirely).
Or is anaconda dropping shrink/resize support for good?
--
Scott Schmit
smime.p7s
Description: S/MIME cryptographic signature
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
dora 17, dhcp4 broke & I had to set up my
network interface manually until I could get the appropriate packages
updated -- knowing which was my wired interface was really helpful then!
(And yes, upgrades don't rename anything. Imagine it was a 19 -> 20
upgrade with the same problem.)
--
Scott Schmit
smime.p7s
Description: S/MIME cryptographic signature
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
't
be going that route?
--
Scott Schmit
smime.p7s
Description: S/MIME cryptographic signature
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
can be deselected in a kickstart
config without needing to rpm -e it in %post.
--
Scott Schmit
smime.p7s
Description: S/MIME cryptographic signature
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
ed to be, and pushed it out a
release when it was recognized that it would be too disruptive for F14.
On the other hand, New Installer UI seems to have slipped through the
cracks.
Just an idea...
--
Scott Schmit
smime.p7s
Description: S/MIME cryptographic signature
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
; This optimizes the migration path at the cost of making the final
> state ugly; I'm not sure that is a good bargain.
Once F20 rolls out and F17 goes EOL, maintainers can simply
s/systemd_post_enable/systemd_post/ and then things won't be so ugly (or
final).
--
Scott Schmit
sm
metimes those "examples" are so
complete that they're usable as is (scripts, xslt files, etc).
--
Scott Schmit
smime.p7s
Description: S/MIME cryptographic signature
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
macros for pre-F18 that are no-ops
F18+ and make the F18+ macros no-ops pre-F18. Then have packagers put
both in (or maintain two versions of the spec file).
It's kind of ugly, but it sounds like it's that or wait until F20 before
maintainers start picking up the new macros (unless the
rial console installations, and
> can configure a bootloader password.
>
> See pyanaconda/bootloader.py , around line 1730 (that's in the f17
> branch) - write_defaults(self) .
Is there some reason this can't be refactored into a standalone
executable that is included in one of the g
not reasonable unless you have 100% control over
everything that runs on your system (and take full responsibilty for
controlling it) and likewise for anyone else using the software. Even
then, the time would be better spent changing your software to use the
interface correctly (or use a more appropriate one) so you never have
problems.
--
Scott Schmit
smime.p7s
Description: S/MIME cryptographic signature
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
So the main gain
> will be the people will learn how is the globbing in bash and in the
> whole environment working.
So ls *.foo should list the entire directory if no files match *.foo?
It's a bad habit for me to expect ls *.foo to return nothing in this
case? You're going to need t
ed this on in my yum.conf and this is the first upgrade where yum
offered to remove packages. You'll want to be careful how packages are
specified during the install: the latest upgrade of dracut no longer
requires plymouth. Since nothing else does, yum was offering to
uninstall it for m
thinking (or, will have me thinking about it when I have cycles to
spare) whether I did this well enough, but the premise is sound.
--
Scott Schmit
smime.p7s
Description: S/MIME cryptographic signature
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/
igh bar. "Computer-friendly" is defined as a user that can
download our distribution and install it, as long as we can give *clear
instructions* on how to do so, without requiring them to troubleshoot
problems or figure out how secure boot works.
Right now, we're missing the "
know enough about the interface between the secure
boot firmware and OS to know if the OS can even tell what trusted keys
are available. I know that the OS can't update the trusted key set
itself -- that must be done by the user via the firmware directly.
The OS can update the blacklists
On Fri, Feb 10, 2012 at 11:58:32AM +0100, Miloslav Trmač wrote:
> The feature process is currently being revised, and at least some of
> these issues have been brought up at
> https://fedoraproject.org/wiki/Fixing_features . What would be
> especially useful is to find ways to improve the feature
e a major customer demo or other Big
Important Time-Sensitive Event, and the thing(s) you need to make it
happen break--not because of bugs, but because unwanted "features" like
configuration file changes, ABI changes, etc made your stuff stop
working until you stop everything and fix whateve
aemon man
page", "man daemon section 7", etc turns up nothing.
There is a man page for daemon(3), but it doesn't look like the man page
you seem to be citing.
Thanks!
--
Scott Schmit
smime.p7s
Description: S/MIME cryptographic signature
--
devel mailing list
devel@lists.f
ruby/gems/1.8/doc/pg-0.11.0/ri/PGconn/internal_encoding%253d-i.yaml
^
This is because the % character is reserved. Had the file name been
"internal_encoding=.yaml", the URL would have been:
file:///usr/lib/ruby/
NOME3 (albeit in Javascript instead of C). That's
tantamount to saying "if you don't like it, you can always fork the
code!" It also ignores that not all users are developers or that not all
those who are want to rewrite/modify GNOME3.
--
Scott Schmit
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
update (hangs with no oops recorded to the
log, for example). Thankfully, that's rare, but I'd argue that it's
*because of* that conservatism, not in spite of it.
--
Scott Schmit
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
On Thu, Jul 22, 2010 at 12:36:34PM +1000, Dave Airlie wrote:
> On Thu, 2010-07-22 at 04:25 +0200, Lennart Poettering wrote:
> > i.e. the "enable"/"disable" commands makes some changes for the next
> > time they are looked at, and then adding --realize on top makes those
> > changes take effect imme
59 matches
Mail list logo
