Re: rpmautospec and mass rebuilds

complicated and easier to get > wrong. It certainly seems to me like %autochangelog without > %autorelease is a case that should be accounted for in related tooling. > -- > Adam Williamson (he/him/his) > Fedora QA > Fedora Chat: @adamwill:fed

Re: rpm-ostree/bootc uid/gid drift problem

is what bootc/ostree encourage now) > > Stated conversely, I would say it's a pretty universal problem with anything > trying to ship systems that have dynamic UIDs owning content they want to > ship in the image, which describes some Fedora RPMs today, as well as 3rd > party

Re: Inadvertent mass-rebuild triggered soname bump in libnfs

the rebuild script's logic a bit more complex (it needs to > perform several queries into Koji to figure out what the latest build's git > commit is), but I think that's worth the cause. The code ELN uses to do > this is built into ELNBuildSync[1] if anyone wants to adapt it

Re: strawman proposal: homed directories for users

On Fri, 2024-10-11 at 09:43 +0200, Lennart Poettering wrote: > On Do, 10.10.24 17:22, Simo Sorce (s...@redhat.com) wrote: > > > On Thu, 2024-10-10 at 17:29 +0200, Lennart Poettering wrote: > > > On Mi, 09.10.24 11:12, Simo Sorce (s...@redhat.com) wrote: > > > > &

Re: strawman proposal: homed directories for users

On Thu, 2024-10-10 at 17:29 +0200, Lennart Poettering wrote: > On Mi, 09.10.24 11:12, Simo Sorce (s...@redhat.com) wrote: > > > > > This was again a reference to the fact that IPA folks aren't willing > to restrict their allocations to some reasonable UID range, as >

Re: strawman proposal: homed directories for users

On Tue, 2024-10-08 at 17:57 +0200, Lennart Poettering wrote: > On Mo, 07.10.24 12:59, Simo Sorce (s...@redhat.com) wrote: > > > > The homed approach would make other things possible too. For example, > > > sharing of /home in dual-boot scenarios. Right now a manual setu

Re: strawman proposal: homed directories for users

On Tue, 2024-10-08 at 08:22 -0500, Michael Catanzaro wrote: > On Mon, Oct 7 2024 at 12:59:46 PM -04:00:00, Simo Sorce > wrote: > > Changing a default like this is not something to do lightly IMHO. > > I'm interested in systemd-homed because we currently have no other &

Re: strawman proposal: homed directories for users

files and directories that should be reserved to other users? What happen if you want to change the user to be a corporate directory provided one? Can you configure autologin for those uses cases (like kiosks or a home entertainment system) where that makes sense to do ? Is this tied to a speci

Re: 2FA policy for provenpackagers is now active

> network.negotiate-auth.delegation-uris NEVER set this, it causes your browser to give away your Kerberos TGT, something you DO NOT WANT to do, ever!. HTH, Simo. -- Simo Sorce Distinguished Engineer RHEL Crypto Team Red Hat, Inc -- ___ devel mailing

Re: Three steps we could take to make supply chain attacks a bit harder

weren't up to a couple years ago), they are cached for a period of time, so they may look stable in busy projects where you have regular downloads that keep the cache alive, but they are *regenerated* from the tag for seldom downloaded tarballs. And when that happens then hashes chan

Re: Orphaning all my packages

On Tue, 2023-10-03 at 23:13 +0200, Leon Fauster via devel wrote: > Am 03.10.23 um 21:29 schrieb Simo Sorce: > > On Tue, 2023-10-03 at 20:55 +0200, Leon Fauster via devel wrote: > > > Am 03.10.23 um 20:46 schrieb Sérgio Basto: > > > > On Tue, 2023-10-03 at 13:13

Re: Orphaning all my packages

On Tue, 2023-10-03 at 20:55 +0200, Leon Fauster via devel wrote: > Am 03.10.23 um 20:46 schrieb Sérgio Basto: > > On Tue, 2023-10-03 at 13:13 -0500, Michael Catanzaro wrote: > > > On Tue, Oct 3 2023 at 01:19:20 PM -0400, Simo Sorce > > > wrote: > > > >

Re: Orphaning all my packages

n gitlab as part of CentOS Stream. If that is not enough for you, that's fine, just do not spread false information. Thanks, Simo. -- Simo Sorce, DE @ RHEL Crypto Team, Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject

Re: Adding Passim as a Fedora 40 feature?

On Wed, 2023-08-30 at 09:11 +0100, Peter Robinson wrote: > On Mon, Aug 28, 2023 at 9:50 PM Simo Sorce wrote: > > > > On Mon, 2023-08-28 at 15:14 -0500, Chris Adams wrote: > > > Once upon a time, Richard Hughes said: > > > > On Mon, 28 Aug 2023 at 16:27, L

Re: Adding Passim as a Fedora 40 feature?

On Tue, 2023-08-29 at 20:07 +0100, Richard Hughes wrote: > On Tue, 29 Aug 2023 at 18:54, Simo Sorce wrote: > > That depends on how you are going to handle re-installs of peers in the > > network where the certificate will start mismatching ... > > In event of a mismatch I wa

Re: Adding Passim as a Fedora 40 feature?

error, and they download the whole thing. This means it is up to you to decide how many delta files to keep for how long. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an

Re: Adding Passim as a Fedora 40 feature?

On Mon, 2023-08-28 at 22:07 +0100, Richard Hughes wrote: > On Mon, 28 Aug 2023 at 21:50, Simo Sorce wrote: > > It could be improved by using TOFU, so that the window of impersonation > > is small, but requires clients to cache an association and then has > > weird failure m

Re: Adding Passim as a Fedora 40 feature?

-shared key instead of certificates for authentication, will be faster, and will give you the "fake-secure" TLS tunnel without the self-signed cert headache I think ... (not endorsing this option, just mentioning it). HTH, Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc

Re: F39 proposal: BiggerESP (Self-Contained Change proposal)

d as a "recovery" partition if you update the contents of the second partition only after successful reboot after update of the first... Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraprojec

Re: F39 proposal: BiggerESP (Self-Contained Change proposal)

On Wed, 2023-05-10 at 18:46 +0200, Lennart Poettering wrote: > On Mi, 10.05.23 11:20, Simo Sorce (s...@redhat.com) wrote: > > > It sounds reasonable for sure. > > The only concern is, given Microsoft creates at most 500MB ESP > > partitions, are we sure all UEFI systems

Re: F39 proposal: BiggerESP (Self-Contained Change proposal)

On Wed, 2023-05-10 at 12:00 -0400, Neal Gompa wrote: > On Wed, May 10, 2023 at 11:12 AM Simo Sorce wrote: > > > > On Tue, 2023-05-09 at 12:37 -0400, Neal Gompa wrote: > > > On Tue, May 9, 2023 at 12:31 PM Lennart Poettering > > > wrote: > > > > >

Re: F39 proposal: BiggerESP (Self-Contained Change proposal)

#x27;t we reduce the number of kernels by having *only* one UKI and a rescue one that can be used to restore the previous working UKI from /root if the active one fails? Or perhaps just have always 2 UKI (current, and former working). Do we actually need a separate dedicated rescue UKI? Can

Re: F39 proposal: BiggerESP (Self-Contained Change proposal)

ges and the bare minimum init image needed to unlock and mount the root partition. There is no point in building a more complex system than that and load tons of garbage drivers in the EFI. Booting is a staged system, and should be kept as simple as possible to avoid duplication (which means su

Re: It’s time to transform the Fedora devel list into something new

t; subscribed to... In theory we could make it simpler by sending back a message that requires just a click to subscribe/authorize the email by a real user, if they intend to do so, on their first email to a mailing list. We could also allow posting to other mailing lists if the email address is subscrib

Re: It’s time to transform the Fedora devel list into something new

need to discuss what is really needed. Numbers shouldn't be priority number one, unless there are other underlying issues. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To un

Re: It’s time to transform the Fedora devel list into something new

On Fri, 2023-04-21 at 14:27 -0400, Matthew Miller wrote: > On Fri, Apr 21, 2023 at 11:37:20AM -0400, Simo Sorce wrote: > > So I registered the account, added the email I want to get > > notifications at, and selected a few topics. > > > > First impressions. > >

Re: It’s time to transform the Fedora devel list into something new

ml part. *however* the images are not embedded in the email, so all that information is unavailable offline or for archival (and in my configuration requires to actively pull images as I configured my client to not pull 3rd party content automatically for privacy and security reasons).

Re: It’s time to transform the Fedora devel list into something new

time to transform the Fedora devel list into something new > === -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of C

Re: Future of encryption in Fedora

On Thu, 2023-04-06 at 12:56 -0400, Owen Taylor wrote: > On Thu, Apr 6, 2023 at 12:32 PM Simo Sorce wrote: > > > On Mon, 2023-04-03 at 16:18 -0500, Michael Catanzaro wrote: > > > On Mon, Apr 3 2023 at 01:41:48 PM -0700, Brian C. Lane > > > wrote: > > >

Re: Future of encryption in Fedora

updates. > > There is a notification bell in the right sidebar. Click it. ;) > Or we can simply ignore that discussion until it lands in devel with a change proposal. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list --

Re: Changes to Bugzilla API key requirements

n we are all dead, so while we wait for something better, we will have to use the least worst. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.

Re: TSS maintainer volunteer

ontact the current maintainer first. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedor

Re: Orphaned packages looking for new maintainers

_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue -- Simo Sorce RHEL Crypto Team Red Hat, Inc __

Re: Unannounced? lua-libs soname change

oname breakage should not happen in stable releases... liblua should be rebuilt to provide the older so name and if not possible with the new code, reverted back via epoch change or some patching -- Simo Sorce RHEL Crypto Team Red Hat, Inc

Re: static USERMODEHELPER_PATH

ied to and require handling timeouts and then handling the case a user space process was slow and ignoring late replies. Not sure this is really a good point given waiting indefinitely for a user space program that hangs for some reason seems worse to me. When I had t

Re: F38 proposal: Unified Kernel Support Phase 1 (System-Wide Change proposal)

orted likewise will use the old kernel + custom initrd, you just disable secure boot. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedor

Re: F38 proposal: Unified Kernel Support Phase 1 (System-Wide Change proposal)

chose your HW carefully you may even be able to register your own public keys, generate and sign your own built UKIs and re- enable SecureBoot after that... your choice! Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing li

Re: F38 proposal: Unified Kernel Support Phase 1 (System-Wide Change proposal)

trd when I have a pretty standard configuration that requires really no special drivers... the only issue probably being the use of LVM for the root filesystem, which I hope we'll have a way to deal with (but I can do without on the laptop). Simo. -- Simo Sorce RHEL Crypto Team Red Hat, In

Re: musings on rust packaging [was Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)]

s.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-in

Re: musings on rust packaging [was Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)]

ematic crate's new version. Multiply this by N packages using M different versions of the problematic crate. Although vendored crates can be tracked (this i much better than copy/pasting), with additional tooling, the distribution remains on the hook for solving the same problem in N p

Re: HEADS-UP: Upcoming retirement of long-term-unused packages for Rust crates

ial timing attacks. The only caveat is if the "pure rust" implementation actually embeds assembly optimization for modular arithmetic that are explicitly addressing constant time computation. I am not aware of that being the case in any rust libraries yet. Simo. -- Simo Sorce RHEL Cr

Re: FF 107.0 scratch builds - just for fun

On Sun, 2022-11-20 at 19:24 -0500, Demi Marie Obenour wrote: > On 11/20/22 17:40, Simo Sorce wrote: > > On Sun, 2022-11-20 at 17:22 -0500, Demi Marie Obenour wrote: > > > On 11/20/22 07:24, Bojan Smojver via devel wrote: > > > > Now that nss 3.85 has been built, I tho

Re: FF 107.0 scratch builds - just for fun

ed in koji, because nss was too old at the time. > > Has switching to bundled NSS been considered? For browsers anything > that holds up an update is very, *very* bad. Casually handling crypto libraries is very, *very* worse. Simo. --

Re: F38 proposal: Reproducible builds: Clamp build mtimes to $SOURCE_DATE_EPOCH (System-Wide Change proposal)

to fake > > them? > > Simply changing rpmbuild to set timestamp to 0 for all contained files, or > > removing the time attribute from the RPM format completely? > > This is what ostree has done since its inception. And it broke some software, I know because i had to fix it.

Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

either. > > If someone with known crypto-clue would send patches they would be > looked at, *I* have no prejudice about x509 because I also have no clue > about it. Ditto for Signify, which often gets brought up in these > discussions. > > And yet, that all is largel

Re: OpenSSL and ECC patents (was Re: Mesa in F37- vaapi support disabled for h264/h265/vc1)

just not a very high priority item because the hobbling works fine but we will get there, and hopefully we'll get to a point where we do not need to disable as much stuff either. But no promises right now, resources are what they are and we are not aware of actual issues caused by hobbling. Sim

Re: Inactive packagers to be removed after the F37 release

roll 2 separate keys (if Feodra Infra will allow that), but not everyone has the means to do that. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@list

Re: rpm with sequoia pgp

ight be a slightly better choice in some cases for container images because it is much smaller than OpenSSL. Finally nettle could even be statically built into sequoia (together with gmp) if we need even smaller footprint or we are concerned about potential rpm breakage during upgrades. I am

Re: F37 proposal: Deprecate openssl1.1 package (System-Wide Change)

OpenSSL 1.1 in Fedora 50. > Are you going to maintain it till Fedora 50 in the meantime? Simo. > -- > Miro Hrončok > -- > Phone: +420777974800 > IRC: mhroncok > ___ > devel mailing list -- devel@lists.fedoraproject.org >

Re: "The system is going down for suspend NOW!" broadcast messages

executes that command and then > patch it. It could be e.g. systemd/logind. Is this an upstream change? Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send

Re: F37 Change: Deprecate Legacy BIOS (System-Wide Change proposal)

On Thu, 2022-04-07 at 15:26 -0400, Neal Gompa wrote: > On Thu, Apr 7, 2022 at 3:16 PM Simo Sorce wrote: > > > > On Thu, 2022-04-07 at 16:16 +0200, Zbigniew Jędrzejewski-Szmek wrote: > > > On Thu, Apr 07, 2022 at 10:58:29AM +0200, Peter Boy wrote: > > > > &g

Re: F37 Change: Deprecate Legacy BIOS (System-Wide Change proposal)

loud providers and virtualization software > in a testable way, and then switch to UEFI as the default in as many > places as possible. Then we can talk about dropping support for BIOS, > taking into account how many users are still left with BIOS-only > hardware. FWMOIW this sounds li

Re: F37 Change: Deprecate Legacy BIOS (System-Wide Change proposal)

plore > alternative boot loader like  systemd-boot (mainly for x86-64 > architecture and useful for desktop and workstation) and  rEFi (?) to > further reduce the code burden. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -

Re: F37 Change: Deprecate Legacy BIOS (System-Wide Change proposal)

, but users > have to reboot after installing the nvidia drivers anyway, so clicking > to accept the key isn't too much of a hurdle to jump through at that > point. There is potentially an even easier solution. Ideally dkms (or whatever) could simply generate a key, sign the mo

Re: F37 Change: Support FIDO Device Onboarding (Self-Contained Change proposal)

conduct/ > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure -- Simo Sorce

Re: F37 Change: Support FIDO Device Onboarding (Self-Contained Change proposal)

ail to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fed

Re: Problem with SSL in Fedora 36

On Mon, 2022-03-14 at 16:35 +, José Abílio Matos wrote: > On Monday, 14 March 2022 11.04.56 WET Simo Sorce wrote: > > Have you tried setting crypto policies to LEGACY in case the server is > > old and supports only bad cryptography? > > > > Simo. > > How

Re: Problem with SSL in Fedora 36

es/list/devel@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send

Re: RHEL moving to issues.redhat.com only long term

On Sat, 2022-03-12 at 10:15 +0100, Florian Weimer wrote: > * Simo Sorce: > > > On Fri, 2022-03-11 at 13:52 +, Peter Robinson wrote: > > > > On Thu, Mar 10, 2022 at 9:45 AM Colin Walters > > > > wrote: > > > > > Long term if Bugzilla slo

Re: RHEL moving to issues.redhat.com only long term

the need for, IMO. And just to be clear I am both a *heavy* Jira and Bugzilla user (including writing automation for both and other stuff via bots) for work, so I think I can say I know what I am talking about. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc __

Re: RHEL moving to issues.redhat.com only long term

On Thu, 2022-03-10 at 19:28 +0100, Dominik 'Rathann' Mierzejewski wrote: > On Thursday, 10 March 2022 at 17:51, Simo Sorce wrote: > [...] > > Also I always resented that I need two separate accounts to deal with > > Fedora packages, > > It's been

Re: RHEL moving to issues.redhat.com only long term

place it means we can easily connect commits/PRs/MRs to the issues meaning our issue tracker a lot more useful, and will allow us to have better content also in our updates, where today associating an update to an issue (a bz) is not happening as well as it could. HTH, Simo. -- Simo Sorce RH

Re: Landing a larger-than-release change (distrusting SHA-1 signatures)

ect/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure

Re: F37 Change: Encourage Dropping Unused / Leaf Packages on i686 (Self-Contained Change proposal)

g the Steam flatpak you mentioned. It works well, and > I don't need 32-bit libs on my host system at all, which is nice.) Wouldn't wine problem be solved by providing the 32bit version as a flatpak if still needed for some corner cases? Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc

Re: Do we have any policy for disabling inactive users

a build over an exceedingly long period of time > (say 5 years?) as a starting point. Some may be backups for others, and do not normally create builds but collaborate to the maintenance via patches. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc __

Re: Package notes feature causing build paths to be embedded

On Thu, 2022-02-03 at 22:02 +, Luca Boccassi wrote: > > On 03. 02. 22 16:36, Simo Sorce wrote: > > > > I've just tried to build python-gssapi with notes enabled after > > krb5 was fixed > > and it builds fine. > > > > See https://src.fedoraproj

Re: Package notes feature causing build paths to be embedded

On Thu, 2022-02-03 at 16:22 +0100, Petr Pisar wrote: > V Thu, Feb 03, 2022 at 09:26:09AM -0500, Simo Sorce napsal(a): > > On Thu, 2022-02-03 at 15:15 +0100, Petr Pisar wrote: > > > V Thu, Feb 03, 2022 at 08:56:20AM -0500, Simo Sorce napsal(a): > > > > On Thu, 2022

Re: Package notes feature causing build paths to be embedded

On Thu, 2022-02-03 at 15:15 +0100, Petr Pisar wrote: > V Thu, Feb 03, 2022 at 08:56:20AM -0500, Simo Sorce napsal(a): > > On Thu, 2022-02-03 at 10:09 +0100, Florian Weimer wrote: > > > * Richard W. M. Jones: > > > > > > > Thinking about this a bit m

Re: Package notes feature causing build paths to be embedded

der. While it is nice to discuss future options, do we have a way to fix FTBFS's in rawhide _now_ ? My time is limited and I want to upgrade one of my packages and this is blocking me. Is opening a FESCO ticket the only way ? Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc

Package notes issues with python wheel building

/builddir/build/BUILD/.package_note-krb5-1.19.2-4.fc36.1.x86_64.ld: No such file or directory How do I solve this? I need to update to a new version of python-gssapi but I cvan't build it right now. Simo. -- Simo Sorce RHEL Crypto Team Red Hat

Re: F36 Change proposal: No ifcfg by default (Self-Contained Change)

ore is needed and get over the "dbus steals my knowledge" issue. Steve, what would it take for auditd to trust systemd's information? Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedorap

Re: F36 Change proposal: No ifcfg by default (Self-Contained Change)

audit daemon will not have the magic markers in the kernel side and will instead be the systemd process. This breaks the audit log chain, as there is no way to audit that systemd is operating on behalf of that user. The audit trail chain is broken by the systemcl -> systemd jump. This is

Re: F36 Change proposal: No ifcfg by default (Self-Contained Change)

On Thu, 2022-01-06 at 20:01 +, Zbigniew Jędrzejewski-Szmek wrote: > On Thu, Jan 06, 2022 at 01:17:01PM -0500, Simo Sorce wrote: > > On Thu, 2022-01-06 at 18:02 +, Zbigniew Jędrzejewski-Szmek wrote: > > > On Thu, Jan 06, 2022 at 08:48:52AM -0800, Adam Williamson wrote: &g

Re: F36 Change proposal: No ifcfg by default (Self-Contained Change)

. In this case the "who" is the user, not the script. The problem of going through systemctl is that the "who" is lost because all the audit system can see is that systemd started the action. Basically the communication between systemctl and systemd masks the identity of the u

Re: IMA signing questions

g > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.o

Re: cmake on Rawhide is broken

ttps://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https:

Re: F36 Change: Users are administrators by default in the installer GUI. (Self-Contained Change proposal)

ode of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam on the lis

Re: deltarpm usefulness?

x27;t know or care. md5 used as a checksum to only detect network transmission issues is not a problem, and is not under the purview of the FIPS certification. As mentioned above the actual packages are still finally reassembled and the signature checked, so that is what matters in terms of security (

Re: openswan/libreswan VPNs and NetworkManager

n, it's just the NM treat all of these implementation the same and handles them all with a single plugin. It's be nice if NM renamed it's plugin to something that just uses the name IPsec, it would avoid a lot of confusion. HTH, Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc __

Re: F36 Change: Drop NIS(+) support from PAM (System-Wide Change proposal)

is indefensible, don't go there. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fed

Re: crypto-policies and a certain usage of SHA-1

or years after they are transmitted, including credentials. A weak session key will allow store and later decryption of communications, therefore retrieval of sensitive data. HTH, Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailin

Re: Boot menu always displayed again?

: > V Wed, Sep 08, 2021 at 09:01:42AM -0400, Simo Sorce napsal(a): > > If I try to do this I get an error: > > # grub2-editenv - set menu_auto_hide=1 > > grub2-editenv: error: environment block too small. > > > > What the issue here ? > > Perhaps /boot/grub2/gr

Re: Donate 1 minute of your time to test upgrades from F34 to F35

nstalled package perl-Mozilla-LDAP-1.5.3- 35.fc33.x86_64 - package perl-libs-4:5.32.1-471.module_f35+12589+8a7d3254.x86_64 is filtered out by modular filtering - package perl-libs-4:5.32.1-471.module_f35+12574+98410e7f.x86_64 is filtered out by modular filtering (try to add '--skip-broken

Re: Boot menu always displayed again?

On Wed, 2021-09-08 at 15:23 +0200, Petr Pisar wrote: > V Wed, Sep 08, 2021 at 09:01:42AM -0400, Simo Sorce napsal(a): > > If I try to do this I get an error: > > # grub2-editenv - set menu_auto_hide=1 > > grub2-editenv: error: environment block too small. > &g

Re: Boot menu always displayed again?

___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelin

Re: Is OpenSSL 3.0 still planned for Fedora 35?

On Tue, 2021-08-03 at 07:52 -0400, Neal Gompa wrote: > On Tue, Aug 3, 2021 at 7:10 AM Simo Sorce wrote: > > > > On Tue, 2021-08-03 at 06:50 -0400, Neal Gompa wrote: > > > On Tue, Aug 3, 2021 at 5:59 AM Simo Sorce wrote: > > > > > > > > On

Re: Is OpenSSL 3.0 still planned for Fedora 35?

On Tue, 2021-08-03 at 06:50 -0400, Neal Gompa wrote: > On Tue, Aug 3, 2021 at 5:59 AM Simo Sorce wrote: > > > > On Mon, 2021-08-02 at 17:43 -0400, Neal Gompa wrote: > > > On Mon, Aug 2, 2021 at 5:39 PM Stephen Gallagher > > > wrote: > > > > >

Re: Is OpenSSL 3.0 still planned for Fedora 35?

On Mon, 2021-08-02 at 17:43 -0400, Neal Gompa wrote: > On Mon, Aug 2, 2021 at 5:39 PM Stephen Gallagher wrote: > > > > On Mon, Aug 2, 2021 at 11:11 AM Simo Sorce wrote: > > > > > > I think at this stage it may be safer to defer to F36, and land OpenSSL >

Re: Is OpenSSL 3.0 still planned for Fedora 35?

uidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure -- Simo Sorce RHEL Crypto Team Red Hat

Re: F35 Change: Remove SHA-1 from Sqlite (Self-Contained Change proposal)

On Wed, 2021-07-14 at 14:13 -0400, Paul Wouters wrote: > On Mon, 12 Jul 2021, Simo Sorce wrote: > > > > SQLite is a general-purpose tool. Not every use of SHA-1 is > > > cryptographically relevant. Most uses in the context of SQLite probably > > > aren't, s

Re: Undetected ABI change in libkcapi (rawhide)

On Mon, 2021-07-12 at 16:53 +0200, Ondrej Mosnacek wrote: > On Mon, Jul 12, 2021 at 4:32 PM Simo Sorce wrote: > > > > Hello, > > I just rebased libkcapi in Rawhide, without realizing there was an ABI > > change. > > The ABI change should affect only S390 but I

Undetected ABI change in libkcapi (rawhide)

ologies if any build will have issues between today and when I will be able to handle it, if you have any concerns please let me know. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscri

Re: F35 Change: Remove SHA-1 from Sqlite (Self-Contained Change proposal)

hat this is a Sqlite decision, from RHEL engineering we only requested the removal in digital signatures and where integrity protection is required for security. Also note that we do not require full removal, just that SHA-1 is not used unless users intentionally

Re: OpenLDAP 2.5 - Fedora Release - Help Needed

raproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/

Re: Can't login with kinit using 2FA

an admin to fix the FAS account if really needed. OTP cannot be reversed by users themselves, but admins can fix it if really needed. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscr

Re: F35 Change proposal: Smaller Container Base Image (remove sssd-client, util-linux, shadow-utils) (Self-Contained Change)

nking like flatpak, and > the overlayfs is dynamic instead of static. Having a couple of user containers using podman now occupying a lot of space in my user home, I would appreciate this option. It would be *especially* nice if it were possible to *rebase* (a la git) such containers to a later

Re: F35 Change: Drop the the "Allow SSH root login with password" option from the installer GUI (Self-Contained Change proposal)

yota, as uses can still log in after install and re-enable root login with passwords, or use a kickstart file to do the same. If this is being done because maintaining the option for Anaconda developers then just say that. Otherwise do not do this change and let people that need it for convenience

Re: Intention to dropping the the "Allow SSH root login with password" option from the installer GUI

> ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/

Re: Kdump with full-disk LUKS encryption

On Mon, 2021-04-19 at 18:24 +0100, Daniel P. Berrangé wrote: > On Mon, Apr 19, 2021 at 01:12:07PM -0400, Simo Sorce wrote: > > On Mon, 2021-04-19 at 12:02 +0100, Richard W.M. Jones wrote: > > > On Mon, Apr 19, 2021 at 06:00:38PM +0800, Kairui Song wrote: > > > > 2. L

Re: Kdump with full-disk LUKS encryption

tfs where Argon2 > used too much memory for our small appliance when opening LUKS2 disks. > We had to simply increase the amount of memory reserved, which is far > from ideal. Or you could switch to use PBKDF2, it is still a supported and reasonable opti

  1   2   3   4   5   6   7   8   >