On 30 November 2016 at 23:19, Ahmad Samir wrote:
> On 29 November 2016 at 16:24, Richard W.M. Jones wrote:
>> On Wed, Nov 23, 2016 at 09:39:03AM +0100, Florian Weimer wrote:
>>> On 11/23/2016 02:15 AM, Sérgio Basto wrote:
>>> >On Ter, 2016-11-22 at 18:57 -0600, Michael Catanzaro wrote:
>>> >>Hi,
On 29 November 2016 at 16:24, Richard W.M. Jones wrote:
> On Wed, Nov 23, 2016 at 09:39:03AM +0100, Florian Weimer wrote:
>> On 11/23/2016 02:15 AM, Sérgio Basto wrote:
>> >On Ter, 2016-11-22 at 18:57 -0600, Michael Catanzaro wrote:
>> >>Hi,
>> >>
>> >>Is anybody working on fixing [1]?
>> >>
>> >>
On 29 November 2016 at 13:26, Michael Catanzaro wrote:
> On Wed, 2016-11-23 at 01:15 +, Sérgio Basto wrote:
>> for gstreamer
>> https://bugzilla.redhat.com/show_bug.cgi?id=1395128
>> https://bugzilla.redhat.com/show_bug.cgi?id=1395768
>> https://bugzilla.redhat.com/show_bug.cgi?id=1397064
>>
>
On Wed, 2016-11-23 at 01:15 +, Sérgio Basto wrote:
> for gstreamer
> https://bugzilla.redhat.com/show_bug.cgi?id=1395128
> https://bugzilla.redhat.com/show_bug.cgi?id=1395768
> https://bugzilla.redhat.com/show_bug.cgi?id=1397064
>
> for gstreamer1
> https://bugzilla.redhat.com/show_bug.cgi?i
On Ter, 2016-11-29 at 14:24 +, Richard W.M. Jones wrote:
> On Wed, Nov 23, 2016 at 09:39:03AM +0100, Florian Weimer wrote:
> >
> > On 11/23/2016 02:15 AM, Sérgio Basto wrote:
> > >
> > > On Ter, 2016-11-22 at 18:57 -0600, Michael Catanzaro wrote:
> > > >
> > > > Hi,
> > > >
> > > > Is anybo
On Wed, Nov 23, 2016 at 09:39:03AM +0100, Florian Weimer wrote:
> On 11/23/2016 02:15 AM, Sérgio Basto wrote:
> >On Ter, 2016-11-22 at 18:57 -0600, Michael Catanzaro wrote:
> >>Hi,
> >>
> >>Is anybody working on fixing [1]?
> >>
> >>The exploit is a little impractical in that it only works if you h
On Fri, 2016-11-25 at 01:46 +0100, Lars Seipel wrote:
> What does that mean, exactly? Does it pass the downloaded file to
> xdg-open or equivalent?
"or equivalent" -- it uses Gio and not xdg-open
> Just because you clicked on a link on some
> website, no matter the file type and association invo
> On Thu, Nov 24, 2016 at 11:02:19AM -, Carlos Garnacho wrote:
>
> It doesn't seem to be -- I see Screen Lock, Location Services, Usage &
> History, Purge Trash, and Problem Reporting. I have to to install
> tracker-preferences to get a GUI for these settings, as far as I can
> see.
Oh, I sai
Michael Stahl wrote:
> looks like both core Gnome apps and Qt5/KDE have apparently managed to
> grow dependencies on the toxic codecs.
The thing is, they both need only one or two of the offending codecs (not
necessarily the same ones). In the Plasma case, the dependency is kwin →
qt5-qtmultimed
Florian Weimer wrote:
> What about the larger picture? Can tracker be made optional again for
> the GNOME desktop?
Tracker is just a red herring. GStreamer flaws can be exploited directly in
any browser that actually uses GStreamer, e.g., all the WebKit (WebKitGtk,
QtWebKit, but not Blink/Chrom
On Thu, Nov 24, 2016 at 09:03:24AM -0600, Michael Catanzaro wrote:
> On Thu, 2016-11-24 at 10:02 +, Carlos Garnacho wrote:
> > Tracker-extract is not as exposed as Firefox, because the file needs
> > being in the local filesystem for starters. The web world is well
> > known for figuratively th
On Thu, Nov 24, 2016 at 07:05:38PM +0100, Mathieu Bridon wrote:
> > > XDG folders recursively, $HOME non-recursively. This is all
> > > configurable in the privacy pane in the control-center fwiw.
> > It doesn't seem to be -- I see Screen Lock, Location Services, Usage
> > & History, Purge Trash, a
On Thu, 2016-11-24 at 12:09 -0500, Matthew Miller wrote:
> On Thu, Nov 24, 2016 at 11:02:19AM -, Carlos Garnacho wrote:
> > > Question which directories does tracker actually scan / monitor
> > > by default ?
> >
> > XDG folders recursively, $HOME non-recursively. This is all
> > configurable
On Thu, Nov 24, 2016 at 11:02:19AM -, Carlos Garnacho wrote:
> > Question which directories does tracker actually scan / monitor by
> > default ?
> XDG folders recursively, $HOME non-recursively. This is all
> configurable in the privacy pane in the control-center fwiw.
It doesn't seem to be -
- Original Message -
> On 23 November 2016 at 14:03, Chris Murphy wrote:
> > On Wed, Nov 23, 2016 at 10:36 AM, Adam Williamson
> > wrote:
> >> On Wed, 2016-11-23 at 10:33 -0800, Andrew Lutomirski wrote:
> >>> On Nov 23, 2016 10:12 AM, "Michael Catanzaro"
> >>> wrote:
> >>> >
> >>> > On
On Nov 24, 2016 2:03 AM, "Carlos Garnacho" wrote:
>
> Hi,
>
> > On Wed, Nov 23, 2016 at 5:03 PM, Carlos Garnacho >
> > I'm objecting to whatever piece of software opens thoroughly untrusted
> > files out of ~/Downloads and parses them. If that's not "Tracker",
> > then I apologize.
> >
> >
> > F
On Thu, 2016-11-24 at 10:02 +, Carlos Garnacho wrote:
> Tracker-extract is not as exposed as Firefox, because the file needs
> being in the local filesystem for starters. The web world is well
> known for figuratively throwing 3rd party media content to your face,
> even in otherwise trusted we
On 11/24/2016 11:27 AM, Carlos Garnacho wrote:
On 11/23/2016 10:15 PM, carlosg(a)gnome.org wrote:
What about the impact on kernel caches? The additional activity will
evict things which would otherwise be used by foreground processes.
Tracker processes call sched_setscheduler/ioprio/nice to
Hi,
> Hi,
>
> On 23-11-16 22:15, carlosg(a)gnome.org wrote:
>
> The problem we've at the moment is basically that we perform
> pretty poorly on resource constrained devices, part of that
> is a shitload of running services (on a 512MB device I need
> to disable gdm and use startx because running
> On 11/23/2016 10:15 PM, carlosg(a)gnome.org wrote:
>
>
> What about the impact on kernel caches? The additional activity will
> evict things which would otherwise be used by foreground processes.
Tracker processes call sched_setscheduler/ioprio/nice to lower their priorities
to a minimum, t
Hi,
> On Wed, Nov 23, 2016 at 5:03 PM, Carlos Garnacho wrote:
>
> I'm objecting to whatever piece of software opens thoroughly untrusted
> files out of ~/Downloads and parses them. If that's not "Tracker",
> then I apologize.
>
>
> Firefox is a big piece of code that loads untrusted stuff. I
Hi,
On 23-11-16 22:15, carl...@gnome.org wrote:
Hi Hans,
(Talking with my Tracker maintainer hat)
Hi,
On 23-11-16 15:36, Michael Catanzaro wrote:
I don't think that is entirely true. I've recently been trying
to get gnome3 to run on under-powered machines like cheap ARM
tablets, and I can d
On 11/23/2016 10:15 PM, carl...@gnome.org wrote:
But memory, I beg to differ :). Running on massif a from-scratch indexing of
this laptop's homedir, tracker-store peaks at 16MB and runs under half of that
for 67/69 snapshots. tracker-miner-fs peaks at 13MB and sits on half of that
afterwards.
On Wed, Nov 23, 2016 at 5:03 PM, Carlos Garnacho wrote:
> There is nothing specific in Tracker *design* about opening files, at all.
> Tracker is a semantic database with a focus on local access/content, period.
> Your gripe happens to be against a certain implementation of these "miners"
> pop
> On Nov 23, 2016 2:21 PM, wrote:
> the
> tracker-extract may
> be expected to open() potentially untrusted files,
> tracker-miner-fs merely opens private tracker files, and all basic
> filesystem data extraction is performed through the
> opendir/stat/inotify_add_watch syscalls, what is exactly i
On Wed, Nov 23, 2016 at 2:58 PM, Andrew Lutomirski wrote:
>
>>
>> >
>> > I would go even farther and argue that Fedora should not, by default,
>> > ever
>> > enable a miner that isn't running in *strict* seccomp mode. If that
>> > means
>> > that cat pictures aren't identified as such, so be it.
On Nov 23, 2016 2:21 PM, wrote:
>
> Hi,
>
> > On Nov 23, 2016 8:11 AM, "Stephen John Smoogen" > wrote:
> >
> > Can we leave tracker enabled but disable literally every miner? AFAIK
the
>
> That is literally, overreacting. Of all tracker processes, only
tracker-extract may be expected to open() p
Hi,
>
> This seems like it would be a fantastic use of the infrastructure behind
> xdg-app.
Fwiw, better flatpak integration was already on the top of the goal list for
Tracker. Ideally ready for 1.12 if time allows.
Cheers,
Carlos
___
devel mailing
Hi,
> On Nov 23, 2016 8:11 AM, "Stephen John Smoogen" wrote:
>
> Can we leave tracker enabled but disable literally every miner? AFAIK the
That is literally, overreacting. Of all tracker processes, only tracker-extract
may be expected to open() potentially untrusted files, tracker-miner-fs me
Hi Hans,
(Talking with my Tracker maintainer hat)
> Hi,
>
> On 23-11-16 15:36, Michael Catanzaro wrote:
>
> I don't think that is entirely true. I've recently been trying
> to get gnome3 to run on under-powered machines like cheap ARM
> tablets, and I can do "dnf remove tracker" more or less ju
On 23 November 2016 at 14:03, Chris Murphy wrote:
> On Wed, Nov 23, 2016 at 10:36 AM, Adam Williamson
> wrote:
>> On Wed, 2016-11-23 at 10:33 -0800, Andrew Lutomirski wrote:
>>> On Nov 23, 2016 10:12 AM, "Michael Catanzaro" wrote:
>>> >
>>> > On Wed, 2016-11-23 at 16:36 +0100, Hans de Goede wrot
On Wed, Nov 23, 2016 at 10:36 AM, Adam Williamson
wrote:
> On Wed, 2016-11-23 at 10:33 -0800, Andrew Lutomirski wrote:
>> On Nov 23, 2016 10:12 AM, "Michael Catanzaro" wrote:
>> >
>> > On Wed, 2016-11-23 at 16:36 +0100, Hans de Goede wrote:
>> > > I don't think that is entirely true. I've recentl
On Wed, 2016-11-23 at 10:33 -0800, Andrew Lutomirski wrote:
> On Nov 23, 2016 10:12 AM, "Michael Catanzaro" wrote:
> >
> > On Wed, 2016-11-23 at 16:36 +0100, Hans de Goede wrote:
> > > I don't think that is entirely true. I've recently been trying
> > > to get gnome3 to run on under-powered machi
On Nov 23, 2016 10:12 AM, "Michael Catanzaro" wrote:
>
> On Wed, 2016-11-23 at 16:36 +0100, Hans de Goede wrote:
> > I don't think that is entirely true. I've recently been trying
> > to get gnome3 to run on under-powered machines like cheap ARM
> > tablets, and I can do "dnf remove tracker" more
On Wed, 2016-11-23 at 16:36 +0100, Hans de Goede wrote:
> I don't think that is entirely true. I've recently been trying
> to get gnome3 to run on under-powered machines like cheap ARM
> tablets, and I can do "dnf remove tracker" more or less just
> fine, I loose totem due to some weird dependency
On Nov 23, 2016 8:11 AM, "Stephen John Smoogen" wrote:
>
> On 23 November 2016 at 09:36, Michael Catanzaro
wrote:
> > On Wed, 2016-11-23 at 09:39 +0100, Florian Weimer wrote:
> >>
> >> What about the larger picture? Can tracker be made optional again
> >> for
> >> the GNOME desktop?
> >>
> >> Th
On 23 November 2016 at 09:36, Michael Catanzaro wrote:
> On Wed, 2016-11-23 at 09:39 +0100, Florian Weimer wrote:
>>
>> What about the larger picture? Can tracker be made optional again
>> for
>> the GNOME desktop?
>>
>> Thanks,
>> Florian
>
> No, many of our core applications depend on tracker t
On Nov 23, 2016 6:37 AM, "Michael Catanzaro" wrote:
>
> or sandboxing tracker miners (e.g. maybe with
> SELinux?) that would be a more practical way forward.
This seems like it would be a fantastic use of the infrastructure behind
xdg-app.
___
devel mai
Hi,
On 23-11-16 15:36, Michael Catanzaro wrote:
On Wed, 2016-11-23 at 09:39 +0100, Florian Weimer wrote:
What about the larger picture? Can tracker be made optional again
for
the GNOME desktop?
Thanks,
Florian
No, many of our core applications depend on tracker to be able to see
files, and
On Wed, 2016-11-23 at 09:39 +0100, Florian Weimer wrote:
>
> What about the larger picture? Can tracker be made optional again
> for
> the GNOME desktop?
>
> Thanks,
> Florian
No, many of our core applications depend on tracker to be able to see
files, and others (e.g. nautilus) use tracker to
On Tue, Nov 22, 2016 at 06:57:45PM -0600, Michael Catanzaro wrote:
> Is anybody working on fixing [1]?
> The exploit is a little impractical in that it only works if you have
> not updated any F24 base packages except GStreamer, but we should still
> fix it. I don't see any GStreamer updates in bod
On 23.11.2016 01:57, Michael Catanzaro wrote:
> Hi,
>
> Is anybody working on fixing [1]?
>
> The exploit is a little impractical in that it only works if you have
> not updated any F24 base packages except GStreamer, but we should still
> fix it. I don't see any GStreamer updates in bodhi yet.
>>> Hi,
>>>
>>> Is anybody working on fixing [1]?
>>>
>>> The exploit is a little impractical in that it only works if you have
>>> not updated any F24 base packages except GStreamer, but we should
>>> still
>>> fix it. I don't see any GStreamer updates in bodhi yet.
>>
>>
>> for gstreamer
>> https
On 11/23/2016 02:15 AM, Sérgio Basto wrote:
On Ter, 2016-11-22 at 18:57 -0600, Michael Catanzaro wrote:
Hi,
Is anybody working on fixing [1]?
The exploit is a little impractical in that it only works if you have
not updated any F24 base packages except GStreamer, but we should
still
fix it. I
On Ter, 2016-11-22 at 18:57 -0600, Michael Catanzaro wrote:
> Hi,
>
> Is anybody working on fixing [1]?
>
> The exploit is a little impractical in that it only works if you have
> not updated any F24 base packages except GStreamer, but we should
> still
> fix it. I don't see any GStreamer updates
Hi,
Is anybody working on fixing [1]?
The exploit is a little impractical in that it only works if you have
not updated any F24 base packages except GStreamer, but we should still
fix it. I don't see any GStreamer updates in bodhi yet.
Michael
[1]
http://arstechnica.com/security/2016/11/elegan
46 matches
Mail list logo
