Re: security of the lookaside cache (was: frafra uploaded yumex-dnf-4.1.6.tar.gz for yumex-dnf)

On Wed, 2015-12-30 at 20:09 +0100, Pierre-Yves Chibon wrote: > On Wed, Dec 30, 2015 at 07:38:35PM +0100, Björn Persson wrote: > > But still, why are we still using MD5? > > For the record bochecha has been leading the move away from md5 to > sha, making the changes in such a way that it will give

Re: security of the lookaside cache (was: frafra uploaded yumex-dnf-4.1.6.tar.gz for yumex-dnf)

On Wed, Dec 30, 2015 at 07:38:35PM +0100, Björn Persson wrote: > Tim Lauridsen wrote: > > How do i handle a situation where someone, without my knowledge > > uploads new sources to one of my projects. It could be a security > > problem ? > > While I trust that Francesco had only good intentions, t

Re: security of the lookaside cache (was: frafra uploaded yumex-dnf-4.1.6.tar.gz for yumex-dnf)

On Wed, 30 Dec 2015 19:38:35 +0100 Björn Persson wrote: > Tim Lauridsen wrote: > > How do i handle a situation where someone, without my knowledge > > uploads new sources to one of my projects. It could be a security > > problem ? > > While I trust that Francesco had only good intentions, the

security of the lookaside cache (was: frafra uploaded yumex-dnf-4.1.6.tar.gz for yumex-dnf)

Tim Lauridsen wrote: > How do i handle a situation where someone, without my knowledge > uploads new sources to one of my projects. It could be a security > problem ? While I trust that Francesco had only good intentions, the general question remains: Is it possible to modify a package without com

Re: Fwd: frafra uploaded yumex-dnf-4.1.6.tar.gz for yumex-dnf

> How do i handle a situation where someone, without my knowledge uploads > new sources to one of my projects. It could be a security problem ? Sorry Tim and sorry everyone for this false alarm. I was playing with fedpkg and I realized I could upload new sources; I thought I could provide a comp

Re: frafra uploaded yumex-dnf-4.1.6.tar.gz for yumex-dnf

On Tue, 29 Dec 2015 21:15:12 -0700, Orion Poplawski wrote: > On 12/28/2015 02:35 AM, Tim Lauridsen wrote: > > How do i handle a situation where someone, without my knowledge uploads > > new sources to one of my projects. It could be a security problem ? > > > > Tim > > Email the person and ask

Re: Fwd: frafra uploaded yumex-dnf-4.1.6.tar.gz for yumex-dnf

- From: mailto:notificati...@fedoraproject.org>> Date: Sun, 27 Dec 2015 at 23:00 Subject: frafra uploaded yumex-dnf-4.1.6.tar.gz for yumex-dnf 0ae84309cbb6781e7acaf2c1a784f59b yumex-dnf-4.1.6.tar.gz http://pkgs.fedoraproject.org/lookaside/pkgs/yumex-dnf/yumex-dnf-4.1.6.tar.

Re: frafra uploaded yumex-dnf-4.1.6.tar.gz for yumex-dnf

On Mon, 28 Dec 2015 at 11:41 Pierre-Yves Chibon wrote: > On Mon, Dec 28, 2015 at 09:38:25AM +, Tim Lauridsen wrote: > >Looks like a false alarm, just a scatch build > >https://bugzilla.redhat.com/show_bug.cgi?id=1294377 > > Why uploading sources to dist-git for a scratch build? > > >

Re: frafra uploaded yumex-dnf-4.1.6.tar.gz for yumex-dnf

On Mon, Dec 28, 2015 at 09:38:25AM +, Tim Lauridsen wrote: >Looks like a false alarm, just a scatch build  >https://bugzilla.redhat.com/show_bug.cgi?id=1294377 Why uploading sources to dist-git for a scratch build? Pierre -- devel mailing list devel@lists.fedoraproject.org http://li

Re: frafra uploaded yumex-dnf-4.1.6.tar.gz for yumex-dnf

roblem ? > > Tim > > > -- Forwarded message - > From: > Date: Sun, 27 Dec 2015 at 23:00 > Subject: frafra uploaded yumex-dnf-4.1.6.tar.gz for yumex-dnf > > 0ae84309cbb6781e7acaf2c1a784f59b yumex-dnf-4.1.6.tar.gz > > http://pkgs.fedoraproject.or

Fwd: frafra uploaded yumex-dnf-4.1.6.tar.gz for yumex-dnf

How do i handle a situation where someone, without my knowledge uploads new sources to one of my projects. It could be a security problem ? Tim -- Forwarded message - From: Date: Sun, 27 Dec 2015 at 23:00 Subject: frafra uploaded yumex-dnf-4.1.6.tar.gz for yumex-dnf