Re: [Test-Announce] Note for people with EFI installs: install grub-efi!

2011-10-12 Thread Peter Robinson
Hey Adam, On Wed, Oct 12, 2011 at 2:17 AM, Adam Williamson wrote: > Hey, folks. There's a grub update in updates-testing atm (being pushed > stable soon) which splits the EFI stuff off into a new grub-efi > subpackage. If you have an EFI install of F16 you will need to have > grub-efi installed o

Re: yubikey

2011-10-12 Thread Nathanael D. Noblet
On 10/12/2011 12:02 AM, Toshio Kuratomi wrote: > I currently have my yubikey set up to do this (slot 1 is Fedora, slot 2 is > for yubikey servers). Hmm that's great. For some reason I thought the slots still used the same keys... -- Nathanael d. Noblet t 403.875.4613 -- devel mailing list deve

Re: [Test-Announce] Note for people with EFI installs: install grub-efi!

2011-10-12 Thread Kalev Lember
On 10/12/2011 04:17 AM, Adam Williamson wrote: > Hey, folks. There's a grub update in updates-testing atm (being pushed > stable soon) which splits the EFI stuff off into a new grub-efi > subpackage. If you have an EFI install of F16 you will need to have > grub-efi installed or else your system wo

Re: Fedora 16 Final Release Criterion for Xen DomU

2011-10-12 Thread Pasi Kärkkäinen
On Mon, Oct 10, 2011 at 12:09:51PM -0600, Tim Flink wrote: > Since the beta criterion for running Fedora as a Xen guest (DomU) was > removed for Fedora 16, there has been some discussion [1] [2] on test@ > about whether or not we should add it back for Fedora 16 final. The old > criterion read: >

Re: TFTP not working on F15 as well as updated F14

2011-10-12 Thread Aaron Gray
On 12 October 2011 04:22, Nick Jones wrote: > On Tue, 2011-10-11 at 21:22 +0100, Aaron Gray wrote: > > On 11 October 2011 18:49, Tom Callaway wrote: > > On 10/11/2011 01:46 PM, Aaron Gray wrote: > > > I have two F15 machines one a desktop which is running the > > new Gnom

slow speed of selinux commands

2011-10-12 Thread Fulko Hew
On Mon, Sep 19, 2011 at 4:01 PM, Fulko Hew wrote: > On Mon, Sep 19, 2011 at 3:32 PM, Eric Paris wrote: >> On Mon, 2011-09-19 at 14:49 -0400, Fulko Hew wrote: >> >>> If so... why use chcon versus the semanage/restorecon technique? >>> or if my assesement is wrong... can someone point me to a bette

Re: slow speed of selinux commands

2011-10-12 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/12/2011 09:00 AM, Fulko Hew wrote: > > > On Mon, Sep 19, 2011 at 4:01 PM, Fulko Hew > wrote: >> On Mon, Sep 19, 2011 at 3:32 PM, Eric Paris > wrote: >>> On Mon, 2011-09-19 at 14:49 -0400,

Re: Package review SIG dead?

2011-10-12 Thread Pierre-Yves Chibon
On Fri, 2011-10-07 at 10:03 -0500, Richard Shaw wrote: > > Should we request a separate mailing list? I don't expect it to be > high volume obviously but it could make communication easier since > people live across multiple time zones. Also, it would make subjects > easier since right now on the

Re: Package review SIG dead?

2011-10-12 Thread Richard Shaw
On Wed, Oct 12, 2011 at 8:26 AM, Pierre-Yves Chibon wrote: > On Fri, 2011-10-07 at 10:03 -0500, Richard Shaw wrote: >> >> Should we request a separate mailing list? I don't expect it to be >> high volume obviously but it could make communication easier since >> people live across multiple time zon

Broken dependencies: perl-Pugs-Compiler-Rule

2011-10-12 Thread buildsys
perl-Pugs-Compiler-Rule has broken dependencies in the rawhide tree: On x86_64: perl-Pugs-Compiler-Rule-0.37-9.fc16.noarch requires perl(:MODULE_COMPAT_5.12.3) On i386: perl-Pugs-Compiler-Rule-0.37-9.fc16.noarch requires perl(:MODULE_COMPAT_5.12.3) Please resolve this as soon as

Broken dependencies: perl-Bio-Graphics

2011-10-12 Thread buildsys
perl-Bio-Graphics has broken dependencies in the rawhide tree: On x86_64: perl-Bio-Graphics-2.25-1.fc17.noarch requires perl(Bio::DB::BigWig) On i386: perl-Bio-Graphics-2.25-1.fc17.noarch requires perl(Bio::DB::BigWig) Please resolve this as soon as possible. -- Fedora Extras Pe

rawhide report: 20111012 changes

2011-10-12 Thread Rawhide Report
Compose started at Wed Oct 12 08:16:19 UTC 2011 Broken deps for x86_64 -- 389-admin-1.1.23-1.fc17.i686 requires libicuuc.so.46 389-admin-1.1.23-1.fc17.i686 requires libicui18n.so.46 389-admin-1.1.23-1.fc17.i686 require

Re: TFTP not working on F15 as well as updated F14

2011-10-12 Thread Aaron Gray
On 11 October 2011 18:49, Tom Callaway wrote: > On 10/11/2011 01:46 PM, Aaron Gray wrote: > > I have two F15 machines one a desktop which is running the new Gnome 3 > > desktop and a laptop not running the new desktop. > > > > TFTP is not working on the desktop machine on F15 as it was not workin

Re: TFTP not working on F15 as well as updated F14

2011-10-12 Thread Aaron Gray
On 12 October 2011 14:57, Aaron Gray wrote: > On 11 October 2011 18:49, Tom Callaway wrote: > >> On 10/11/2011 01:46 PM, Aaron Gray wrote: >> > I have two F15 machines one a desktop which is running the new Gnome 3 >> > desktop and a laptop not running the new desktop. >> > >> > TFTP is not work

Re: rawhide report: 20111012 changes

2011-10-12 Thread Jerry James
On Wed, Oct 12, 2011 at 7:41 AM, Rawhide Report wrote: > Compose started at Wed Oct 12 08:16:19 UTC 2011 > > Broken deps for x86_64 > -- [snip] >        acheck-0.5.1-5.fc17.noarch requires perl(Text::Aspell) [snip] > Updated Packages: [snip]

Re: [Test-Announce] Note for people with EFI installs: install grub-efi!

2011-10-12 Thread Adam Williamson
On Wed, 2011-10-12 at 12:29 +0300, Kalev Lember wrote: > On 10/12/2011 04:17 AM, Adam Williamson wrote: > > Hey, folks. There's a grub update in updates-testing atm (being pushed > > stable soon) which splits the EFI stuff off into a new grub-efi > > subpackage. If you have an EFI install of F16 yo

Re: non-responsive icon theme maintainer

2011-10-12 Thread Pierre-Yves Chibon
On Mon, 2011-10-03 at 22:12 +0200, Pierre-Yves Chibon wrote: > On Thu, 2011-09-15 at 13:24 +0200, Pierre-Yves Chibon wrote: > > > > I just sent an email directly to his archlinux.us email address asking > > if he wishes to resign from his maintainer duties or if he is just > > busy. > > Let's see

Re: [Test-Announce] Note for people with EFI installs: install grub-efi!

2011-10-12 Thread Peter Robinson
On Wed, Oct 12, 2011 at 4:26 PM, Adam Williamson wrote: > On Wed, 2011-10-12 at 12:29 +0300, Kalev Lember wrote: >> On 10/12/2011 04:17 AM, Adam Williamson wrote: >> > Hey, folks. There's a grub update in updates-testing atm (being pushed >> > stable soon) which splits the EFI stuff off into a new

Release Notes

2011-10-12 Thread John J. McDonough
This release we seem to have gotten quite a few timely bugs, some of them quite subtle. I thank all of you who took the time to pore over the beta notes and submit bugs. Many of these subtleties the Docs writers really can't pick up on, and your effort makes the release notes that much better. An

Re: rawhide report: 20111012 changes

2011-10-12 Thread Tom Callaway
On 10/12/2011 11:20 AM, Jerry James wrote: > On Wed, Oct 12, 2011 at 7:41 AM, Rawhide Report > wrote: >> Compose started at Wed Oct 12 08:16:19 UTC 2011 >> >> Broken deps for x86_64 >> -- > [snip] >>acheck-0.5.1-5.fc17.noarch requires

Re: [Test-Announce] Note for people with EFI installs: install grub-efi!

2011-10-12 Thread Kalev Lember
On 10/12/2011 06:26 PM, Adam Williamson wrote: > On Wed, 2011-10-12 at 12:29 +0300, Kalev Lember wrote: >> I can think of two ways to convince yum to always install grub-efi on >> upgrades: >> a) have grub2 require grub-efi; or >> b) have grub-efi obsolete grub. Both of the cases are also descri

Re: [Test-Announce] Note for people with EFI installs: install grub-efi!

2011-10-12 Thread Adam Williamson
On Wed, 2011-10-12 at 16:30 +0100, Peter Robinson wrote: > > I think b) sounds closer to our goal here, if it does actually work that > > way (I thought yum would just pick one of the obsoleting packages). > > Peter? > > It will only pick up the replacement package if the package has a > provides

Re: [Test-Announce] Note for people with EFI installs: install grub-efi!

2011-10-12 Thread Peter Jones
On 10/12/2011 11:26 AM, Adam Williamson wrote: > On Wed, 2011-10-12 at 12:29 +0300, Kalev Lember wrote: >> On 10/12/2011 04:17 AM, Adam Williamson wrote: >>> Hey, folks. There's a grub update in updates-testing atm (being pushed >>> stable soon) which splits the EFI stuff off into a new grub-efi >>

Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Kevin Fenzi
Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30 Summary: All existing users of the Fedora Account System (FAS) at https://admin.fedoraproject.org/accounts are required to change their password and upload a NEW ssh public key before 2011-11-30. Failure to do so may resu

Re: [Test-Announce] Proventesters meetup 2011-10-12 at 18UTC

2011-10-12 Thread Clyde E. Kunkel
On 10/11/2011 04:05 PM, Kevin Fenzi wrote: > We are going to be having another proventesters meetup tomorrow on IRC > in #fedora-meeting at 18:00UTC. > > Purpose of meetup: Brainstorm ideas on improving testing and processes > for testing updates. > > * Intro/gather more agenda items > > * Recruiti

Re: rawhide report: 20111012 changes

2011-10-12 Thread Rakesh Pandit
On 12 October 2011 20:50, Jerry James wrote: > On Wed, Oct 12, 2011 at 7:41 AM, Rawhide Report [..] > > I don't see anything since early April, which is consistent with the > lack of response to my late April notification of perl-Text-Aspell's > imminent demise.  Rakesh's last post to this mailing

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Kevin Fenzi
On Wed, 12 Oct 2011 13:30:19 -0400 Jeff Layton wrote: > I have a question not covered here: I just changed my ssh key a week > or two ago in the wake of the kernel.org compromise... > > Is my new key sufficient? I really don't want to have to re-distribute > my key to all of the various servers

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Richard Hughes
On 12 October 2011 17:44, Kevin Fenzi wrote: > All existing users of the Fedora Account System (FAS) at > https://admin.fedoraproject.org/accounts are required to change their > password and upload a NEW ssh public key before 2011-11-30. I have to upload a *new* public key? Why should I have two

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Simo Sorce
On Wed, 2011-10-12 at 11:41 -0600, Kevin Fenzi wrote: > On Wed, 12 Oct 2011 13:30:19 -0400 > Jeff Layton wrote: > > > I have a question not covered here: I just changed my ssh key a week > > or two ago in the wake of the kernel.org compromise... > > > > Is my new key sufficient? I really don't w

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Adam Williamson
On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote: > On 12 October 2011 17:44, Kevin Fenzi wrote: > > All existing users of the Fedora Account System (FAS) at > > https://admin.fedoraproject.org/accounts are required to change their > > password and upload a NEW ssh public key before 2011-11

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Digimer
On 10/12/2011 12:44 PM, Kevin Fenzi wrote: > Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30 > > Summary: > > All existing users of the Fedora Account System (FAS) at > https://admin.fedoraproject.org/accounts are required to change their > password and upload a NEW ssh publ

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread seth vidal
On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote: > On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote: > > On 12 October 2011 17:44, Kevin Fenzi wrote: > > > All existing users of the Fedora Account System (FAS) at > > > https://admin.fedoraproject.org/accounts are required to change

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Adam Williamson
On Wed, 2011-10-12 at 13:45 -0400, Simo Sorce wrote: > I have no problem with changing the password, but leave my ssh keys > alone, unless there is a real reason to ask people to change them. Reading between the lines of recent attacks, it seems likely that private keys compromised in some of the

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Adam Williamson
On Wed, 2011-10-12 at 13:53 -0400, seth vidal wrote: > On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote: > > On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote: > > > On 12 October 2011 17:44, Kevin Fenzi wrote: > > > > All existing users of the Fedora Account System (FAS) at > > > >

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread drago01
On Wed, Oct 12, 2011 at 7:53 PM, Adam Williamson wrote: > On Wed, 2011-10-12 at 13:45 -0400, Simo Sorce wrote: > >> I have no problem with changing the password, but leave my ssh keys >> alone, unless there is a real reason to ask people to change them. > > Reading between the lines of recent atta

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Mike McGrath
On Wed, 12 Oct 2011, Simo Sorce wrote: > On Wed, 2011-10-12 at 11:41 -0600, Kevin Fenzi wrote: > > On Wed, 12 Oct 2011 13:30:19 -0400 > > Jeff Layton wrote: > > > > > I have a question not covered here: I just changed my ssh key a week > > > or two ago in the wake of the kernel.org compromise...

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread seth vidal
On Wed, 2011-10-12 at 10:58 -0700, Adam Williamson wrote: > On Wed, 2011-10-12 at 13:53 -0400, seth vidal wrote: > > On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote: > > > On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote: > > > > On 12 October 2011 17:44, Kevin Fenzi wrote: > > > >

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Jon Ciesla
> On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote: >> On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote: >> > On 12 October 2011 17:44, Kevin Fenzi wrote: >> > > All existing users of the Fedora Account System (FAS) at >> > > https://admin.fedoraproject.org/accounts are required to

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Peter Robinson
On Wed, Oct 12, 2011 at 6:51 PM, Adam Williamson wrote: > On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote: >> On 12 October 2011 17:44, Kevin Fenzi wrote: >> > All existing users of the Fedora Account System (FAS) at >> > https://admin.fedoraproject.org/accounts are required to change the

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Simo Sorce
On Wed, 2011-10-12 at 10:53 -0700, Adam Williamson wrote: > On Wed, 2011-10-12 at 13:45 -0400, Simo Sorce wrote: > > > I have no problem with changing the password, but leave my ssh keys > > alone, unless there is a real reason to ask people to change them. > > Reading between the lines of recent

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Peter Robinson
On Wed, Oct 12, 2011 at 7:01 PM, drago01 wrote: > On Wed, Oct 12, 2011 at 7:53 PM, Adam Williamson wrote: >> On Wed, 2011-10-12 at 13:45 -0400, Simo Sorce wrote: >> >>> I have no problem with changing the password, but leave my ssh keys >>> alone, unless there is a real reason to ask people to ch

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Digimer
On 10/12/2011 02:10 PM, Peter Robinson wrote: > On Wed, Oct 12, 2011 at 6:51 PM, Adam Williamson wrote: >> On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote: >>> On 12 October 2011 17:44, Kevin Fenzi wrote: All existing users of the Fedora Account System (FAS) at https://admin.fed

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Simo Sorce
On Wed, 2011-10-12 at 13:04 -0500, Mike McGrath wrote: > On Wed, 12 Oct 2011, Simo Sorce wrote: > > > On Wed, 2011-10-12 at 11:41 -0600, Kevin Fenzi wrote: > > > On Wed, 12 Oct 2011 13:30:19 -0400 > > > Jeff Layton wrote: > > > > > > > I have a question not covered here: I just changed my ssh key

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Henrik Nordström
The password change is understandable, but why force an SSH key change with such short notice? And what if the SSH key is a hard token (smartcard) which can not be copied or trivially changed? Switching to a soft key would be mostly counter-productive from a security point of view. Now I were not

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Simo Sorce
On Wed, 2011-10-12 at 13:06 -0500, Jon Ciesla wrote: > > On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote: > >> On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote: > >> > On 12 October 2011 17:44, Kevin Fenzi wrote: > >> > > All existing users of the Fedora Account System (FAS) at > >

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Peter Robinson
2011/10/12 Henrik Nordström : > The password change is understandable, but why force an SSH key change > with such short notice? > > And what if the SSH key is a hard token (smartcard) which can not be > copied or trivially changed? Switching to a soft key would be mostly > counter-productive from

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Adam Williamson
On Wed, 2011-10-12 at 20:01 +0200, drago01 wrote: > On Wed, Oct 12, 2011 at 7:53 PM, Adam Williamson wrote: > > On Wed, 2011-10-12 at 13:45 -0400, Simo Sorce wrote: > > > >> I have no problem with changing the password, but leave my ssh keys > >> alone, unless there is a real reason to ask people

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Jon Ciesla
> On Wed, 2011-10-12 at 13:06 -0500, Jon Ciesla wrote: >> > On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote: >> >> On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote: >> >> > On 12 October 2011 17:44, Kevin Fenzi wrote: >> >> > > All existing users of the Fedora Account System (FAS)

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread drago01
On Wed, Oct 12, 2011 at 8:24 PM, Adam Williamson wrote: > On Wed, 2011-10-12 at 20:01 +0200, drago01 wrote: >> On Wed, Oct 12, 2011 at 7:53 PM, Adam Williamson wrote: >> > On Wed, 2011-10-12 at 13:45 -0400, Simo Sorce wrote: >> > >> >> I have no problem with changing the password, but leave my ss

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Adam Williamson
On Wed, 2011-10-12 at 14:16 -0400, Simo Sorce wrote: > Storing a public key is not an issue, so the fact I use my key with > different projects has absolutely no bearing on my exposure, zero, > zilch. Unless I store my *private* keys on non-personal machines. I rather suspect this is exactly what

Re: TFTP not working on F15 as well as updated F14

2011-10-12 Thread Tom Callaway
Okay. Your configurations are the default configs (with the notable exception of enabling the xinetd.d/tftp service). On my x86_64 laptop running Fedora 16, with iptables reasonably normal, I installed "tftp" and "tftp-server", and changed "disable = yes" to "disable = no" in /etc/xinetd.d/tftp. T

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Przemek Klosowski
On 10/12/2011 01:41 PM, Richard Hughes wrote: > On 12 October 2011 17:44, Kevin Fenzi wrote: >> * Nine or more characters with lower and upper case letters, digits and >> punctuation marks. >> * Ten or more characters with lower and upper case letters and digits. >> * Twelve or more characters w

Re: Firefox on Fedora: No longer funny

2011-10-12 Thread Henrik Nordström
tis 2011-10-11 klockan 10:49 -0700 skrev Adam Williamson: > There obviously is a _legitimate_ question as to whether you ought to be > able to add your package into anyone else's update if you aren't a > provenpackager; it's not necessarily something we'd want to do. But I > think provenpackagers

Re: [Test-Announce] Proventesters meetup 2011-10-12 at 18UTC

2011-10-12 Thread Kevin Fenzi
On Wed, 12 Oct 2011 13:36:13 -0400 "Clyde E. Kunkel" wrote: > I cannot attend this meeting but would like to request that > consideration be given to changing the "Fedora NN updates-testing > report" to list the actual package/software requiring security or > critical path testing. I used to

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Simo Sorce
On Wed, 2011-10-12 at 13:25 -0500, Jon Ciesla wrote: > > On Wed, 2011-10-12 at 13:06 -0500, Jon Ciesla wrote: > >> > On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote: > >> >> On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote: > >> >> > On 12 October 2011 17:44, Kevin Fenzi wrote: > >

Re: Firefox on Fedora: No longer funny

2011-10-12 Thread Adam Williamson
On Wed, 2011-10-12 at 20:38 +0200, Henrik Nordström wrote: > tis 2011-10-11 klockan 10:49 -0700 skrev Adam Williamson: > > > There obviously is a _legitimate_ question as to whether you ought to be > > able to add your package into anyone else's update if you aren't a > > provenpackager; it's not

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Tomas Mraz
On Wed, 2011-10-12 at 14:16 -0400, Simo Sorce wrote: > On Wed, 2011-10-12 at 13:04 -0500, Mike McGrath wrote: > > On Wed, 12 Oct 2011, Simo Sorce wrote: > > > > > On Wed, 2011-10-12 at 11:41 -0600, Kevin Fenzi wrote: > > > > On Wed, 12 Oct 2011 13:30:19 -0400 > > > > Jeff Layton wrote: > > > > >

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Jon Ciesla
> On Wed, 2011-10-12 at 13:25 -0500, Jon Ciesla wrote: >> > On Wed, 2011-10-12 at 13:06 -0500, Jon Ciesla wrote: >> >> > On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote: >> >> >> On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote: >> >> >> > On 12 October 2011 17:44, Kevin Fenzi wro

Re: Firefox on Fedora: No longer funny

2011-10-12 Thread Henrik Nordström
mån 2011-10-10 klockan 20:44 +0200 skrev Thomas Spura: > Forcing only critpath packages being in updates-testing and the rest > being allowed to push to stable directly would help to fix issues much > faster. You could set stable karma threshold to 1. It's then sufficient one tester gives positiv

Re: Upstream Release Monitor

2011-10-12 Thread Till Maas
On Wed, Oct 12, 2011 at 03:06:46PM +1000, Peter Hutterer wrote: > out of interest - are there any plans to auto-close bugs once the new > version hits rawhide? No, this is not planned. But you do not need to close bugs, because old bugs are re-used unless they changed status. Regards Till -- de

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Henrik Nordström
ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath: > Lots of people use and share keys across different projects. There is no security issue in sharing kes across different projects, other than that it gives a strong hint that you are the same person in both projects, much stronger than name

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Adam Williamson
On Wed, 2011-10-12 at 21:07 +0200, Henrik Nordström wrote: > ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath: > > > Lots of people use and share keys across different projects. > > There is no security issue in sharing kes across different projects, Sure there is. There's the exact same pr

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Henrik Nordström
ons 2011-10-12 klockan 13:25 -0500 skrev Jon Ciesla: > Plus, you could have multiple > keys, all with the same passphrase, for different things, should you so > desire. That's effectively one shared key for all. If one of them are compromized them most likely all of them are, as the attacker cle

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Jon Ciesla
> ons 2011-10-12 klockan 13:25 -0500 skrev Jon Ciesla: > >> Plus, you could have multiple >> keys, all with the same passphrase, for different things, should you so >> desire. > > That's effectively one shared key for all. If one of them are > compromized them most likely all of them are, as the

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Henrik Nordström
ons 2011-10-12 klockan 19:22 +0100 skrev Peter Robinson: > If your using a hard token you should be using a subkeys I believe and > not the root key, not sure if that's gpg or ssh or both. subkeys is not relevant to the SSH world. That's a OpenPGP thing where the main key should only be used for

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Henrik Nordström
ons 2011-10-12 klockan 12:20 -0700 skrev Adam Williamson: > Sure there is. There's the exact same problem as using the same password > across multiple projects: if someone compromises the key they have > compromised all of those projects. If you use a different key for each > project, an attacker

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Horst H. von Brand
Jon Ciesla wrote: [...] > It's really not a huge hassle. I've already done it. I configured the > .ssh/config files where I needed to, and it doesn't conflict with any > other keys I have. I don't get what the big deal is. The disruption is, > like, five minutes of work. The potential benef

Re: Firefox on Fedora: No longer funny

2011-10-12 Thread Thomas Spura
On Wed, 12 Oct 2011 20:58:15 +0200 Henrik Nordström wrote: > mån 2011-10-10 klockan 20:44 +0200 skrev Thomas Spura: > > > Forcing only critpath packages being in updates-testing and the rest > > being allowed to push to stable directly would help to fix issues > > much faster. > > You could set

[perl-Text-Aspell/f16] revived

2011-10-12 Thread Tom Callaway
commit 3199bda7406c3c8a4c2bbeca244a5dfcb6f6adf7 Author: Tom "spot" Callaway Date: Wed Oct 12 15:43:47 2011 -0400 revived perl-Text-Aspell.spec | 88 + sources |1 + 2 files changed, 89 insertions(+), 0 deletions(-) --- di

VerifyHostKeyDNS, was Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Paul Wouters
On Wed, 12 Oct 2011, Kevin Fenzi wrote: > * DO verify ssh host keys via dnssec protected dns. ( .ssh/config: > "VerifyHostKeyDNS yes") https://bugzilla.redhat.com/show_bug.cgi?id=180277 https://bugzilla.redhat.com/show_bug.cgi?id=730558 You can't tell us to use this while at the same time refus

[perl-Text-Aspell] revived

2011-10-12 Thread Tom Callaway
commit 37744ce9174431a3cb966c80dec130854d52f761 Author: Tom "spot" Callaway Date: Wed Oct 12 15:43:58 2011 -0400 revived perl-Text-Aspell.spec | 88 + sources |1 + 2 files changed, 89 insertions(+), 0 deletions(-) --- di

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Kevin Fenzi
On Wed, 12 Oct 2011 13:53:34 -0400 Digimer wrote: > On 10/12/2011 12:44 PM, Kevin Fenzi wrote: > > Subject: IMPORTANT: Mandatory password and ssh key change by > > 2011-11-30 > > > > Summary: > > > > All existing users of the Fedora Account System (FAS) at > > https://admin.fedoraproject.org/acco

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Tomas Mraz
On Wed, 2011-10-12 at 12:20 -0700, Adam Williamson wrote: > On Wed, 2011-10-12 at 21:07 +0200, Henrik Nordström wrote: > > ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath: > > > > > Lots of people use and share keys across different projects. > > > > There is no security issue in sharing k

Re: Upstream Release Monitor

2011-10-12 Thread Thomas Moschny
2011/10/12 Till Maas : > On Wed, Oct 12, 2011 at 03:06:46PM +1000, Peter Hutterer wrote: >> out of interest - are there any plans to auto-close bugs once the new >> version hits rawhide? > > No, this is not planned. But you do not need to close bugs, because old > bugs are re-used unless they chang

Re: VerifyHostKeyDNS, was Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Kevin Fenzi
On Wed, 12 Oct 2011 15:43:42 -0400 (EDT) Paul Wouters wrote: > On Wed, 12 Oct 2011, Kevin Fenzi wrote: > > > * DO verify ssh host keys via dnssec protected dns. ( .ssh/config: > > "VerifyHostKeyDNS yes") > > https://bugzilla.redhat.com/show_bug.cgi?id=180277 > https://bugzilla.redhat.com/show_

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Adam Williamson
On Wed, 2011-10-12 at 21:38 +0200, Henrik Nordström wrote: > ons 2011-10-12 klockan 12:20 -0700 skrev Adam Williamson: > > > Sure there is. There's the exact same problem as using the same password > > across multiple projects: if someone compromises the key they have > > compromised all of those

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Kevin Fenzi
On Wed, 12 Oct 2011 20:19:27 +0200 Henrik Nordström wrote: > The password change is understandable, but why force an SSH key change > with such short notice? Short? 1.5 months? How long would you like? > And what if the SSH key is a hard token (smartcard) which can not be > copied or triviall

Re: VerifyHostKeyDNS, was Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Tomas Mraz
On Wed, 2011-10-12 at 15:43 -0400, Paul Wouters wrote: > On Wed, 12 Oct 2011, Kevin Fenzi wrote: > > > * DO verify ssh host keys via dnssec protected dns. ( .ssh/config: > > "VerifyHostKeyDNS yes") > > https://bugzilla.redhat.com/show_bug.cgi?id=180277 > https://bugzilla.redhat.com/show_bug.cgi

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Adam Williamson
On Wed, 2011-10-12 at 21:45 +0200, Tomas Mraz wrote: > That's a nonsense. Simply said. If I have a properly generated random > ssh private key with a strong passphrase that I never put outside of my > workstations and safe backup media then there is no other way it can be > compromised than to com

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Paul Wouters
On Wed, 12 Oct 2011, Adam Williamson wrote: > Reading between the lines of recent attacks, it seems likely that > private keys compromised in some of the attacks were used to perform > others. (No-one's come out and officially said this yet but it seems > pretty obvious from the subtext of some of

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Horst H. von Brand
Digimer wrote: [...] > The idea of maintaining a second set of keys for Fedora (and again for > any other projects that follow suit) is, I'd argue, unreasonably burdensome. Oh, come on. It was less than 5 minutes (and I learnt a bit while at it too). From now on, it will be handled automagical

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Mike McGrath
On Wed, 12 Oct 2011, Henrik Nordström wrote: > ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath: > > > Lots of people use and share keys across different projects. > > There is no security issue in sharing kes across different projects, > other than that it gives a strong hint that you are th

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Henrik Nordström
ons 2011-10-12 klockan 13:49 -0600 skrev Kevin Fenzi: > If you can't change your token, then I would posit you have a problem. > What if you KNEW your private key was compromised? Surely there is a > way to generate a new one... I can change it, but it means changing it for all sytems I access u

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Tomas Mraz
On Wed, 2011-10-12 at 14:59 -0500, Mike McGrath wrote: > On Wed, 12 Oct 2011, Henrik Nordström wrote: > > > ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath: > > > > > Lots of people use and share keys across different projects. > > > > There is no security issue in sharing kes across differ

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Jon Ciesla
> ons 2011-10-12 klockan 13:49 -0600 skrev Kevin Fenzi: > >> If you can't change your token, then I would posit you have a problem. >> What if you KNEW your private key was compromised? Surely there is a >> way to generate a new one... > > I can change it, but it means changing it for all sytems I

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Kevin Fenzi
On Wed, 12 Oct 2011 22:13:11 +0200 Tomas Mraz wrote: > > OK, but then you should not penalize also the people who keep their > SSH private keys only on safe private computers. We're sorry if it's causing you inconvenience. We have no way at all to tell apart the groups of people who understand

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Simo Sorce
On Wed, 2011-10-12 at 12:48 -0700, Adam Williamson wrote: > On Wed, 2011-10-12 at 21:38 +0200, Henrik Nordström wrote: > > ons 2011-10-12 klockan 12:20 -0700 skrev Adam Williamson: > > > > > Sure there is. There's the exact same problem as using the same password > > > across multiple projects: if

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Mike McGrath
On Wed, 12 Oct 2011, Tomas Mraz wrote: > On Wed, 2011-10-12 at 14:59 -0500, Mike McGrath wrote: > > On Wed, 12 Oct 2011, Henrik Nordström wrote: > > > > > ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath: > > > > > > > Lots of people use and share keys across different projects. > > > > > > T

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Simo Sorce
On Wed, 2011-10-12 at 13:49 -0600, Kevin Fenzi wrote: > On Wed, 12 Oct 2011 20:19:27 +0200 > Henrik Nordström wrote: > > > The password change is understandable, but why force an SSH key change > > with such short notice? > > Short? 1.5 months? > > How long would you like? > > > And what if t

[Bug 745337] amavisd doesn't start in fc15

2011-10-12 Thread bugzilla
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=745337 Steven Pritchard changed: What|Removed |Added --

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Simo Sorce
On Wed, 2011-10-12 at 12:55 -0700, Adam Williamson wrote: > On Wed, 2011-10-12 at 21:45 +0200, Tomas Mraz wrote: > > > That's a nonsense. Simply said. If I have a properly generated random > > ssh private key with a strong passphrase that I never put outside of my > > workstations and safe backup

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Simo Sorce
On Wed, 2011-10-12 at 14:18 -0600, Kevin Fenzi wrote: > On Wed, 12 Oct 2011 22:13:11 +0200 > Tomas Mraz wrote: > > > > > OK, but then you should not penalize also the people who keep their > > SSH private keys only on safe private computers. > > We're sorry if it's causing you inconvenience. We

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Toshio Kuratomi
On Wed, Oct 12, 2011 at 08:19:27PM +0200, Henrik Nordström wrote: > > And why is so much of the Fedora inftrastructure relying on plain text > password exchanges (within SSL, but still plain text at the Fedora > servers) when there is both HTTP digest authentication (no plaintext > seen by Fedora

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Tomas Mraz
On Wed, 2011-10-12 at 15:22 -0500, Mike McGrath wrote: > On Wed, 12 Oct 2011, Tomas Mraz wrote: > > > On Wed, 2011-10-12 at 14:59 -0500, Mike McGrath wrote: > > > On Wed, 12 Oct 2011, Henrik Nordström wrote: > > > > > > > ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath: > > > > > > > > > Lo

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread seth vidal
On Wed, 2011-10-12 at 22:13 +0200, Tomas Mraz wrote: > > > > You have to remember, lots of our contributors aren't highly technical. > > Some don't even know what a private key is. They just follow the docs on > > the website and get access to contribute. Not everyone is a packager. > > OK, but

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread seth vidal
On Wed, 2011-10-12 at 22:34 +0200, Tomas Mraz wrote: > Unnecessary work is kind of punishment. > > BTW what prevents the people who do not care about their SSH private key > security to upload their new SSH key to a compromised system immediately > after their generate it again? Nothing prevents

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Pierre-Yves Chibon
On Wed, 2011-10-12 at 16:27 -0400, Simo Sorce wrote: > On Wed, 2011-10-12 at 12:55 -0700, Adam Williamson wrote: > > On Wed, 2011-10-12 at 21:45 +0200, Tomas Mraz wrote: > > > > > That's a nonsense. Simply said. If I have a properly generated random > > > ssh private key with a strong passphrase t

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Tomas Mraz
On Wed, 2011-10-12 at 22:50 +0200, Pierre-Yves Chibon wrote: > On Wed, 2011-10-12 at 16:27 -0400, Simo Sorce wrote: > > On Wed, 2011-10-12 at 12:55 -0700, Adam Williamson wrote: > > > On Wed, 2011-10-12 at 21:45 +0200, Tomas Mraz wrote: > > > > > > > That's a nonsense. Simply said. If I have a pr

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Sam Varshavchik
Kevin Fenzi writes: New Password Rules: * Nine or more characters with lower and upper case letters, digits and punctuation marks. * Ten or more characters with lower and upper case letters and digits. * Twelve or more characters with lower case letters and digits * Twenty or more characters

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

2011-10-12 Thread Henrik Nordström
ons 2011-10-12 klockan 14:59 -0500 skrev Mike McGrath: > 1) People share keys across different projects. Yes. > 2) We've found PRIVATE keys on our servers Which should lead to immediate account suspension, no matter if that key is the Fedora key or some other key. And in reality it's not relat

  1   2   >