Re: trimming down Fedora installed size

On 04/10/2014 09:53 PM, James Antill wrote: > 20 | 38,561 | 38 G | 19M So there are 20MB of meta data that need to be downloaded once. This can hardly be a problem - even if the size tripled. > same thing for updates gives: > 18 | 18,606 | 20 G | 12M Ok, let this be another

Re: F21 system GCC changed to 4.9.0 prerelease

On 04/10/2014 05:38 PM, Richard W.M. Jones wrote: On Thu, Apr 10, 2014 at 12:23:07PM +0200, Jakub Jelinek wrote: To investigate runtime rather than compile time issues, please consider using temporarily -fsanitize=undefined and/or -fsanitize=address to look for undefined behavior in the packages

Re: F21 system GCC changed to 4.9.0 prerelease

On Fri, Apr 11, 2014 at 11:32:53AM +0300, Panu Matilainen wrote: > On 04/10/2014 05:38 PM, Richard W.M. Jones wrote: > >On Thu, Apr 10, 2014 at 12:23:07PM +0200, Jakub Jelinek wrote: > >>To investigate runtime rather than compile time > >>issues, please consider using temporarily -fsanitize=undefin

F21 Self Contained Change: Apache Pig

= Proposed Self Contained Change: Apache Pig = https://fedoraproject.org/wiki/Changes/ApachePig Change owner(s): Peter MacKinnon Apache Pig [1] is a data analysis tool built on top of Apache Hadoop. == Detailed Description == Apache Pig is a platform for analysing large data sets that consist

F21 System Wide Change: BerkeleyDB 6

= Proposed System Wide Change: BerkeleyDB 6 = https://fedoraproject.org/wiki/Changes/BerkeleyDB_6 Change owner(s): Jan Staněk Add BerkeleyDB v. 6, which changed license from previous releases (GPLv2+ to AGPLv3+), to Fedora while keeping the older version for packages which cannot use Berkeley

F21 Self Contained Change: Big Data Cloud Image

= Proposed Self Contained Change: Big Data Cloud Image = https://fedoraproject.org/wiki/Changes/Big_Data_Cloud_Image Change owner(s): Julien Eid , Haïkel Guémar Fedora Cloud agreed to make a base image plus several tailored to specific purposes. This is one of the tailored ones, produced in c

[Base] Base Design WG agenda meeting 11. Apr 2014 15:00 UTC on #fedora-meeting

Agenda: - Recap + summary from topics of last week - F21 changes: https://fedoraproject.org/wiki/Releases/21/ChangeSet - Open floor -- Philipp Knirsch | Tel.: +49-711-96437-470 Manager Core Services| Fax.: +49-711-96437-111 Red Hat GmbH | Email: Phil Knir

F21 Self Contained Change: Docker Container Image

= Proposed Self Contained Change: Docker Container Image = https://fedoraproject.org/wiki/Changes/Docker_Container_Image Change owner(s): Lokesh Mandvekar , Dennis Gilmore This is Fedora running inside Docker. Currently, there are non-official images in the docker index, but we'd like them t

Re: F21 system GCC changed to 4.9.0 prerelease

This new checking looks really powerful. Unfortunately, I'm seeing a build failure for libgphoto2 that I'm having a hard time making sense of: http://kojipkgs.fedoraproject.org//work/tasks/7196/6727196/root.log DEBUG util.py:331: Executing command: ['fedpkg', 'sources'] with env {'LANG': 'en_US

Python on ARM is broken, koji builders crashe

Hello, I think it's time to untag python (or fedpkg) rebuilt with GCC 4.9, because I get these failures from ARM koji builder : DEBUG util.py:331: Executing command: ['fedpkg', 'sources'] with env {'LANG': 'en_US.UTF-8', 'TERM': 'vt100

Re: F21 System Wide Change: BerkeleyDB 6

Once upon a time, Jaroslav Reznik said: > Add BerkeleyDB v. 6, which changed license from previous releases (GPLv2+ to > AGPLv3+), to Fedora while keeping the older version for packages which cannot > use BerkeleyDB with the new license. Have the packages that cannot use libdb-6 because of the

Re: F21 system GCC changed to 4.9.0 prerelease

On Fri, Apr 11, 2014 at 5:10 AM, Jakub Jelinek wrote: > On Fri, Apr 11, 2014 at 11:32:53AM +0300, Panu Matilainen wrote: >> On 04/10/2014 05:38 PM, Richard W.M. Jones wrote: >> >On Thu, Apr 10, 2014 at 12:23:07PM +0200, Jakub Jelinek wrote: >> >>To investigate runtime rather than compile time >> >

Re: F21 system GCC changed to 4.9.0 prerelease

On 04/11/2014 05:10 AM, Jakub Jelinek wrote: On Fri, Apr 11, 2014 at 11:32:53AM +0300, Panu Matilainen wrote: On 04/10/2014 05:38 PM, Richard W.M. Jones wrote: On Thu, Apr 10, 2014 at 12:23:07PM +0200, Jakub Jelinek wrote: To investigate runtime rather than compile time issues, please consider

Re: F21 system GCC changed to 4.9.0 prerelease

On Fri, 11 Apr 2014 09:16:33 -0400 Przemek Klosowski wrote: > On 04/11/2014 05:10 AM, Jakub Jelinek wrote: > > On Fri, Apr 11, 2014 at 11:32:53AM +0300, Panu Matilainen wrote: > >> On 04/10/2014 05:38 PM, Richard W.M. Jones wrote: > >>> On Thu, Apr 10, 2014 at 12:23:07PM +0200, Jakub Jelinek wrot

F21 System Wide Change: TCL/TK 8.6

= Proposed System Wide Change: TCL/TK 8.6 = https://fedoraproject.org/wiki/Changes/f21tcl86 Change owner(s): Jaroslav Škarvada Update tcl/tk from 8.5 to 8.6 in Fedora 21. == Detailed Description == Latest stable TCL/TK is version 8.6.1, currently there is version 8.5.13 in Fedora. The aim of

F21 Self Contained Change: Jenkins

= Proposed Self Contained Change: Jenkins = https://fedoraproject.org/wiki/Changes/Jenkins Change owner(s): Michal Srb Jenkins is an open source continuous integration tool written in Java. == Detailed Description == Jenkins provides continuous integration services for software development. I

F21 System Wide Change: Cockpit Management Console

= Proposed System Wide Change: Cockpit Management Console = https://fedoraproject.org/wiki/Changes/CockpitManagementConsole Change owner(s): Stephen Gallagher , Marius Vollmer, Stef Walter The Fedora Server Product will ship the Cockpit Project as available by default, providing an approachabl

Re: F21 System Wide Change: BerkeleyDB 6

On 04/11/2014 01:18 PM, Jaroslav Reznik wrote: = Proposed System Wide Change: BerkeleyDB 6 = https://fedoraproject.org/wiki/Changes/BerkeleyDB_6 Change owner(s): Jan Staněk Add BerkeleyDB v. 6, which changed license from previous releases (GPLv2+ to AGPLv3+), to Fedora while keeping the older

Re: F21 system GCC changed to 4.9.0 prerelease

On 04/11/2014 04:15 PM, Josh Boyer wrote: On Fri, Apr 11, 2014 at 5:10 AM, Jakub Jelinek wrote: On Fri, Apr 11, 2014 at 11:32:53AM +0300, Panu Matilainen wrote: On 04/10/2014 05:38 PM, Richard W.M. Jones wrote: On Thu, Apr 10, 2014 at 12:23:07PM +0200, Jakub Jelinek wrote: To investigate run

Re: F21 system GCC changed to 4.9.0 prerelease

On Fri, Apr 11, 2014 at 09:15:35AM -0400, Josh Boyer wrote: > Seems they were enabled for RPM in rawhide and now a mock chroot fails > to init because RPM explodes. This is from a noarch (which is run on > an ARM builder) build from a scratch build. For -fsanitize=address (and -fsanitize=thread),

F21 System Wide Change: The securetty file is empty by default

= Proposed System Wide Change: The securetty file is empty by default = https://fedoraproject.org/wiki/Changes/securetty_file_is_empty_by_default Change owner(s): quickbooks The securetty file is empty by default There's on-going discussion for this Change on the devel list. https://lists.f

Re: fedora-atomic discussion point: /usr/lib/passwd

On Fri, 11.04.14 06:33, Colin Walters (walt...@verbum.org) wrote: > For the fedora-atomic work, the only not-in-Fedora package is > shadow-utils because it requires a patch, that still lives in my > walters/rpm-ostree COPR. > > Patch is linked from my post here: > http://lists.alioth.debian.org/p

Re: fedora-atomic discussion point: /usr/lib/passwd

On 04/11/2014 02:34 PM, Lennart Poettering wrote: Within the systemd project we have been working on a scheme we call "factory" where packages can drop in static descriptions in /usr/lib of stuff they need in /etc and /var to work properly. The idea is to then use this information automatically

Re: fedora-atomic discussion point: /usr/lib/passwd

On Fri, 11.04.14 14:41, Jóhann B. Guðmundsson (johan...@gmail.com) wrote: > > On 04/11/2014 02:34 PM, Lennart Poettering wrote: > >Within the systemd project we have been working on a scheme we call > >"factory" where packages can drop in static descriptions in /usr/lib of > >stuff they need in /

Re: F21 System Wide Change: BerkeleyDB 6

Jaroslav Reznik (jrez...@redhat.com) said: > == Scope == > * Proposal owners: Create new set of packages and introduce proper versioning > in order to not confuse the dynamic linker. Is this symbol versioning intended to be upstream? Bill -- devel mailing list devel@lists.fedoraproject.org htt

Re: F21 System Wide Change: The securetty file is empty by default

Am 11.04.2014 16:30, schrieb Jaroslav Reznik: > === Description === > An empty /etc/securetty file prevents root login on any devices attached to > the computer. > > === Effects === > Prevents access to the root account via the console or the network. The > following programs are '''prevented''

Prefixing system users with an underscore?

Heya! Many other distributions and Unixes have adopted (or are at least discussing) to prefix system users and groups with an underscore to avoid namespace clashes between vendor supplied and user created users/groups. To me this sounds like something we really should adopt in Fedora as well. At

Re: fedora-atomic discussion point: /usr/lib/passwd

On 04/11/2014 02:47 PM, Lennart Poettering wrote: On Fri, 11.04.14 14:41, Jóhann B. Guðmundsson (johan...@gmail.com) wrote: On 04/11/2014 02:34 PM, Lennart Poettering wrote: Within the systemd project we have been working on a scheme we call "factory" where packages can drop in static descrip

Re: fedora-atomic discussion point: /usr/lib/passwd

On Fri, Apr 11, 2014 at 5:05 PM, "Jóhann B. Guðmundsson" wrote: > > On 04/11/2014 02:47 PM, Lennart Poettering wrote: >> >> On Fri, 11.04.14 14:41, Jóhann B. Guðmundsson (johan...@gmail.com) wrote: >> >>> On 04/11/2014 02:34 PM, Lennart Poettering wrote: Within the systemd project we hav

Re: F21 system GCC changed to 4.9.0 prerelease

On Fri, Apr 11, 2014 at 01:45:38PM +0100, Tim Waugh wrote: > This new checking looks really powerful. > > Unfortunately, I'm seeing a build failure for libgphoto2 that I'm having > a hard time making sense of: > > http://kojipkgs.fedoraproject.org//work/tasks/7196/6727196/root.log I think Panu h

JavaScript bundling (was Re: F21 System Wide Change: Cockpit Management Console)

Asking for a friend... Trying to get clarification of the current JavaScript guidelines (https://fedoraproject.org/wiki/Packaging:JavaScript) since it is potentially impactful for a web UI review request (https://bugzilla.redhat.com/show_bug.cgi?id=1076506) I'm working on. Cockpit and some ot

Re: fedora-atomic discussion point: /usr/lib/passwd

On Fri, 11.04.14 15:05, Jóhann B. Guðmundsson (johan...@gmail.com) wrote: > > On 04/11/2014 02:47 PM, Lennart Poettering wrote: > >On Fri, 11.04.14 14:41, Jóhann B. Guðmundsson (johan...@gmail.com) wrote: > > > >>On 04/11/2014 02:34 PM, Lennart Poettering wrote: > >>>Within the systemd project we

Re: fedora-atomic discussion point: /usr/lib/passwd

On 04/11/2014 03:11 PM, drago01 wrote: On Fri, Apr 11, 2014 at 5:05 PM, "Jóhann B. Guðmundsson" wrote: On 04/11/2014 02:47 PM, Lennart Poettering wrote: On Fri, 11.04.14 14:41, Jóhann B. Guðmundsson (johan...@gmail.com) wrote: On 04/11/2014 02:34 PM, Lennart Poettering wrote: Within the sy

Re: fedora-atomic discussion point: /usr/lib/passwd

On Fri, 11.04.14 15:19, Jóhann B. Guðmundsson (johan...@gmail.com) wrote: > > On 04/11/2014 03:11 PM, drago01 wrote: > >On Fri, Apr 11, 2014 at 5:05 PM, "Jóhann B. Guðmundsson" > > wrote: > >>On 04/11/2014 02:47 PM, Lennart Poettering wrote: > >>>On Fri, 11.04.14 14:41, Jóhann B. Guðmundsson (joh

Re: fedora-atomic discussion point: /usr/lib/passwd

On Fri, Apr 11, 2014 at 2:33 AM, Colin Walters wrote: > One way to fix this that goes with my general direction of moving things out > of %post into systemd: a dynamic uid reservation system that saves state > persistently. > Crudely, this would be ExecStartPre=/usr/sbin/useradd -r ... > except we

Re: fedora-atomic discussion point: /usr/lib/passwd

On 04/11/2014 03:22 PM, Lennart Poettering wrote: On Fri, 11.04.14 15:05, Jóhann B. Guðmundsson (johan...@gmail.com) wrote: On 04/11/2014 02:47 PM, Lennart Poettering wrote: /etc is "administrator space" and evolving into "administrator only space" which means eventually nothing will be placin

Re: fedora-atomic discussion point: /usr/lib/passwd

On Fri, Apr 11, 2014 at 10:34 AM, Lennart Poettering wrote: I am really not convinced that this is a good idea and will really fly. Having a fully static passwd file can't really work since admins must have the ability to change certain user attributes for certain system users. This is quite ob

Re: fedora-atomic discussion point: /usr/lib/passwd

On 04/11/2014 03:27 PM, Lennart Poettering wrote: For me the "factory" systemd stuff is actually very much about containers. It's actually kinda my primary goal here: I want to allow deployment of a single /usr in a thousnad containers, so that each container's /etc and /var is automatically pop

Re: fedora-atomic discussion point: /usr/lib/passwd

On Fri, Apr 11, 2014 at 11:33 AM, Martin Langhoff wrote: If you move in this direction, you have to create files/dirs to be owned by the daemon user too. That's a really good point. I hadn't thought about that. Urgh. The way this works in the RPM world is so evil - rpm calls out to /usr/

Re: F21 System Wide Change: The securetty file is empty by default

- Original Message - > = Proposed System Wide Change: The securetty file is empty by default = > https://fedoraproject.org/wiki/Changes/securetty_file_is_empty_by_default > > Change owner(s): quickbooks > > The securetty file is empty by default > > There's on-going discussion for thi

Re: F21 System Wide Change: The securetty file is empty by default

Picking this up late but am I current in understanding this essentially creates an additional kernel level sandbox to the ssh secure tty tunnelling? and is this for both server and client or just for server env./? Corey W Sheldon Owner, 1st Class Mobile Shine 310.909.7672 www.facebook.com/1stclas

Re: fedora-atomic discussion point: /usr/lib/passwd

On Fri, 2014-04-11 at 16:09 +, Colin Walters wrote: > On Fri, Apr 11, 2014 at 11:33 AM, Martin Langhoff > wrote: > > > > If you move in this direction, you have to create files/dirs to be > > owned by the daemon user too. > > That's a really good point. I hadn't thought about that. Urgh.

Re: F21 System Wide Change: The securetty file is empty by default

On 04/11/2014 04:18 PM, Jaroslav Reznik wrote: = Proposed System Wide Change: The securetty file is empty by default = >https://fedoraproject.org/wiki/Changes/securetty_file_is_empty_by_default > >Change owner(s): quickbooks > >The securetty file is empty by default > >There's on-going discuss

[Base] Fedora Base Design Working Group (2014-04-11) meeting minutes and logs

Main discussion points were a quick recap and discussion about last weeks topics: - Pro active deprecation of unused/old packages Discussed this a bit and agreed to work on a more formal/official announcement for each release using a typical 2 stage process with deprecation for next release

Re: fedora-atomic discussion point: /usr/lib/passwd

On Fri, 11.04.14 15:49, Colin Walters (walt...@verbum.org) wrote: > On Fri, Apr 11, 2014 at 10:34 AM, Lennart Poettering > wrote: > > > >I am really not convinced that this is a good idea and will really > >fly. Having a fully static passwd file can't really work since admins > >must have the abi

Re: fedora-atomic discussion point: /usr/lib/passwd

On Fri, 2014-04-11 at 18:39 +0200, Lennart Poettering wrote: > On Fri, 11.04.14 15:49, Colin Walters (walt...@verbum.org) wrote: > > > On Fri, Apr 11, 2014 at 10:34 AM, Lennart Poettering > > wrote: > > > > > >I am really not convinced that this is a good idea and will really > > >fly. Having a f

Re: fedora-atomic discussion point: /usr/lib/passwd

On Fri, 11.04.14 16:09, Colin Walters (walt...@verbum.org) wrote: > On Fri, Apr 11, 2014 at 11:33 AM, Martin Langhoff > wrote: > > > >If you move in this direction, you have to create files/dirs to be > >owned by the daemon user too. Hmm, let's think for a moment what kind of files this actually

Re: fedora-atomic discussion point: /usr/lib/passwd

On 11 April 2014 10:49, Lennart Poettering wrote: > On Fri, 11.04.14 16:09, Colin Walters (walt...@verbum.org) wrote: > > > On Fri, Apr 11, 2014 at 11:33 AM, Martin Langhoff > > wrote: > > > > > >If you move in this direction, you have to create files/dirs to be > > >owned by the daemon user too

Re: fedora-atomic discussion point: /usr/lib/passwd

On Fri, 11.04.14 12:47, Simo Sorce (s...@redhat.com) wrote: > > So how about this then, we have a drop-in dir in /usr as above, with > > files that list the numeric UID where possible. For the cases where > > that's not possible however, we'd check some additional db in /var. If > > that db doesn'

Re: fedora-atomic discussion point: /usr/lib/passwd

2014-04-11 8:33 GMT+02:00 Colin Walters : > For the fedora-atomic work, the only not-in-Fedora package is shadow-utils > because it requires a patch, that still lives in my walters/rpm-ostree COPR. > > Patch is linked from my post here: > http://lists.alioth.debian.org/pipermail/pkg-shadow- > deve

Re: [fedocal] The end of the fedora-meeting* calendars

On Wed, Apr 09, 2014 at 06:22:10PM +0200, Pierre-Yves Chibon wrote: > I updated all the locations that were using `#fedora-meeting` to use > `fedora-meet...@irc.freenode.net` and I will check on this every once in a > while. I just noticed that http://status.fedoraproject.org/ uses irc://irc.free

Re: fedora-atomic discussion point: /usr/lib/passwd

On Fri, Apr 11, 2014 at 12:49 PM, Lennart Poettering wrote: > On Fri, 11.04.14 16:09, Colin Walters (walt...@verbum.org) wrote: > >> On Fri, Apr 11, 2014 at 11:33 AM, Martin Langhoff >> wrote: >> > >> >If you move in this direction, you have to create files/dirs to be >> >owned by the daemon user

Re: fedora-atomic discussion point: /usr/lib/passwd

On Fri, Apr 11, 2014 at 1:05 PM, Miloslav Trmač wrote: So, having /usr/lib/passwd storing the same limited set of data is not the right long-term thing. Unfortunately, AFAIK the fuller interface isn't ready yet. Yeah, it'd be nice to merge the accountsservice database in to the system db.

Re: fedora-atomic discussion point: /usr/lib/passwd

On Fri, 2014-04-11 at 19:01 +0200, Lennart Poettering wrote: > On Fri, 11.04.14 12:47, Simo Sorce (s...@redhat.com) wrote: > > > > So how about this then, we have a drop-in dir in /usr as above, with > > > files that list the numeric UID where possible. For the cases where > > > that's not possibl

Re: fedora-atomic discussion point: /usr/lib/passwd

On Fri, 11.04.14 19:05, Miloslav Trmač (m...@volny.cz) wrote: > There is broad agreement that future access to the user database database > (both reading and writing) will be through sssd[1], and that the data model > of /etc/{passwd,shadow} is too restrictive--we already want/need to store > more

Re: fedora-atomic discussion point: /usr/lib/passwd

2014-04-11 19:19 GMT+02:00 Lennart Poettering : > On Fri, 11.04.14 19:05, Miloslav Trmač (m...@volny.cz) wrote: > > > There is broad agreement that future access to the user database database > > (both reading and writing) will be through sssd[1], and that the data > model > > of /etc/{passwd,shad

Re: F21 System Wide Change: The securetty file is empty by default

On Fri, Apr 11, 2014 at 12:23:43PM -0400, Corey Sheldon wrote: > Picking this up late but am I current in understanding this essentially > creates an additional kernel level sandbox to the ssh secure tty > tunnelling? and is this for both server and client or just for server > env./? Nope, nothin

Re: Orphaning java-1.5.0-gcj

* Andrew Haley [2014-04-07 13:29]: > On 04/07/2014 03:23 PM, Peter Robinson wrote: > >> There have been a few discussions about this in the past but no action. > >> With feature freeze approaching for F21, I think this is a good time to > >> address this. > >> > >> I will be orphaning java-1.5.0-g

Re: default local DNS caching name server

  Hello, > On Thursday, 10 April 2014 11:39 PM, P J P wrote: > I plan to file a feature/change request for this one. I got caught up with > other > work this past week so could not do it. Will start with it right away.   Please see ->  https://fedoraproject.org/wiki/Changes/Default_Local_DNS_R

Re: default local DNS caching name server

On Sat, Apr 12, 2014 at 02:33:59 +0800, P J P wrote:   Please see ->  https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver It's a System Wide Change Proposal request up for review.  I think there should be something explicitly about how this is going to work with captive port

Re: default local DNS caching name server

> On Saturday, 12 April 2014 12:28 AM, Bruno Wolff III wrote: > I think there should be something explicitly about how this is going to > work with captive portals that lie about dns in order to get people's > web browsers to go to their sign in page.   Sorry, I did not get the question. Could

Re: default local DNS caching name server

On Sat, Apr 12, 2014 at 03:06:17 +0800, P J P wrote: On Saturday, 12 April 2014 12:28 AM, Bruno Wolff III wrote: I think there should be something explicitly about how this is going to work with captive portals that lie about dns in order to get people's web browsers to go to their sign in pag

Re: default local DNS caching name server

> On Saturday, 12 April 2014 12:40 AM, Bruno Wolff III wrote: > It looks like your proposal is going to break things for people using > some wifi hotspots.   Why, how? --- Regards    -Prasad http://feedmug.com -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/m

Re: default local DNS caching name server

On Sat, 2014-04-12 at 02:33 +0800, P J P wrote: > Hello, > > > On Thursday, 10 April 2014 11:39 PM, P J P wrote: > > I plan to file a feature/change request for this one. I got caught up with > > other > > work this past week so could not do it. Will start with it right away. > > Please se

Re: F21 System Wide Change: The securetty file is empty by default

On Fri, 11 Apr 2014 16:26:48 + "Jóhann B. Guðmundsson" wrote: > > On 04/11/2014 04:18 PM, Jaroslav Reznik wrote: > >> = Proposed System Wide Change: The securetty file is empty by > >> default = > >> >https://fedoraproject.org/wiki/Changes/securetty_file_is_empty_by_default > >> > > >> >Cha

Re: default local DNS caching name server

On Fri, 2014-04-11 at 14:21 -0500, Dan Williams wrote: > On Sat, 2014-04-12 at 02:33 +0800, P J P wrote: > > Hello, > > > > > On Thursday, 10 April 2014 11:39 PM, P J P wrote: > > > I plan to file a feature/change request for this one. I got caught up > > > with other > > > work this past week

Re: default local DNS caching name server

   Hello Dan, > On Saturday, 12 April 2014 12:51 AM, Dan Williams wrote: > NM has had local caching nameserver capability built-in since Fedora 12 > or something like that.  Set 'dns=dnsmasq' in the [main] section > of /etc/NetworkManager/NetworkManager.conf and NM will spawn dnsmasq in > a local

Re: default local DNS caching name server

    Hi, > On Saturday, 12 April 2014 12:56 AM, Dan Williams wrote: > We want to make sure that any local caching nameserver that we do use > doesn't rely exclusively on file-based configuration, or if it does, > it's able to re-read that configuration file using SIGHUP or some > seamless reload fu

Re: default local DNS caching name server

On Sat, 2014-04-12 at 03:35 +0800, P J P wrote: >Hello Dan, > > > On Saturday, 12 April 2014 12:51 AM, Dan Williams wrote: > > NM has had local caching nameserver capability built-in since Fedora 12 > > or something like that. Set 'dns=dnsmasq' in the [main] section > > of /etc/NetworkManager

Re: default local DNS caching name server

2014-04-11 21:55 GMT+02:00 Dan Williams : > I think the big issue for me is the use of "trusted" in the proposal. > What does that actually mean? Who is doing the trusting? The goal is to have DNSSEC validation in a system-wide, dedicated code, trusted for that purpose; i.e. unbound does DNSSEC

Re: default local DNS caching name server

On Fri, 11 Apr 2014, Dan Williams wrote: That's great. Thank you so much for sharing this information. I'll add it to the wiki page. About the wifi hotspots breakage, I'm still not in the clear. IIUC how they work is, all client traffic is blocked/redirected to a designated server till the

Re: default local DNS caching name server

On Fri, Apr 11, 2014 at 14:21:30 -0500, Dan Williams wrote: NM in F20+ already has a "dns=none" option that prevents NM from touching resolv.conf, but obviously if NM isn't touching it, the DNS information that NM gets from upstream or your local configuration needs to get to the local cachin

Re: default local DNS caching name server

On Saturday, 12 April 2014 1:35 AM, Miloslav Trmač wrote: >The goal is to have DNSSEC validation in a system-wide, dedicated code, >trusted for that purpose; i.e. unbound does DNSSEC validation for >every application, with a centralized configuration and cache, >so no application needs or should d

Re: default local DNS caching name server

On 04/11/2014 03:14 PM, P J P wrote: On Saturday, 12 April 2014 12:40 AM, Bruno Wolff III wrote: It looks like your proposal is going to break things for people using some wifi hotspots. Why, how? It's a hack designed to handle someone that just connected to the network and opened a browser,

Re: default local DNS caching name server

Once upon a time, Bruno Wolff III said: > If you are running a caching resolver you don't need the DNS > information from DCHP (except except for the hotspot issue) at all. Unless you have a specific reason not to, you should use the DNS server from DHCP. That may be the only DNS server that wil

Re: default local DNS caching name server

On Fri, 11 Apr 2014, Przemek Klosowski wrote: On 04/11/2014 03:14 PM, P J P wrote: On Saturday, 12 April 2014 12:40 AM, Bruno Wolff III wrote: It looks like your proposal is going to break things for people using some wifi hotspots.   Why, how? It's a hack designed to handle someone that ju

Re: default local DNS caching name server

On Fri, 11 Apr 2014, Chris Adams wrote: Unless you have a specific reason not to, you should use the DNS server from DHCP. My specific reason is that I dont trust random strangers. That may be the only DNS server that will work, there may be private DNS info not available anywhere else, etc.

Re: default local DNS caching name server

On Fri, 11 Apr 2014 16:39:34 -0400 (EDT) Paul Wouters wrote: ...snip... > I've been running this solution on fedora for about five years now. It > works reasonably well, and anyone who is on this list surely has could > try it out. Because of lack of NM integration I would not call it > enduser

Re: default local DNS caching name server

On Fri, Apr 11, 2014 at 15:33:48 -0500, Chris Adams wrote: Once upon a time, Bruno Wolff III said: If you are running a caching resolver you don't need the DNS information from DCHP (except except for the hotspot issue) at all. Unless you have a specific reason not to, you should use the D

Re: default local DNS caching name server

On Fri, 11 Apr 2014, Bruno Wolff III wrote: If you are running a caching resolver you don't need the DNS information from DCHP (except except for the hotspot issue) at all. For example, dnscache can be used for this. (It doesn't do dnssec though, so wouldn't provide what is wanted for the prop

Re: trimming down Fedora installed size

On Thu, Apr 10, 2014 at 06:13:42PM +0100, Andrew Price wrote: > On 10/04/14 17:05, Bill Nottingham wrote: > >James Antill (ja...@fedoraproject.org) said: > >> Not that I assume splitting lanauges and docs. into sub packages would > >>triple primary numbers, but if it did ... that would be bad. > >

Re: default local DNS caching name server

On Fri, 11 Apr 2014, Bruno Wolff III wrote: Unless you have a specific reason not to, you should use the DNS server from DHCP. That may be the only DNS server that will work, there may be private DNS info not available anywhere else, etc. Split horizon should still work with a caching recursi

Re: default local DNS caching name server

On Fri, Apr 11, 2014 at 16:43:12 -0400, Paul Wouters wrote: It's rude to bypass the global DNS caching infrastructure. That would significantly load people's DNS servers with more queries. There is no reason not to try and use ISP's DNS caches. Some ISPs modify dns responses (such as increa

Re: default local DNS caching name server

Once upon a time, Bruno Wolff III said: > The advantage of using your dns server is that you know what you're > getting. You'll also lose almost all content-delivery network advantages (most of that is mapped to "close" servers with DNS). -- Chris Adams -- devel mailing list devel@lists.fedora

Re: default local DNS caching name server

On Fri, Apr 11, 2014 at 16:59:05 -0400, Paul Wouters wrote: On Fri, 11 Apr 2014, Bruno Wolff III wrote: If you don't know there is an exception for a domain (eg at the other end of a VPN) than you will get the public answers and might not get where you need to go. Additionally, with DNSSEC th

Re: default local DNS caching name server

On Fri, 11 Apr 2014, Chris Adams wrote: Once upon a time, Bruno Wolff III said: The advantage of using your dns server is that you know what you're getting. You'll also lose almost all content-delivery network advantages (most of that is mapped to "close" servers with DNS). Another reason

Re: default local DNS caching name server

On Fri, 11 Apr 2014, Bruno Wolff III wrote: If you don't know there is an exception for a domain (eg at the other end of a VPN) than you will get the public answers and might not get where you need to go. Additionally, with DNSSEC there is the problem that the public view cryptographically prove

Re: default local DNS caching name server

On Fri, Apr 11, 2014 at 17:46:29 -0400, Paul Wouters wrote: I'm not sure what you are trying to say here. It was a comment about ISPs changing TTLs (or other things). DNSSEC can be used to tell you the data might not be authoritative, but doesn't tell you what the correct information is.

Re: default local DNS caching name server

On Fri, 2014-04-11 at 14:45 -0600, Kevin Fenzi wrote: > On Fri, 11 Apr 2014 16:39:34 -0400 (EDT) > Paul Wouters wrote: > > ...snip... > > > I've been running this solution on fedora for about five years now. It > > works reasonably well, and anyone who is on this list surely has could > > try it

Re: default local DNS caching name server

On Sat, Apr 12, 2014 at 02:33:59AM +0800, P J P wrote: >   Hello, > > > On Thursday, 10 April 2014 11:39 PM, P J P wrote: > > I plan to file a feature/change request for this one. I got caught up with > > other > > work this past week so could not do it. Will start with it right away. > >   Pl

Re: default local DNS caching name server

On Fri, 11 Apr 2014, Bruno Wolff III wrote: I'm not sure what you are trying to say here. It was a comment about ISPs changing TTLs (or other things). DNSSEC can be used to tell you the data might not be authoritative, but doesn't tell you what the correct information is. First, TTLs you r

Re: default local DNS caching name server

On Fri, Apr 11, 2014 at 18:44:21 -0400, Paul Wouters wrote: First, TTLs you receive from a forwarder can always be manipulated, even with DNSSEC - otherwise caching wouldn't work. Second, I still don't understand the point. Are you suggesting it is better to believe all DNS lies than to not

Re: default local DNS caching name server

On Fri, 11 Apr 2014, Bruno Wolff III wrote: Second, I still don't understand the point. Are you suggesting it is better to believe all DNS lies than to not know where the lies lead? Not better. That DNSSEC doesn't really solve everythin one might want it to. And hence one might want to avoid

Re: default local DNS caching name server

On Fri, 2014-04-11 at 15:22 -0500, Bruno Wolff III wrote: > On Fri, Apr 11, 2014 at 14:21:30 -0500, >Dan Williams wrote: > > > >NM in F20+ already has a "dns=none" option that prevents NM from > >touching resolv.conf, but obviously if NM isn't touching it, the DNS > >information that NM gets f

Re: default local DNS caching name server

On Fri, 2014-04-11 at 14:45 -0600, Kevin Fenzi wrote: > On Fri, 11 Apr 2014 16:39:34 -0400 (EDT) > Paul Wouters wrote: > > ...snip... > > > I've been running this solution on fedora for about five years now. It > > works reasonably well, and anyone who is on this list surely has could > > try it

Re: default local DNS caching name server

On Fri, 11 Apr 2014, Simo Sorce wrote: I hope the NM integration will show up at some point. It's really a pretty nice setup. I am using it too successfully. Only occasionally unbound seem to get confused, not clear when, it doesn't happen more than twice a month and systemctl restart unbound.

Re: default local DNS caching name server

On Sat, 2014-04-12 at 02:33 +0800, P J P wrote: > Hello, > > > On Thursday, 10 April 2014 11:39 PM, P J P wrote: > > I plan to file a feature/change request for this one. I got caught up with > > other > > work this past week so could not do it. Will start with it right away. > > Please se

Re: default local DNS caching name server

> On Saturday, 12 April 2014 2:13 AM, Paul Wouters wrote:> > It's rude to bypass the global DNS caching infrastructure. That would > significantly load people's DNS servers with more queries. There is no > reason not to try and use ISP's DNS caches.   You mean let local resolver forward queries t

Re: default local DNS caching name server

   Hello Kevin, Paul > On Saturday, 12 April 2014 2:16 AM, Kevin Fenzi wrote: >> I've been running this solution on fedora for about five years now. It >> works reasonably well, and anyone who is on this list surely has could >> try it out. Because of lack of NM integration I would not call it >>

Re: default local DNS caching name server

> On Saturday, 12 April 2014 3:55 AM, Chuck Anderson wrote: > I think there needs to be more emphasis on the /other/ benefit, the > whole reason I brought this up this time:   Sure; I tried to cover it in the detailed description as === ...Apart from trust, these name servers are often known to b

  1   2   >