On 4/15/14, Michael Catanzaro wrote:
> On Tue, 2014-04-15 at 20:31 +0200, Alec Leamas wrote:
>> Anyway, I get the feeling that the hunt for the "really proper" fix is
>> not that fruitful here. OTOH, if you limit the goals to fulfill the
>> basic statement to not let the default configuration of f
On Tue, Apr 15, 2014 at 08:03:16PM +0200, Andreas Tunek wrote:
> I just want to say that I really support this feature. I do not see
> any point in a firewall for a "Workstation".
>
> BTW, while we are on the subject, does anyone know how to actually
> disable the firewall in Fedora 20? I haven't
The scenario is scary, too many proposals/changes with negative
connotations. Have we been breached...
--
vikram...
^^'^^||root||^^^'''^^
// \\ ))
//(( \\// \\
// /\\ || \\
|| / )) ((\\
--
Our missions are peaceful --
On 04/15/2014 01:08 PM, Joe Orton wrote:
On Mon, Apr 14, 2014 at 04:54:33PM -0400, Bohuslav Kabrda wrote:
AFAIK you can't have 2 mod_wsgi's, each one compiled against a
different Python major.minor, loaded by Apache at the same time for
various reasons. So the best solution would IMO be to creat
On 04/15/2014 09:14 PM, Michael Cronenworth wrote:
Christian Schaller wrote:
We already allow that and have for a long while. Any application
bothering to support the firewalld dbus interface can open any port
they wish to.
Good luck getting software to add this.
A more sensible option would
On 04/15/2014 10:49 PM, Matthias Clasen wrote:
On Tue, 2014-04-15 at 20:41 +0200, Thomas Woerner wrote:
What you need is clearly different "zones" that the user can configure
and associate to networks, with the default being that you trust nothing
and everything is firewalled when you roam a n
On 04/16/2014 01:11 AM, William Brown wrote:
On Tue, 2014-04-15 at 13:49 -0700, Matthias Clasen wrote:
On Tue, 2014-04-15 at 20:41 +0200, Thomas Woerner wrote:
What you need is clearly different "zones" that the user can configure
and associate to networks, with the default being that you tru
On 04/16/2014 02:18 AM, Chuck Anderson wrote:
On Tue, Apr 15, 2014 at 07:28:35PM -0400, Simo Sorce wrote:
On Tue, 2014-04-15 at 13:49 -0700, Matthias Clasen wrote:
You have connected to an new network. If this is a public network, you
may want to stop sharing your Music and disable Remote Logi
On 16 April 2014 00:11, William Brown wrote:
> On Tue, 2014-04-15 at 13:49 -0700, Matthias Clasen wrote:
>> I don't think we want a 'firewall' UI anyway; the firewall is not
>> something most users can or should understand and make decisions of.
>
> Never take decisions away from users.
>
> The O
On Wed, Apr 16, 2014 at 7:11 AM, Ian Malone wrote:
> On 16 April 2014 00:11, William Brown wrote:
>> On Tue, 2014-04-15 at 13:49 -0700, Matthias Clasen wrote:
>
>>> I don't think we want a 'firewall' UI anyway; the firewall is not
>>> something most users can or should understand and make decisio
On 04/15/2014 09:31 AM, Simo Sorce wrote:
> On Tue, 2014-04-15 at 09:13 -0700, Andrew Lutomirski wrote:
>> I keep thinking that, if I had unlimited time, I'd write a totally
>> different kind of firewall. It would allow some policy (userspace
>> daemon or rules loaded into the kernel) to determin
On 04/16/2014 02:28 PM, Josh Boyer wrote:
On Wed, Apr 16, 2014 at 7:11 AM, Ian Malone wrote:
On 16 April 2014 00:11, William Brown wrote:
On Tue, 2014-04-15 at 13:49 -0700, Matthias Clasen wrote:
I don't think we want a 'firewall' UI anyway; the firewall is not
something most users can or
On Wed, Apr 16, 2014 at 8:59 AM, Thomas Woerner wrote:
> On 04/16/2014 02:28 PM, Josh Boyer wrote:
>>
>> On Wed, Apr 16, 2014 at 7:11 AM, Ian Malone wrote:
>>>
>>> On 16 April 2014 00:11, William Brown wrote:
On Tue, 2014-04-15 at 13:49 -0700, Matthias Clasen wrote:
>>>
>>>
> I don
On Tue, Apr 15, 2014 at 03:30:57PM -0400, Simo Sorce wrote:
> On Tue, 2014-04-15 at 20:28 +0200, Zbigniew Jędrzejewski-Szmek wrote:
> > On Tue, Apr 15, 2014 at 11:00:45AM -0400, Simo Sorce wrote:
> > > On Mon, 2014-04-14 at 15:07 +0200, Jaroslav Reznik wrote:
> > > > = Proposed Self Contained Chang
On 04/16/2014 12:40 PM, Daniel J Walsh wrote:
But there would need to be a provable
way to guarantee that only the XYZ application is able to open those
ports.
Same way there needs to be provable way for end users to guarantee they
aren't receiving false positive selinux alerts to begin with.
On 2014-04-11, Jaroslav Reznik wrote:
>= Proposed System Wide Change: BerkeleyDB 6 =
> https://fedoraproject.org/wiki/Changes/BerkeleyDB_6
[...]
> The BerkeleyDB, used between others by rpm [1], changed license between
> versions 5.* and 6.* to AGPLv3+ from GPLv2+. As those two licenses are not
Zbigniew =?utf-8?Q?J=C4=99drzejewski-Szmek?= writes:
> [...] Using HTTP makes it possible to use e.g. use curl to upload
> some logs from the commandline. It should also be fairly easy for
> people to write e.g. Python code to upload logs. [...]
Are you envisioning these journal files being cre
On 16.04.2014 12:31, Thomas Woerner wrote:
> On 04/15/2014 10:49 PM, Matthias Clasen wrote:
>> On Tue, 2014-04-15 at 20:41 +0200, Thomas Woerner wrote:
>>
What you need is clearly different "zones" that the user can configure
and associate to networks, with the default being that you
On 16.04.2014 14:40, Daniel J Walsh wrote:
> Nothing worse then asking Users Security related questions about opening
> firewall ports.
> Users will just answer yes, whether or not they are being hacked.
>
> firefox wants to listen on port 9900 in order to see this page, OK?
>
> %99.999 will ans
On Wed, Apr 16, 2014 at 11:39:07AM -0400, Frank Ch. Eigler wrote:
> Zbigniew =?utf-8?Q?J=C4=99drzejewski-Szmek?= writes:
>
> > [...] Using HTTP makes it possible to use e.g. use curl to upload
> > some logs from the commandline. It should also be fairly easy for
> > people to write e.g. Python c
On Wed, 2014-04-16 at 05:40 -0700, Daniel J Walsh wrote:
> On 04/15/2014 09:31 AM, Simo Sorce wrote:
> > On Tue, 2014-04-15 at 09:13 -0700, Andrew Lutomirski wrote:
> >> I keep thinking that, if I had unlimited time, I'd write a totally
> >> different kind of firewall. It would allow some policy (
On Wed, 2014-04-16 at 08:28 -0400, Josh Boyer wrote:
> On Wed, Apr 16, 2014 at 7:11 AM, Ian Malone wrote:
> > On 16 April 2014 00:11, William Brown wrote:
> >> On Tue, 2014-04-15 at 13:49 -0700, Matthias Clasen wrote:
> >
> >>> I don't think we want a 'firewall' UI anyway; the firewall is not
> >
On Wed, Apr 16, 2014 at 12:32:02PM -0400, Simo Sorce wrote:
> > > I think what you are describing could be probably realized with SELinux
> > > today, just with a special setroubleshoot frontend that catches the AVC
> > > when the service tries to listen and ask the user if he wants to allow
> > >
Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) said:
> On Mon, Apr 14, 2014 at 04:20:16PM -0400, Bill Nottingham wrote:
> > Jaroslav Reznik (jrez...@redhat.com) said:
> > > = Proposed Self Contained Change: Remote Journal Logging =
> > > https://fedoraproject.org/wiki/Changes/Remote_Journal_Log
On Wed, 2014-04-16 at 15:04 +0200, Zbigniew Jędrzejewski-Szmek wrote:
> On Tue, Apr 15, 2014 at 03:30:57PM -0400, Simo Sorce wrote:
> > > I'd imagine that in a setup with a few servers one would create
> > > the certificates on the receiver machine, copy&pasting some instructions
> > > from Fedor
On Wed, Apr 16, 2014 at 12:39 PM, Simo Sorce wrote:
> On Wed, 2014-04-16 at 08:28 -0400, Josh Boyer wrote:
>> A reduced set of zones firewall rules and proper integration in
>> whatever implementation is chosen would seem to be the middle ground
>> here. I like the middle ground. Maybe we cou
On Mon, Apr 14, 2014 at 9:07 AM, Jaroslav Reznik wrote:
> The communication between the two daemons is done over standard HTTPS,
Interesting. One quirk of current syslog-style remote logging over UDP
is that it is fairly tolerant to dataloss.
With quite a bit of experience in the field... I have
On Wed, 2014-04-16 at 18:43 +0200, Tomasz Torcz wrote:
> On Wed, Apr 16, 2014 at 12:32:02PM -0400, Simo Sorce wrote:
> > > > I think what you are describing could be probably realized with SELinux
> > > > today, just with a special setroubleshoot frontend that catches the AVC
> > > > when the servi
On Wed, Apr 16, 2014 at 12:43 PM, Tomasz Torcz wrote:
> On Wed, Apr 16, 2014 at 12:32:02PM -0400, Simo Sorce wrote:
>> > > I think what you are describing could be probably realized with SELinux
>> > > today, just with a special setroubleshoot frontend that catches the AVC
>> > > when the service
On 04/16/2014 06:43 PM, Tomasz Torcz wrote:
On Wed, Apr 16, 2014 at 12:32:02PM -0400, Simo Sorce wrote:
I think what you are describing could be probably realized with SELinux
today, just with a special setroubleshoot frontend that catches the AVC
when the service tries to listen and ask the use
Once upon a time, Martin Langhoff said:
> On Mon, Apr 14, 2014 at 9:07 AM, Jaroslav Reznik wrote:
> > The communication between the two daemons is done over standard HTTPS,
>
> Interesting. One quirk of current syslog-style remote logging over UDP
> is that it is fairly tolerant to dataloss.
Ye
On Thu, 2014-03-27 at 16:02 -0400, Adam Jackson wrote:
> If there are no serious objections I'll try to get this all into testing
> early next week. If you _do_ happen to be using OpenGTL for something
> in F20, now would be an excellent time for you to start working on
> porting it to current LL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 14 Apr 2014 16:16:42 +0200
Jaroslav Reznik wrote:
> = Proposed System Wide Change: Ruby193 in SCL =
> https://fedoraproject.org/wiki/Changes/Ruby193_in_SCL
>
> Change owner(s): Marcela Mašláňová
>
> Ruby 1.9.3 with Rails 3.2.8 is still co
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 14 Apr 2014 14:13:24 +0200
Jaroslav Reznik wrote:
> = Proposed System Wide Change: SCL =
> https://fedoraproject.org/wiki/Changes/SCL
>
> Change owner(s): Marcela Mašláňová
>
> SCL - Software Collections - are popular packaging format abo
On Wed, Apr 16, 2014 at 06:56:21PM +0200, Thomas Woerner wrote:
> > – for any IPv4 incoming connection, this interface is in ”trusted”
> > (”home”?
> > I never know what home/work/dmz/etc really mean)
> You can full customize all zones. This is the reason there is no
> simple description for
Following is the list of topics that will be discussed in the FPC
meeting Thursday at 2014-04-17 16:00 UTC in #fedora-meeting-1 on
irc.freenode.net.
Local time information (via. rktime):
2014-04-17 09:00 Thu US/Pacific PDT
2014-04-17 12:00 Thu US/Eastern EDT
2014-04-17
===
#fedora-meeting: FESCo (2014-04-16)
===
Meeting started by notting at 17:01:57 UTC. The full logs are available
at
http://meetbot.fedoraproject.org/fedora-meeting/2014-04-16/fesco.2014-04-16-17.01.log.html
.
Meeting summary
On Wed, Apr 16, 2014 at 12:46:15PM -0400, Bill Nottingham wrote:
> Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) said:
> > On Mon, Apr 14, 2014 at 04:20:16PM -0400, Bill Nottingham wrote:
> > > Jaroslav Reznik (jrez...@redhat.com) said:
> > > > = Proposed Self Contained Change: Remote Journal L
On Wed, Apr 16, 2014 at 12:50:53PM -0400, Martin Langhoff wrote:
> On Mon, Apr 14, 2014 at 9:07 AM, Jaroslav Reznik wrote:
> > The communication between the two daemons is done over standard HTTPS,
> I hear you holler "OMG you have to build full redundancy in your
> logging backend"; and... I have
On Wed, Apr 16, 2014 at 4:40 PM, Zbigniew Jędrzejewski-Szmek
wrote:
> the upload client is like any other journal client -- it is fully asynchronous
> wrt. to journald writing log entries. (It's something like
> 'journalctl -o export|curl -X POST https://some.where/upload'.)
Fantastic, so there i
On Wed, Apr 16, 2014 at 12:48:21PM -0400, Simo Sorce wrote:
> On Wed, 2014-04-16 at 15:04 +0200, Zbigniew Jędrzejewski-Szmek wrote:
> > On Tue, Apr 15, 2014 at 03:30:57PM -0400, Simo Sorce wrote:
>
> > > > I'd imagine that in a setup with a few servers one would create
> > > > the certificates on
On Wed, Apr 16, 2014 at 04:57:25PM -0400, Martin Langhoff wrote:
> On Wed, Apr 16, 2014 at 4:40 PM, Zbigniew Jędrzejewski-Szmek
> wrote:
> > the upload client is like any other journal client -- it is fully
> > asynchronous
> > wrt. to journald writing log entries. (It's something like
> > 'journ
On Wed, Apr 16, 2014 at 02:28:50PM -0400, James Antill wrote:
> #topic #382 Go Packaging Guidelines Draft
> .fpc 382
> https://fedorahosted.org/fpc/ticket/382
Vincent and I are both at RH Summit this week; if any interaction is
required here it might need to be asynchronous.
--
Matthew Mille
I won't be present again this week (or next) but I did vote on a few
tickets. Hopefully that will help with meeting, discussing, and voting.
-Toshio
pgpKd0BmNZ4y9.pgp
Description: PGP signature
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo
why do whe have that always with libreoffice?
the broken build hangs around for 30 hours in the repo
the supposed to fix that one is not pushed
even with using the koji-repo no way t osolve that
https://admin.fedoraproject.org/updates/FEDORA-2014-5062/libreoffice-4.2.3.3-4.fc20?_csrf_token=05a8ab0
On Tue, Apr 15, 2014 at 08:14:01PM -0400, Christopher wrote:
> > Perhaps shorten to:
> >
> > block
> > public
> > work
> > home
>
> That is a much more intuitive default set.
Is it? What's supposed to be the difference between work and home?
Lars
--
devel mailing list
devel@lists.fedoraproject.o
On Thu, Apr 17, 2014 at 12:55:31AM +0200, Lars Seipel wrote:
> > > Perhaps shorten to:
> > > block
> > > public
> > > work
> > > home
> > That is a much more intuitive default set.
> Is it? What's supposed to be the difference between work and home?
I don't know if it's intuitive or not, but I can
On Wed, Apr 16, 2014 at 3:58 PM, Matthew Miller
wrote:
> On Thu, Apr 17, 2014 at 12:55:31AM +0200, Lars Seipel wrote:
>> > > Perhaps shorten to:
>> > > block
>> > > public
>> > > work
>> > > home
>> > That is a much more intuitive default set.
>> Is it? What's supposed to be the difference between
2014-04-14 22:56 GMT+02:00 Matthew Miller :
> > > ** Replace NetworkManager, etc. with systemd-networkd.
>
> Also, I know you know this but just as a general clarification: the cloud
> image isn't currently using NetworkManager anyway but is using the good ol'
> network initscripts.
>
I don't th
On Thu, Apr 17, 2014 at 01:24:50AM +0200, Miloslav Trmač wrote:
> I don't think we can, or should, have three separate network configuration
> systems in Fedora at the same time. We already know how long and painful
I think we'd stay at two, basically -- right now, we have two in use
(NetworkMana
On Wed, Apr 16, 2014 at 6:55 PM, Lars Seipel wrote:
> On Tue, Apr 15, 2014 at 08:14:01PM -0400, Christopher wrote:
>> > Perhaps shorten to:
>> >
>> > block
>> > public
>> > work
>> > home
>>
>> That is a much more intuitive default set.
>
> Is it? What's supposed to be the difference between work
51 matches
Mail list logo
