h>> Hi All,
>>
>> Fedora 22 has been branched, please be sure to do a git pull --rebase to
>> pick up the new branch, as an additional reminder rawhide/f23 has had
>> inheritance cut off from previous releases, so this means that
>> anything you do for f22 you also have to do in the master branch
On Thu, Feb 12, 2015 at 6:30 AM, Michael Cronenworth
wrote:
I'm sure those that need to know, know, but for those that haven't
heard[1]
Mozilla's official Firefox build will enforce addons to contain a
Mozilla signature
without any runtime option to disable the check.
Initially this prevents
The following packages are orphaned and will be retired when they
are orphaned for six weeks, unless someone adopts them. If you know for sure
that the package should be retired, please do so now with a proper reason:
https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life
Note: If y
The following packages are orphaned and will be retired when they
are orphaned for six weeks, unless someone adopts them. If you know for sure
that the package should be retired, please do so now with a proper reason:
https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life
Note: If y
On Thu, Feb 12, 2015 at 11:15 AM, Nikos Roussos
wrote:
> On Thu, Feb 12, 2015 at 6:30 AM, Michael Cronenworth
> wrote:
>
> I'm sure those that need to know, know, but for those that haven't heard[1]
> Mozilla's official Firefox build will enforce addons to contain a Mozilla
> signature without an
On 02/12/2015 11:15 AM, Nikos Roussos wrote:
> On Thu, Feb 12, 2015 at 6:30 AM, Michael Cronenworth
> wrote:
>> Is Fedora going to get authorization to build Firefox with a runtime
>> disable option?
>
> If the only way is to completely disable this feature, I'd prefer we don't.
> I wouldn't like
On Thu, Feb 12, 2015 at 12:47:27PM +0100, drago01 wrote:
> On Thu, Feb 12, 2015 at 11:15 AM, Nikos Roussos
> wrote:
> > On Thu, Feb 12, 2015 at 6:30 AM, Michael Cronenworth
> > wrote:
> >
> > I'm sure those that need to know, know, but for those that haven't heard[1]
> > Mozilla's official Firefo
On Thu, Feb 12, 2015 at 1:53 PM, Daniel P. Berrange wrote:
> On Thu, Feb 12, 2015 at 12:47:27PM +0100, drago01 wrote:
>> On Thu, Feb 12, 2015 at 11:15 AM, Nikos Roussos
>> wrote:
>> > On Thu, Feb 12, 2015 at 6:30 AM, Michael Cronenworth
>> > wrote:
>> >
>> > I'm sure those that need to know, kno
> On Thu, Feb 12, 2015 at 12:47:27PM +0100, drago01 wrote:
> > A better way would be to add a "Fedora Signature" in addition to
> > mozilla's and use that for packaged extensions.
> > But that would require work on the build system (koji) side.
>
> The RPMs deploying the packaged extension are alr
On Thu, 2015-02-12 at 09:16 -0500, Miloslav Trmač wrote:
> > On Thu, Feb 12, 2015 at 12:47:27PM +0100, drago01 wrote:
> > > A better way would be to add a "Fedora Signature" in addition to
> > > mozilla's and use that for packaged extensions.
> > > But that would require work on the build system (k
> or simply exempt signature checking if
> the extension is on disk. They should check on download only.
That would defeat the entire purpose; malware is very commonly sideloading
extensions.
Mirek
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/li
Hi
try to build leveldbjni but is mistakenly seen as a package noarch
any ideas?
Task info: http://koji.fedoraproject.org/koji/taskinfo?taskID=8909564
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedorapro
Eek, sorry, got busy and forgot about this...
On Fri, Jan 30, 2015 at 10:49 AM, Kevin Fenzi wrote:
> I'm really not sure, but a scratch build here works fine:
> https://koji.fedoraproject.org/koji/taskinfo?taskID=8784062
>
> Is there any changes to your local koji client config?
As far as I can
On Thu, Feb 12, 2015 at 8:29 AM, gil wrote:
> Hi
> try to build leveldbjni but is mistakenly seen as a package noarch
> any ideas?
> Task info: http://koji.fedoraproject.org/koji/taskinfo?taskID=8909564
Possibly related to this thread:
https://lists.fedoraproject.org/pipermail/devel/2015-January/
On Thu, 2015-02-12 at 09:54 -0500, Miloslav Trmač wrote:
> > or simply exempt signature checking if
> > the extension is on disk. They should check on download only.
>
> That would defeat the entire purpose; malware is very commonly sideloading
> extensions.
Malware can easily binary patch firef
On 12/02/15 16:53, Simo Sorce wrote:
Malware can easily binary patch firefox to ignore verification, I do not
think trying to defeat sideloading with this kind of verification makes
much sense.
Of course you may decide to exempt only extensions in non-user-writable
locations, if you are on Linux
On Thu, Feb 12, 2015 at 09:54:16AM -0500, Miloslav Trmač wrote:
> > or simply exempt signature checking if
> > the extension is on disk. They should check on download only.
>
> That would defeat the entire purpose; malware is very commonly
> sideloading extensions.
If we only exempt extensions in
On Thu, Feb 12, 2015 at 9:53 AM, Simo Sorce wrote:
Malware can easily binary patch firefox to ignore verification, I do
not
think trying to defeat sideloading with this kind of verification
makes
much sense.
And if you've already installed malware with on your computer, don't
you kind of ha
Il 12/02/2015 16:50, Jerry James ha scritto:
Eek, sorry, got busy and forgot about this...
On Fri, Jan 30, 2015 at 10:49 AM, Kevin Fenzi wrote:
I'm really not sure, but a scratch build here works fine:
https://koji.fedoraproject.org/koji/taskinfo?taskID=8784062
Is there any changes to your l
On 02/12/2015 04:53 PM, Simo Sorce wrote:
> On Thu, 2015-02-12 at 09:54 -0500, Miloslav Trmač wrote:
>>> or simply exempt signature checking if
>>> the extension is on disk. They should check on download only.
>>
>> That would defeat the entire purpose; malware is very commonly sideloading
>> exte
On Thu, 2015-02-12 at 18:19 +0100, Florian Weimer wrote:
> On 02/12/2015 04:53 PM, Simo Sorce wrote:
> > On Thu, 2015-02-12 at 09:54 -0500, Miloslav Trmač wrote:
> >>> or simply exempt signature checking if
> >>> the extension is on disk. They should check on download only.
> >>
> >> That would def
Am 12.02.2015 um 18:53 schrieb Simo Sorce:
Maybe it is only about preventing people from bundling the official
Firefox version with dodgy add-ons. Not downright malware, but things
users may not actually want without realizing it. The signature
checking means that those who prepare the downloa
(Logistical note: please keep all replies to this thread on
devel@lists.fedoraproject.org)
tl;dr Shall we consider requiring a lesser package review for packages
that are not present on Product or Spin install media?
== Premise ==
So, some time ago, we started talking about dividing up the Fedor
Hi, .
2015-02-09 20:13:21
This update has been submitted for stable by sergiomb .
Today is 12 and still not pushed, how we can devel when have to wait 3
days to a push ? , pushes should be regular and not random .
What happened last 3 days ? Seems that I'm not lucky when I push
things , in
On Thu, Feb 12, 2015, at 01:32 PM, Stephen Gallagher wrote:
> tl;dr Shall we consider requiring a lesser package review for packages
> that are not present on Product or Spin install media?
It's worth noting here that having two levels is not really going
to be new to the ecosystem; e.g. Ubuntu h
On Thu, 2015-02-12 at 14:01 -0500, Colin Walters wrote:
> On Thu, Feb 12, 2015, at 01:32 PM, Stephen Gallagher wrote:
>
> > tl;dr Shall we consider requiring a lesser package review for packages
> > that are not present on Product or Spin install media?
>
> It's worth noting here that having t
Seen the koji build fail messages in the list or IRC ? it not just you
Corey W Sheldon
Freelance IT Consultant, Multi-Discipline Tutor
(p) 310.909.7672
Google+: https://www.plus.google.com/+CoreySheldon
LinkedIn:https://www.linkedin.com/profile/view?id=70127804
Github: https://www.github.com/linu
On 12/02/15 19:32, Stephen Gallagher wrote:
(Logistical note: please keep all replies to this thread on
devel@lists.fedoraproject.org)
tl;dr Shall we consider requiring a lesser package review for packages
that are not present on Product or Spin install media?
Thanks for bringing this up. We
On Thu, Feb 12, 2015 at 06:52:11PM +, Sérgio Basto wrote:
> 2015-02-09 20:13:21
> This update has been submitted for stable by sergiomb .
>
> Today is 12 and still not pushed, how we can devel when have to wait 3
> days to a push ? , pushes should be regular and not random .
> What happ
On 02/10/2015 09:16 AM, Alberto Ruiz wrote:
> On Tue, 2015-02-10 at 14:38 +0100, Marek Skalický wrote:
>> Matthew Miller píše v Út 10. 02. 2015 v 06:19 -0500:
>>> On Tue, Feb 10, 2015 at 12:12:15PM +0100, Marek Skalický wrote:
does someone know what are Fedora Guidelines (or something similar)
Aka patience and to be totally honest and blunt, if you have a alpha/beta
tester group and or a solid forum/mailing list with updates to status this
should seriously not be a setback 3 weeks on the other hand might
qualify.Appreciate the eagerness to partake in development /packaging
but thing
Hi
As my work usually is around fixing packages which failed to build on
AArch64 I spend lot of time with Koji.
Today I started writing script which has to list all current FTBFS
entries from selected Koji instance - kind like [1] does but with few
extras:
- no packages which got built later
- n
On Qui, 2015-02-12 at 14:41 -0500, Corey Sheldon wrote:
> Aka patience and to be totally honest and blunt, if you have a
> alpha/beta tester group and or a solid forum/mailing list with updates
> to status this should seriously not be a setback 3 weeks on the other
> hand might qualify.Appreci
On Thu, 12 Feb 2015 14:01:43 -0500
Colin Walters wrote:
> On Thu, Feb 12, 2015, at 01:32 PM, Stephen Gallagher wrote:
>
> > tl;dr Shall we consider requiring a lesser package review for
> > packages that are not present on Product or Spin install media?
>
> It's worth noting here that having tw
On 12 February 2015 at 12:53, Sérgio Basto wrote:
> On Qui, 2015-02-12 at 14:41 -0500, Corey Sheldon wrote:
> > Aka patience and to be totally honest and blunt, if you have a
> > alpha/beta tester group and or a solid forum/mailing list with updates
> > to status this should seriously not be a se
On Thu, Feb 12, 2015 at 07:53:05PM +, Sérgio Basto wrote:
> yeah, but we should have some regularity, I don't like waiting without
> knowing the delay, in this case is pushing to stable, is just for my
Nobody is delaying pushes on purpose and everyone involved into it would
like it to happen
Say we have two packages:
Name: a
Requires: b
BuildRequires: b
and
Name: b
Requires: a
BuildRequires: a
I can bootstrap them by building and installing manually before
rpmbuild but how should I do that with koji?
Thanks for any advices!
--
Kind regards,
Vladimir.
--
devel mailing list
devel@
On Thu, Feb 12, 2015 at 6:43 PM, Vladimir Stackov wrote:
> Say we have two packages:
>
> Name: a
> Requires: b
drop this one and build A, then build b, and rebuild A adding the
dependencie back
---> BuildRequires: b
>
> and
>
> Name: b
> Requires: a
> BuildRequires: a
--
Itamar
On Thu, 2015-02-12 at 20:18 +0100, Alec Leamas wrote:
> On 12/02/15 19:32, Stephen Gallagher wrote:
> > (Logistical note: please keep all replies to this thread on
> > devel@lists.fedoraproject.org)
> >
> > tl;dr Shall we consider requiring a lesser package review for packages
> > that are not p
Richard W.M. Jones wrote:
> I did a test build of SDL without the audiofile + arts + esound
> dependencies (arts + esound also seem to need audiofile), and it
> builds fine, so that is one route out of this.
Audiofile is bound to stay, and SDL should remain built against it, as
removing it would
Nikos Roussos wrote:
> If the only way is to completely disable this feature, I'd prefer we
> don't.
> I wouldn't like for us to ship a less secure build of Firefox.
After Restricted Boot, now Restricted Browser? No thanks! This "feature"
needs to be disabled no matter whether it affects our pack
Stephen Gallagher wrote:
>* The package *MAY* contain bundled libraries or other projects, but if
>it does so, it *MUST* contain a "Provides: bundled(pkg) = version" for
>each such bundling. This is done so that we can use the meta-data to
>identify which packages may be vulnerable in the event of
On Thu, Feb 12, 2015 at 01:32:04PM -0500, Stephen Gallagher wrote:
> (Logistical note: please keep all replies to this thread on
> devel@lists.fedoraproject.org)
>
> tl;dr Shall we consider requiring a lesser package review for packages
> that are not present on Product or Spin install media?
Desp
On 02/12/2015 07:54 AM, Fedora Rawhide Report wrote:
Compose started at Thu Feb 12 10:59:03 UTC 2015
xorg-x11-server-1.17.1-1.fc22
Shouldn't we be seeing fc23 builds now in rawhide?
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division
On 02/12/2015 01:43 PM, Vladimir Stackov wrote:
Say we have two packages:
Name: a
Requires: b
BuildRequires: b
and
Name: b
Requires: a
BuildRequires: a
I can bootstrap them by building and installing manually before
rpmbuild but how should I do that with koji?
Thanks for any advices!
See a
On 02/12/2015 02:40 AM, Peter Robinson wrote:
h>> Hi All,
Fedora 22 has been branched, please be sure to do a git pull --rebase to
pick up the new branch, as an additional reminder rawhide/f23 has had
inheritance cut off from previous releases, so this means that
anything you do for f22 you al
On Fri, Feb 13, 2015 at 9:09 AM, Orion Poplawski wrote:
> On 02/12/2015 07:54 AM, Fedora Rawhide Report wrote:
>>
>> Compose started at Thu Feb 12 10:59:03 UTC 2015
>
>
>> xorg-x11-server-1.17.1-1.fc22
>
>
> Shouldn't we be seeing fc23 builds now in rawhide?
I too can't see my fc23 builds in this
How feasible would it be to keep the listings in primary.xml and
filelists.xml sorted by package name and arch? Doing so could open the door
to simple and efficient diffs of repository metadata.
I recently ran some quick tests using python and elementtree. While the F21
primary.xml files from 2/7
48 matches
Mail list logo
