Le mardi 21 janvier 2020 à 16:34 +, Leigh Griffin a écrit :
Hi,
> On behalf of the CPE team I want to draw the communities attention to
> a recent blog post which you may be impacted by:
> https://communityblog.fedoraproject.org/git-forge-requirements/
Requirements:
1. the url to the archi
On Tue, Jan 28, 2020 at 11:51:29PM +0100, Dan Čermák wrote:
> "Richard W.M. Jones" writes:
>
> > I always think that Fedora works fine if you maintain 1-5 packages.
> > It's possible to maintain 20 with a lot of work. And if you want to
> > maintain 100+ (things like the ocaml-* set that I help
On Tue, Jan 28, 2020 at 04:10:17PM -0500, Robbie Harwood wrote:
> Stephen John Smoogen writes:
>
> > On Tue, 28 Jan 2020 at 13:01, Robbie Harwood wrote:
> >>
> >> "Richard W.M. Jones" writes:
> >>
> >> > I always think that Fedora works fine if you maintain 1-5 packages.
> >> > It's possible to
On Tue, Jan 28, 2020 at 02:06:40PM -0500, Stephen John Smoogen wrote:
> My main concern is that we have been coming up with 'standard'
> proposals for 20 years and we can't seem to get more than any 4
> maintainers to agree to what that means... even if they do the same
> work in Debian/SuSE/Arch e
On Tue, Jan 28, 2020 at 11:51:29PM +0100, Dan Čermák wrote:
> "Richard W.M. Jones" writes:
> > * CVE bugs should autoclose when a package is rebased
>
> I don't think this is a good idea as you should actually check that this
> update fixes the CVE.
If we collect the data that version X fixes CV
On Wed, Jan 29, 2020 at 09:26:43AM +, Richard W.M. Jones wrote:
> On Tue, Jan 28, 2020 at 02:06:40PM -0500, Stephen John Smoogen wrote:
> > My main concern is that we have been coming up with 'standard'
> > proposals for 20 years and we can't seem to get more than any 4
> > maintainers to agree
On Wed, Jan 29, 2020 at 10:04:32AM +0100, Pierre-Yves Chibon wrote:
> On Tue, Jan 28, 2020 at 11:51:29PM +0100, Dan Čermák wrote:
> > "Richard W.M. Jones" writes:
> >
> > > I always think that Fedora works fine if you maintain 1-5 packages.
> > > It's possible to maintain 20 with a lot of work.
On 1/27/20 3:13 PM, Alex Scheel wrote:
> N.B.: I'd like to thank the Red Hat JVM team for being solid in
> their Fedora execution. But they maintain only the JVM, and not
> the rest of the Java ecosystem. :-)
Thank you.
One (perhaps) rather minor point in the middle of this important
discussion:
> On 28 Jan 2020, at 11:32, Guido Aulisi wrote:
>
> Il giorno mar 28 gen 2020 alle ore 10:04 Richard W.M. Jones
> ha scritto:
>>
>> I always think that Fedora works fine if you maintain 1-5 packages.
>> It's possible to maintain 20 with a lot of work. And if you want to
>> maintain 100+ (thi
> On 28 Jan 2020, at 10:03, Richard W.M. Jones wrote:
>
> I always think that Fedora works fine if you maintain 1-5 packages.
> It's possible to maintain 20 with a lot of work. And if you want to
> maintain 100+ (things like the ocaml-* set that I help to maintain)
> then you have to write you
> On 29 Jan 2020, at 00:26, Robert-André Mauchin wrote:
>
> On Tuesday, 28 January 2020 10:03:09 CET Richard W.M. Jones wrote:
>> * committing to git should build the package
>>
>> Is there a reason why this wouldn't be the case?
>
> Please no. Sometimes you just fix a typo or add a comment a
On Wed, 29 Jan 2020 at 00:08, Leigh Griffin wrote:
>
> On Tue, Jan 28, 2020, 22:06 Iñaki Ucar wrote:
>>
>> On Tue, 28 Jan 2020 at 20:58, Leigh Griffin wrote:
>> >
>> > This thread is serving as a source of requirements (although it has
>> > meandered dramatically away from that)
>>
>> When I fi
But it's not the only CVE fixed with Qt 5.14.1
The point is that there is other software using Qt which doesn't start with
K even though K works just fine with 5.14 by the experience of other
distributions.
Though all software is affected by security issues by using unpatched Qt.
Affected by thes
Maybe now that RH is part of IBM they have changed their short sighted view
of not collaborating on a better build system like OBS. As I recall back
than it was already able to bootstrap on centos and fedora and build
packages and the only argument against it was legacy support with mock /
koji whi
On Wed, 29 Jan 2020 at 11:36, Iñaki Ucar wrote:
> On Wed, 29 Jan 2020 at 00:08, Leigh Griffin wrote:
> >
> > On Tue, Jan 28, 2020, 22:06 Iñaki Ucar wrote:
> >>
> >> On Tue, 28 Jan 2020 at 20:58, Leigh Griffin
> wrote:
> >> >
> >> > This thread is serving as a source of requirements (although i
On Wed, Jan 29, 2020 at 01:09:04PM +0200, Damian Ivanov wrote:
>Maybe now that RH is part of IBM they have changed their short sighted
>view of not collaborating on a better build system like OBS. As I recall
And ... you lost me right there...
Pierre
_
That's one of the big reasons I like Red Hat. You guys rock! :-)
On Wednesday, January 29, 2020, 5:14:18 AM EST, Andrew Haley
wrote:
On 1/27/20 3:13 PM, Alex Scheel wrote:
> N.B.: I'd like to thank the Red Hat JVM team for being solid in
> their Fedora execution. But they maintain onl
Le 28/01/2020 à 10:03, Richard W.M. Jones a écrit :
> I always think that Fedora works fine if you maintain 1-5 packages.
> It's possible to maintain 20 with a lot of work. And if you want to
> maintain 100+ (things like the ocaml-* set that I help to maintain)
> then you have to write your own au
(snip)
20/1/29 14:49(e)an, Clement Verna igorleak idatzi zuen:
To me that's the all point of this
process, let's put down what we *really* *really* need and then look at
the different options.
Do we *really* *really* need to compete with other full featured git
forges on features? The ODF
On Wed, 29 Jan 2020 at 06:10, Damian Ivanov wrote:
>
> Maybe now that RH is part of IBM they have changed their short sighted view
> of not collaborating on a better build system like OBS.
That is looking for a boogeyman under the bed to blame something that
has a long long history of not happen
On Wed, Jan 29, 2020 at 03:22:25PM +0100, Julen Landa Alustiza wrote:
> (snip)
>
> 20/1/29 14:49(e)an, Clement Verna igorleak idatzi zuen:
> >To me that's the all point of this process, let's put down what we
> >*really* *really* need and then look at the different options.
> >
>
> Do we *really
On Wed, Jan 29, 2020 at 4:05 PM Pierre-Yves Chibon wrote:
> And ... you lost me right there...
> Pierre
That's too bad. Even If it's sounds harsh it's the reality.
It has been discussed before and there was no technical reason not to.
Just someone going for a short term solution.
Maybe it is tim
On Wed, Jan 29, 2020 at 9:29 AM Pierre-Yves Chibon wrote:
>
> On Wed, Jan 29, 2020 at 03:22:25PM +0100, Julen Landa Alustiza wrote:
> > (snip)
> >
> > 20/1/29 14:49(e)an, Clement Verna igorleak idatzi zuen:
> > >To me that's the all point of this process, let's put down what we
> > >*really* *real
On Wed, Jan 29, 2020 at 09:37:36AM -0500, Neal Gompa wrote:
> On Wed, Jan 29, 2020 at 9:29 AM Pierre-Yves Chibon
> wrote:
> >
> > On Wed, Jan 29, 2020 at 03:22:25PM +0100, Julen Landa Alustiza wrote:
> > > (snip)
> > >
> > > 20/1/29 14:49(e)an, Clement Verna igorleak idatzi zuen:
> > > >To me tha
>That is looking for a boogeyman under the bed to blame something that
>has a long long history of not happening. Ever since OBS has been out,
>there has been a yearly 'why isn't Fedora moving to OBS' thread
It has always been a bad management decision to not change.
Ever since OBS has been out th
On Wed, 29 Jan 2020 at 05:14, Andrew Haley wrote:
>
> On 1/27/20 3:13 PM, Alex Scheel wrote:
> > N.B.: I'd like to thank the Red Hat JVM team for being solid in
> > their Fedora execution. But they maintain only the JVM, and not
> > the rest of the Java ecosystem. :-)
>
> Thank you.
>
> One (perha
On Wed, Jan 29, 2020, 15:23 Julen Landa Alustiza
wrote:
> (snip)
>
> 20/1/29 14:49(e)an, Clement Verna igorleak idatzi zuen:
> > To me that's the all point of this
> > process, let's put down what we *really* *really* need and then look at
> > the different options.
> >
>
> Do we *really* *reall
Per git ref acls is not a common thing on git forges. If this is a final
requirement, we should start analyzing the viability of implementing and
maintain it on the different forges (and it should be feasible with all of the
rest of our strange ACLs on dist-git)
On pagure side, now that our dow
On Wed, 2020-01-29 at 09:43 +, Richard W.M. Jones wrote:
> Also AIUI fedpkg chain-build doesn't work except in
> Rawhide, although I'm not sure why that is?
It doesn't work in stable because you need to create buildroot
overrides for each dependency before you can proceed with building the
nex
On Wed, Jan 29, 2020 at 10:07:55AM -0500, Randy Barlow wrote:
> On Wed, 2020-01-29 at 09:43 +, Richard W.M. Jones wrote:
> > Also AIUI fedpkg chain-build doesn't work except in
> > Rawhide, although I'm not sure why that is?
>
> It doesn't work in stable because you need to create buildroot
>
On Wed, Jan 29, 2020 at 10:35 AM Iñaki Ucar wrote:
> On Wed, 29 Jan 2020 at 00:08, Leigh Griffin wrote:
> >
> > On Tue, Jan 28, 2020, 22:06 Iñaki Ucar wrote:
> >>
> >> On Tue, 28 Jan 2020 at 20:58, Leigh Griffin
> wrote:
> >> >
> >> > This thread is serving as a source of requirements (althoug
- Original Message -
> From: "Stephen John Smoogen"
> To: "Development discussions related to Fedora"
>
> Sent: Wednesday, January 29, 2020 8:47:46 AM
> Subject: Re: Java Dev Group and Fedora Quality
>
> On Wed, 29 Jan 2020 at 05:14, Andrew Haley wrote:
> >
> > On 1/27/20 3:13 PM, Alex
2020(e)ko urtarrilaren 29(a) 15:56:08 (CET)-(e)an, Clement Verna
-(e)k hau idatzi zuen:
>On Wed, Jan 29, 2020, 15:23 Julen Landa Alustiza
>
>wrote:
>
>> (snip)
>>
>> 20/1/29 14:49(e)an, Clement Verna igorleak idatzi zuen:
>> > To me that's the all point of this
>> > process, let's put down what
On Wed, Jan 29, 2020 at 03:56:08PM +0100, Clement Verna wrote:
>On Wed, Jan 29, 2020, 15:23 Julen Landa Alustiza
> wrote:
>
> (snip)
>
> 20/1/29 14:49(e)an, Clement Verna igorleak idatzi zuen:
> > To me that's the all point of this
> > process, let's put down what we *
On Wed, Jan 29, 2020 at 04:06:22PM +0100, Julen Landa Alustiza wrote:
>Per git ref acls is not a common thing on git forges. If this is a final
>requirement, we should start analyzing the viability of implementing and
>maintain it on the different forges (and it should be feasible with
On Wed, Jan 29, 2020 at 10:07 AM Julen Landa Alustiza
wrote:
>
> Per git ref acls is not a common thing on git forges. If this is a final
> requirement, we should start analyzing the viability of implementing and
> maintain it on the different forges (and it should be feasible with all of
> the
On Wed, Jan 29, 2020 at 3:30 PM Pierre-Yves Chibon
wrote:
> On Wed, Jan 29, 2020 at 04:06:22PM +0100, Julen Landa Alustiza wrote:
> >Per git ref acls is not a common thing on git forges. If this is a
> final
> >requirement, we should start analyzing the viability of implementing
> and
> >
On Wed, 29 Jan 2020 at 09:46, Damian Ivanov wrote:
>
> >That is looking for a boogeyman under the bed to blame something that
> >has a long long history of not happening. Ever since OBS has been out,
> >there has been a yearly 'why isn't Fedora moving to OBS' thread
>
> It has always been a bad ma
* Neal Gompa:
> On Wed, Jan 29, 2020 at 10:07 AM Julen Landa Alustiza
> wrote:
>>
>> Per git ref acls is not a common thing on git forges. If this is a final
>> requirement, we should start analyzing the viability of implementing and
>> maintain it on the different forges (and it should be feas
On Wed, 2020-01-29 at 15:56 +0100, Clement Verna wrote:
> On Wed, Jan 29, 2020, 15:23 Julen Landa Alustiza
> wrote:
>
> > (snip)
> >
> > 20/1/29 14:49(e)an, Clement Verna igorleak idatzi zuen:
> > > To me that's the all point of this
> > > process, let's put down what we *really* *really* need a
On Wed, 2020-01-29 at 16:17 +0100, Julen Landa Alustiza wrote:
>
> 2020(e)ko urtarrilaren 29(a) 15:56:08 (CET)-(e)an, Clement Verna
> -(e)k hau idatzi zuen:
> > On Wed, Jan 29, 2020, 15:23 Julen Landa Alustiza
> >
> > wrote:
> >
> > > (snip)
> > >
> > > 20/1/29 14:49(e)an, Clement Verna igorle
Damian Ivanov wrote:
> But it's not the only CVE fixed with Qt 5.14.1
> The point is that there is other software using Qt which doesn't start
> with K even though K works just fine with 5.14 by the experience of other
> distributions.
Bumping Qt versions is... a fairly difficult process in fedor
On Wed, 29 Jan 2020 at 16:18, Pierre-Yves Chibon
wrote:
> On Wed, Jan 29, 2020 at 03:56:08PM +0100, Clement Verna wrote:
> >On Wed, Jan 29, 2020, 15:23 Julen Landa Alustiza
> > wrote:
> >
> > (snip)
> >
> > 20/1/29 14:49(e)an, Clement Verna igorleak idatzi zuen:
> > > To me
On Wed, 29 Jan 2020 at 16:23, Leigh Griffin wrote:
>
> On Wed, Jan 29, 2020 at 10:35 AM Iñaki Ucar wrote:
>>
>> On Wed, 29 Jan 2020 at 00:08, Leigh Griffin wrote:
>> >
>> > On Tue, Jan 28, 2020, 22:06 Iñaki Ucar wrote:
>> >>
>> >> On Tue, 28 Jan 2020 at 20:58, Leigh Griffin wrote:
>> >> >
>> >
On Wed, 29 Jan 2020 at 16:18, Julen Landa Alustiza
wrote:
>
>
> 2020(e)ko urtarrilaren 29(a) 15:56:08 (CET)-(e)an, Clement Verna <
> cve...@fedoraproject.org>-(e)k hau idatzi zuen:
> >On Wed, Jan 29, 2020, 15:23 Julen Landa Alustiza
> >
> >wrote:
> >
> >> (snip)
> >>
> >> 20/1/29 14:49(e)an, Clem
On Wed, 29 Jan 2020 at 11:38, Clement Verna wrote:
>
>
>
> On Wed, 29 Jan 2020 at 16:18, Pierre-Yves Chibon wrote:
>>
>> these heroics related to pagure?
>>
>> If not, I'm not sure what is the point you were trying to make for this
>> thread.
>
>
> My point is that we have to dedicate a team to
On Wed, 29 Jan 2020 at 16:56, Adam Williamson
wrote:
> On Wed, 2020-01-29 at 15:56 +0100, Clement Verna wrote:
> > On Wed, Jan 29, 2020, 15:23 Julen Landa Alustiza <
> jla...@fedoraproject.org>
> > wrote:
> >
> > > (snip)
> > >
> > > 20/1/29 14:49(e)an, Clement Verna igorleak idatzi zuen:
> > > >
Julen Landa Alustiza writes:
> (snip)
>
> 20/1/29 14:49(e)an, Clement Verna igorleak idatzi zuen:
>> To me that's the all point of this
>> process, let's put down what we *really* *really* need and then look at
>> the different options.
>>
>
> Do we *really* *really* need to compete with othe
On Wed, 29 Jan 2020 at 18:26, Stephen John Smoogen wrote:
> On Wed, 29 Jan 2020 at 11:38, Clement Verna
> wrote:
> >
> >
> >
> > On Wed, 29 Jan 2020 at 16:18, Pierre-Yves Chibon
> wrote:
> >>
>
> >> these heroics related to pagure?
> >>
> >> If not, I'm not sure what is the point you were tryin
On Wed, Jan 29, 2020 at 7:18 AM Remi Collet wrote:
> There are different:
>
> * Changelog is for end user
> * Git log is for package maintainer
I completely agree with this distinction. We're creating more "noise"
for end users if we end up adding all the "whoops" commits into the
%changelog. An
Richard W.M. Jones kirjoitti 27.1.2020 22:35:
On Mon, Jan 27, 2020 at 06:43:36PM +0200, Markku Korkeala wrote:
I think it's Perl where IIRC the package can be configured
as a bootstrap package (by setting an RPM variable), built
that way, the dependencies are then built, then the perl
package is
Rex Dieter kirjoitti 28.1.2020 16:57:
Markku Korkeala wrote:
Hi,
sorry if this a newbie question, I tried to search this
but did not find good documentation on this problem.
I'm in the process of upgrading the clojure package to
next version, which has new dependencies. These dependencies
req
On Wed, Jan 29, 2020 01:18:48 +0100, Jiri Hladky wrote:
> Hi,
Hi Jirka,
> I have a simple package for review. It's called practrand - a Software package
> for the Randon number generation & testing
> https://bugzilla.redhat.com/show_bug.cgi?id=1795461
I see that it hasn't been taken up for revie
Hello, Fedora has an approved security policy since September 2018 [0]:
If a CRITICAL or IMPORTANT security issue is currently open
against a package, or a security issue of lower severity has been
open for at least 6 months, four weeks before the branch point a
procedure similar to long-standin
On Wed, Jan 29, 2020 at 10:26:56PM +0100, Miro Hrončok wrote:
> Here is an initial (albeit randomly generated) proposal of X and Y:
>
> severity CRITICAL/HIGH MEDIUM LOW
> X 2 4 6
> Y 2 4 6
In RHEL, low impact secu
On 29. 01. 20 22:49, Richard W.M. Jones wrote:
On Wed, Jan 29, 2020 at 10:26:56PM +0100, Miro Hrončok wrote:
Here is an initial (albeit randomly generated) proposal of X and Y:
severity CRITICAL/HIGH MEDIUM LOW
X 2 4 6
Y 2
On Wed, Jan 29, 2020, 17:19 Iñaki Ucar wrote:
> On Wed, 29 Jan 2020 at 16:23, Leigh Griffin wrote:
> >
> > On Wed, Jan 29, 2020 at 10:35 AM Iñaki Ucar
> wrote:
> >>
> >> On Wed, 29 Jan 2020 at 00:08, Leigh Griffin
> wrote:
> >> >
> >> > On Tue, Jan 28, 2020, 22:06 Iñaki Ucar
> wrote:
> >> >>
On Wed, Jan 29, 2020 at 12:52:53PM -0500, Robbie Harwood wrote:
> Julen Landa Alustiza writes:
>
> > (snip)
> >
> > 20/1/29 14:49(e)an, Clement Verna igorleak idatzi zuen:
> >> To me that's the all point of this
> >> process, let's put down what we *really* *really* need and then look at
> >>
Hello Rex,
>So, we (kde-sign, Qt maintainers) generally update strategically where it
>makes sense to warrant the time investment in doing so.
I understand.
Also that some people contribute it in their free time/or paid time
(but not mandatory to contribute),
which of course means a lot.
I under
Pierre-Yves Chibon writes:
> On Tue, Jan 28, 2020 at 11:51:29PM +0100, Dan Čermák wrote:
>> "Richard W.M. Jones" writes:
>>
>> > I always think that Fedora works fine if you maintain 1-5 packages.
>> > It's possible to maintain 20 with a lot of work. And if you want to
>> > maintain 100+ (thin
Miro Hrončok wrote:
> My idea was that within half a year, it should be wither fixed or CLOSED
> as WONTFIX or UPSTREAM. If we don't agree, I'm completely fine making it
> 12 months or even ignore such bugs in the policy entirely.
I don't see how it is an improvement to close security fixes that a
On 1/30/20 8:32 AM, Kevin Kofler wrote:
> Miro Hrončok wrote:
>> My idea was that within half a year, it should be wither fixed or CLOSED
>> as WONTFIX or UPSTREAM. If we don't agree, I'm completely fine making it
>> 12 months or even ignore such bugs in the policy entirely.
>
> I don't see how it
On 1/30/20 3:19 AM, Richard W.M. Jones wrote:
> On Wed, Jan 29, 2020 at 10:26:56PM +0100, Miro Hrončok wrote:
>> Here is an initial (albeit randomly generated) proposal of X and Y:
>>
>> severity CRITICAL/HIGH MEDIUM LOW
>> X 2 4 6
>> Y
Hi,
I took js-jquery-file-upload package to save js-query , I updated [1]
but we still need update nodejs-multimatch [2], nodejs-p-limit [3] and
nodejs-lodash [4] at least !
To update nodejs-p-limit, we need nodejs-p-try which isn't in Fedora,
here is the package review request [5]
[1]
rpms
According the procedure for retired packages, I'm announcing my intention to
take ownership of checkstyle, checkstyle-maven-plugin, and
google-http-java-client. They are all retired as far as I can tell.
___
devel mailing list -- devel@lists.fedoraproje
Hi Bill,
Am 30.01.20 um 07:25 schrieb Bill Chatfield via devel:
> According the procedure for retired packages, I'm announcing my intention to
> take ownership of checkstyle, checkstyle-maven-plugin, and
> google-http-java-client. They are all retired as far as I can tell.
Welcome to Fedora - I'm
66 matches
Mail list logo
