Re: Fedora 32 System-Wide Change proposal: Drop Optical Media Release Criterion

ld devices also have USB outlets, so it is unclear how this would make Fedora not installable. Any machine so old to have optical media but not USB is probably already not working due to other factors like being i686 only). Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc __

Re: Fedora 32 System-Wide Change proposal: Drop Optical Media Release Criterion

ot support USB booting" self-explanatorily tells you it is a small minority of basically broken hardware which should not block a whole release. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproje

Re: How do I remove GLIBCXX_ASSERTIONS?

ind out what is causing those and fix the source of the bug, not hide it (it may cause memory corruption or worse down the road). Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org

Re: How do I remove GLIBCXX_ASSERTIONS?

On Fri, 2019-08-02 at 19:13 +0200, Björn 'besser82' Esser wrote: > Am Donnerstag, den 01.08.2019, 14:28 -0400 schrieb Steven A. Falco: > > The upstream KiCAD project has requested that I remove > > GLIBCXX_ASSERTIONS from the Fedora package, as described here: > > https://bugs.launchpad.net/kicad/

Re: HEADS UP: Source File Verification

On Thu, 2019-08-08 at 16:24 +0200, Björn Persson wrote: > Joe Orton wrote: > > If you don't enforce GPG verification at or before "fedpkg upload" there > > is no assurance that what hits the lookaside cache is trusted, so I > > agree - doing this at build time is a good example of not caring abou

Re: Does anybody care about gettext?

On Fri, 2019-08-09 at 15:50 +0200, Miro Hrončok wrote: > Next time, I hope that FTBFS bugs for critical component are actually > actively > solved sooner than the retirement happens. We can try to be more aggressive > with > the reminders, but I don't know if that helps, because even currently,

Re: How to obsolede module?

org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists

Re: How to obsolede module?

cycle.. then > everything is broke. The idea is to allow the sysadmin the ability to > decide if php-7.2 is right for them and when while allowing the > packager to get the newer version out sooner. This is fine, but then modules should have never been possible to instal

Re: List of long term FTBFS packages to be retired in February

> devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelin

Re: Effort to remove libdb

duct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mail

Re: authselect: what to do with systemd and nss-mdns that modify nsswith.conf

ot talking about whether those modules are active or not. > They *already* *are*, on any Fedora system where the configuration was > not overridden and the right packages are installed. The question is > *how* they should be enabled: either through the installed file or through > rpm scriptl

Re: authselect: what to do with systemd and nss-mdns that modify nsswith.conf

On Thu, 2018-12-06 at 17:49 +0100, Lennart Poettering wrote: > On Do, 06.12.18 11:25, Simo Sorce (s...@redhat.com) wrote: > > > > > Summary: I'd make things simple, and enable all four unconditionally > > > > and by default without any dynamic infrastructure,

Re: F30 Self-Contained Change proposal: libcrypt.so.1 (compatibility library for POSIX): Let encrypt, encrypt_r, setkey, setkey_r, and fcrypt return ENOSYS instead of performing any real operation

YS" when invoked. > > encrypt rewrites its argument in place, so this will leave the argument > unencrypted. This does not seem a good idea, even if it's just DES. Maybe encrypt with AES and return an error anyway ? -- Simo Sorce Sr. Principal Software Engineer Red Hat,

Re: F30 Self-Contained Change proposal: libcrypt.so.1 (compatibility library for POSIX): Let encrypt, encrypt_r, setkey, setkey_r, and fcrypt return ENOSYS instead of performing any real operation

On Tue, 2019-01-15 at 14:51 +0100, Florian Weimer wrote: > * Simo Sorce: > > > On Tue, 2019-01-15 at 10:39 +0100, Florian Weimer wrote: > > > * Ben Cotton: > > > > > > > Remove real functionality from encrypt, encrypt_r, setkey, setkey_r, > > >

Re: Can we maybe reduce the set of packages we install by default a bit?

> That's not how the entropy pool works. Once it is full it's full, and > it doesn't run empty anymore. > > > I think you're being harsh without really looking deeply into the problem. > > If > > we could set a sysctl to tell the kernel to use a TPM or i

Re: Can we maybe reduce the set of packages we install by default a bit?

loaded at kernel boot time ? Would this be a way to show upstream that this works and perhaps allow inclusion later on ? Simo. -- Simo Sorce Sr. Principal Software Engineer Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubsc

Re: announcing HTTPS pushing to dist-git/src.fedoraproject.org for packagers and non-packagers

___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_l

Re: announcing HTTPS pushing to dist-git/src.fedoraproject.org for packagers and non-packagers

On Mon, 2019-04-22 at 22:06 +0200, Patrick Uiterwijk wrote: > Hi Simo, > > On Mon, 22 Apr 2019 at 20:39, Simo Sorce wrote: > > > > Any reason why oidc is required instead of a simple GSSAPI (via > > mod_auth_gssapi) ? > > GSSAPI authentication won't require

Re: Can we maybe reduce the set of packages we install by default a bit?

ee :). This sounds like a useful change, can we make Fedora load this module by default in initrd before systemd starts? Will it help? Or is this module not adding into the entropy estimate as well ? Simo. -- Simo Sorce Sr. Principal Software Engineer

Re: Am I allowed to package this?

s the what I thought was unambiguous FAQ entry: > > "You agree not to use Copr to upload software code or other material > (“Material”) that: > ... > violates any rules or guidelines of the Fedora Project; ... > " What's wrong with kmods in COPR if the licen

Re: Am I allowed to package this?

hat works very well ... when I remember to check dkms didn't fail to build on kernel upgrade ... There is no firmware needed apparently, but my dongle doesn't work with driver 5.2 which is the latest, so maybe a firmware is needed but the driver itself doesn't load it ? It would be

Re: Am I allowed to package this?

On Fri, 2018-09-14 at 19:37 +0200, Hans de Goede wrote: > Hi, > > On 09/13/2018 07:59 PM, Simo Sorce wrote: > > On Thu, 2018-09-13 at 16:07 +0200, Hans de Goede wrote: > > > Hi, > > > > > > On 10-09-18 14:40, Abhiram Kuchibhotla wrote: > > > >

Re: Am I allowed to package this?

On Sun, 2018-09-16 at 10:17 +0200, Hans de Goede wrote: > Hi, > > On 14-09-18 20:03, Simo Sorce wrote: > > On Fri, 2018-09-14 at 19:37 +0200, Hans de Goede wrote: > > > Hi, > > > > > > On 09/13/2018 07:59 PM, Simo Sorce wrote: > > > >

Re: Fedora should replace mailing lists with Discourse

much better solution. Better for whom and for what purpose ? I am sure it won't be better for me, all "web forums" I ever used made for my disappearence from the platform as it was too expensive (time- wise) for me to keep up. Simo. -- Simo Sorce Sr. Principal Software Engi

Re: Fedora should replace mailing lists with Discourse

On Tue, 2018-10-16 at 13:31 -0400, Simo Sorce wrote: > On Tue, 2018-10-16 at 07:12 -0700, Gerald B. Cox wrote: > > On Fri, Oct 5, 2018 at 9:21 AM Matthew Miller > > wrote: > > ... > > > That's why the general trend is *away* from email. > > > > &

Re: Fedora should replace mailing lists with Discourse

the goal of moving development discussions to Discourse in this case. Is it to deter busy people from participating in the hopes of some fleeting engagement by superficially interested people will fill the void ? Simo. -- Simo Sorce Sr. Principal Software Engineer Red Hat, Inc __

Re: Fedora should replace mailing lists with Discourse

hows the HTML part. > > > > Ah... so it's a client issue. Good to know. No it is a service issue that just happen not to affect *your* client of choice. There is a big difference. Simo. -- Simo Sorce Sr. Principal Software Engineer Red Hat, Inc

Re: resume= kernel cmdline arg by default on servers

> itself, but it can take a very long time to recover - gets worse > the longer you have been hibernating for too Happens all the time for me, it is not a good experience. Isn't there a way to save the instance from the hypervisor *and* on top of that emulate a quick S3 to the guest

Re: resume= kernel cmdline arg by default on servers

you aware that your LG Mobile is too dumb to reply to > > an email correctly? Your messages break the threading. > > No, but Android Mail sucks in very many ways. Replying by webmail. > Anyone know of a good Android email client? K9 Mail is the

Re: Fedora should replace mailing lists with Discourse

On Thu, 2018-10-18 at 11:51 -0700, Gerald B. Cox wrote: > On Thu, Oct 18, 2018 at 11:40 AM Simo Sorce wrote: > > > On Wed, 2018-10-17 at 11:02 -0700, Gerald B. Cox wrote: > > > On Wed, Oct 17, 2018 at 10:55 AM Samuel Sieb wrote: > > > > > > >

Re: Fedora should replace mailing lists with Discourse

On Thu, 2018-10-18 at 12:12 -0700, Gerald B. Cox wrote: > On Thu, Oct 18, 2018 at 12:03 PM Simo Sorce wrote: > > > On Thu, 2018-10-18 at 11:51 -0700, Gerald B. Cox wrote: > > > On Thu, Oct 18, 2018 at 11:40 AM Simo Sorce wrote: > > > > > > > On Wed

Re: Fedora should replace mailing lists with Discourse

*I* have it archived. Simo. -- Simo Sorce Sr. Principal Software Engineer Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.

Re: IBM buying RedHat

l happen at some point, but this is news for *everyone* at Red Hat except a handful (at the CXX level) so give us some time ... Simo. -- Simo Sorce Sr. Principal Software Engineer Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To un

Re: Proposal: Faster composes by eliminating deltarpms and using zchunked rpms instead

ecause some file somewhere says they are "OK". (If I understood your comment about "just downloading changed chunks). A couple more questions. I skimmed quickly at the format and I have two questions I did not immediately see an answer for. 1) why are you still

Re: Proposal: Faster composes by eliminating deltarpms and using zchunked rpms instead

On Mon, 2018-11-19 at 21:02 +, Jonathan Dieter wrote: > On Mon, 2018-11-19 at 15:18 -0500, Simo Sorce wrote: > > On Mon, 2018-11-19 at 19:58 +, Jonathan Dieter wrote: > > > > > That's an interesting thought. I was picturing using the zchunk > > >

Re: Proposal: Faster composes by eliminating deltarpms and using zchunked rpms instead

download as you go, as I have more b/w than storage, but I do not want to experiment with putting /var/cache on nfs ... Simo. -- Simo Sorce Sr. Principal Software Engineer Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To uns

Re: Future of encryption in Fedora

updates. > > There is a notification bell in the right sidebar. Click it. ;) > Or we can simply ignore that discussion until it lands in devel with a change proposal. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list --

Re: Future of encryption in Fedora

On Thu, 2023-04-06 at 12:56 -0400, Owen Taylor wrote: > On Thu, Apr 6, 2023 at 12:32 PM Simo Sorce wrote: > > > On Mon, 2023-04-03 at 16:18 -0500, Michael Catanzaro wrote: > > > On Mon, Apr 3 2023 at 01:41:48 PM -0700, Brian C. Lane > > > wrote: > > >

Re: It’s time to transform the Fedora devel list into something new

time to transform the Fedora devel list into something new > === -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of C

Re: It’s time to transform the Fedora devel list into something new

ml part. *however* the images are not embedded in the email, so all that information is unavailable offline or for archival (and in my configuration requires to actively pull images as I configured my client to not pull 3rd party content automatically for privacy and security reasons).

Re: It’s time to transform the Fedora devel list into something new

On Fri, 2023-04-21 at 14:27 -0400, Matthew Miller wrote: > On Fri, Apr 21, 2023 at 11:37:20AM -0400, Simo Sorce wrote: > > So I registered the account, added the email I want to get > > notifications at, and selected a few topics. > > > > First impressions. > >

Re: It’s time to transform the Fedora devel list into something new

need to discuss what is really needed. Numbers shouldn't be priority number one, unless there are other underlying issues. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To un

Re: It’s time to transform the Fedora devel list into something new

t; subscribed to... In theory we could make it simpler by sending back a message that requires just a click to subscribe/authorize the email by a real user, if they intend to do so, on their first email to a mailing list. We could also allow posting to other mailing lists if the email address is subscrib

Re: F39 proposal: BiggerESP (Self-Contained Change proposal)

ges and the bare minimum init image needed to unlock and mount the root partition. There is no point in building a more complex system than that and load tons of garbage drivers in the EFI. Booting is a staged system, and should be kept as simple as possible to avoid duplication (which means su

Re: F39 proposal: BiggerESP (Self-Contained Change proposal)

#x27;t we reduce the number of kernels by having *only* one UKI and a rescue one that can be used to restore the previous working UKI from /root if the active one fails? Or perhaps just have always 2 UKI (current, and former working). Do we actually need a separate dedicated rescue UKI? Can

Re: F39 proposal: BiggerESP (Self-Contained Change proposal)

On Wed, 2023-05-10 at 12:00 -0400, Neal Gompa wrote: > On Wed, May 10, 2023 at 11:12 AM Simo Sorce wrote: > > > > On Tue, 2023-05-09 at 12:37 -0400, Neal Gompa wrote: > > > On Tue, May 9, 2023 at 12:31 PM Lennart Poettering > > > wrote: > > > > >

Re: F39 proposal: BiggerESP (Self-Contained Change proposal)

On Wed, 2023-05-10 at 18:46 +0200, Lennart Poettering wrote: > On Mi, 10.05.23 11:20, Simo Sorce (s...@redhat.com) wrote: > > > It sounds reasonable for sure. > > The only concern is, given Microsoft creates at most 500MB ESP > > partitions, are we sure all UEFI systems

Re: F39 proposal: BiggerESP (Self-Contained Change proposal)

d as a "recovery" partition if you update the contents of the second partition only after successful reboot after update of the first... Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraprojec

Re: F38 proposal: Unified Kernel Support Phase 1 (System-Wide Change proposal)

trd when I have a pretty standard configuration that requires really no special drivers... the only issue probably being the use of LVM for the root filesystem, which I hope we'll have a way to deal with (but I can do without on the laptop). Simo. -- Simo Sorce RHEL Crypto Team Red Hat, In

Re: F38 proposal: Unified Kernel Support Phase 1 (System-Wide Change proposal)

chose your HW carefully you may even be able to register your own public keys, generate and sign your own built UKIs and re- enable SecureBoot after that... your choice! Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing li

Re: F38 proposal: Unified Kernel Support Phase 1 (System-Wide Change proposal)

orted likewise will use the old kernel + custom initrd, you just disable secure boot. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedor

Re: static USERMODEHELPER_PATH

ied to and require handling timeouts and then handling the case a user space process was slow and ignoring late replies. Not sure this is really a good point given waiting indefinitely for a user space program that hangs for some reason seems worse to me. When I had t

Re: Unannounced? lua-libs soname change

oname breakage should not happen in stable releases... liblua should be rebuilt to provide the older so name and if not possible with the new code, reverted back via epoch change or some patching -- Simo Sorce RHEL Crypto Team Red Hat, Inc

Re: Orphaned packages looking for new maintainers

_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue -- Simo Sorce RHEL Crypto Team Red Hat, Inc __

Re: TSS maintainer volunteer

ontact the current maintainer first. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedor

Re: Changes to Bugzilla API key requirements

n we are all dead, so while we wait for something better, we will have to use the least worst. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.

Re: Adding Passim as a Fedora 40 feature?

-shared key instead of certificates for authentication, will be faster, and will give you the "fake-secure" TLS tunnel without the self-signed cert headache I think ... (not endorsing this option, just mentioning it). HTH, Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc

Re: Adding Passim as a Fedora 40 feature?

On Mon, 2023-08-28 at 22:07 +0100, Richard Hughes wrote: > On Mon, 28 Aug 2023 at 21:50, Simo Sorce wrote: > > It could be improved by using TOFU, so that the window of impersonation > > is small, but requires clients to cache an association and then has > > weird failure m

Re: Adding Passim as a Fedora 40 feature?

error, and they download the whole thing. This means it is up to you to decide how many delta files to keep for how long. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an

Re: Adding Passim as a Fedora 40 feature?

On Tue, 2023-08-29 at 20:07 +0100, Richard Hughes wrote: > On Tue, 29 Aug 2023 at 18:54, Simo Sorce wrote: > > That depends on how you are going to handle re-installs of peers in the > > network where the certificate will start mismatching ... > > In event of a mismatch I wa

Re: Adding Passim as a Fedora 40 feature?

On Wed, 2023-08-30 at 09:11 +0100, Peter Robinson wrote: > On Mon, Aug 28, 2023 at 9:50 PM Simo Sorce wrote: > > > > On Mon, 2023-08-28 at 15:14 -0500, Chris Adams wrote: > > > Once upon a time, Richard Hughes said: > > > > On Mon, 28 Aug 2023 at 16:27, L

Re: Orphaning all my packages

n gitlab as part of CentOS Stream. If that is not enough for you, that's fine, just do not spread false information. Thanks, Simo. -- Simo Sorce, DE @ RHEL Crypto Team, Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject

Re: Orphaning all my packages

On Tue, 2023-10-03 at 20:55 +0200, Leon Fauster via devel wrote: > Am 03.10.23 um 20:46 schrieb Sérgio Basto: > > On Tue, 2023-10-03 at 13:13 -0500, Michael Catanzaro wrote: > > > On Tue, Oct 3 2023 at 01:19:20 PM -0400, Simo Sorce > > > wrote: > > > >

Re: Orphaning all my packages

On Tue, 2023-10-03 at 23:13 +0200, Leon Fauster via devel wrote: > Am 03.10.23 um 21:29 schrieb Simo Sorce: > > On Tue, 2023-10-03 at 20:55 +0200, Leon Fauster via devel wrote: > > > Am 03.10.23 um 20:46 schrieb Sérgio Basto: > > > > On Tue, 2023-10-03 at 13:13

Re: rpm with sequoia pgp

ight be a slightly better choice in some cases for container images because it is much smaller than OpenSSL. Finally nettle could even be statically built into sequoia (together with gmp) if we need even smaller footprint or we are concerned about potential rpm breakage during upgrades. I am

Re: Inactive packagers to be removed after the F37 release

roll 2 separate keys (if Feodra Infra will allow that), but not everyone has the means to do that. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@list

Re: OpenSSL and ECC patents (was Re: Mesa in F37- vaapi support disabled for h264/h265/vc1)

just not a very high priority item because the hobbling works fine but we will get there, and hopefully we'll get to a point where we do not need to disable as much stuff either. But no promises right now, resources are what they are and we are not aware of actual issues caused by hobbling. Sim

Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

either. > > If someone with known crypto-clue would send patches they would be > looked at, *I* have no prejudice about x509 because I also have no clue > about it. Ditto for Signify, which often gets brought up in these > discussions. > > And yet, that all is largel

Re: F38 proposal: Reproducible builds: Clamp build mtimes to $SOURCE_DATE_EPOCH (System-Wide Change proposal)

to fake > > them? > > Simply changing rpmbuild to set timestamp to 0 for all contained files, or > > removing the time attribute from the RPM format completely? > > This is what ostree has done since its inception. And it broke some software, I know because i had to fix it.

Re: FF 107.0 scratch builds - just for fun

ed in koji, because nss was too old at the time. > > Has switching to bundled NSS been considered? For browsers anything > that holds up an update is very, *very* bad. Casually handling crypto libraries is very, *very* worse. Simo. --

Re: FF 107.0 scratch builds - just for fun

On Sun, 2022-11-20 at 19:24 -0500, Demi Marie Obenour wrote: > On 11/20/22 17:40, Simo Sorce wrote: > > On Sun, 2022-11-20 at 17:22 -0500, Demi Marie Obenour wrote: > > > On 11/20/22 07:24, Bojan Smojver via devel wrote: > > > > Now that nss 3.85 has been built, I tho

Re: HEADS-UP: Upcoming retirement of long-term-unused packages for Rust crates

ial timing attacks. The only caveat is if the "pure rust" implementation actually embeds assembly optimization for modular arithmetic that are explicitly addressing constant time computation. I am not aware of that being the case in any rust libraries yet. Simo. -- Simo Sorce RHEL Cr

Re: musings on rust packaging [was Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)]

ematic crate's new version. Multiply this by N packages using M different versions of the problematic crate. Although vendored crates can be tracked (this i much better than copy/pasting), with additional tooling, the distribution remains on the hook for solving the same problem in N p

Re: musings on rust packaging [was Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)]

s.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-in

Re: Three steps we could take to make supply chain attacks a bit harder

weren't up to a couple years ago), they are cached for a period of time, so they may look stable in busy projects where you have regular downloads that keep the cache alive, but they are *regenerated* from the tag for seldom downloaded tarballs. And when that happens then hashes chan

Re: 2FA policy for provenpackagers is now active

> network.negotiate-auth.delegation-uris NEVER set this, it causes your browser to give away your Kerberos TGT, something you DO NOT WANT to do, ever!. HTH, Simo. -- Simo Sorce Distinguished Engineer RHEL Crypto Team Red Hat, Inc -- ___ devel mailing

Re: What to I have to do....

immediately, right ? If it is not malicious it is just helping, and there is nothing wrong with that. Simo. -- Simo Sorce Sr. Principal Software Engineer Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: What to I have to do....

On Fri, 2017-12-08 at 12:11 -0500, Steve Dickson wrote: > > On 12/08/2017 11:54 AM, Simo Sorce wrote: > > On Fri, 2017-12-08 at 11:40 -0500, Steve Dickson wrote: > > > > > > On 12/08/2017 11:12 AM, Zbigniew Jędrzejewski-Szmek wrote: > > > > Well, I'

Re: F28 System Wide Change: Kerberos in Python modernization

dition to) > python-requests-kerberos. > > I've cc'd jborean as he's responsible for python-requests-credssp and > should probably be aware of the the pykerberos -> python-gssapi stuff > for his development activities. > Can we avoid using ntlm_auth in new packages a

Re: F28 System Wide Change: Removal of Sun RPC Interfaces From glibc

gt; Thanks, > Florian > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org -- Simo Sorce Sr. Principal Software Engineer Red Hat, Inc ___

Re: Unannounced soname bump (Rawhide): qpdf (libqpdf.so.18 -> libqpdf.so.21)

ning that this package > has files missing from the previous build. That could be advisory, or > it could even gate, with the packager clearing the gate by updating the > file list in the test, rather than in the spec file. If you still have to keep a list, why

Re: Unannounced soname bump (Rawhide): qpdf (libqpdf.so.18 -> libqpdf.so.21)

On Thu, 2018-03-01 at 06:21 -0500, Matthew Miller wrote: > On Wed, Feb 28, 2018 at 01:29:38PM -0500, Simo Sorce wrote: > > > I used to agree with this, but I've come around to thinking that spec > > > files should be smaller, less complicated, and more automatable. I

Re: systemd 238 and sysusers

f you change a passwd file and then immediately read out of the fast caches. This is not something we can fix without severely compromising performance, which is the raison d'etre of those caches. Simo. -- Simo Sorce Sr. Principal Software Engineer Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: systemd 238 and sysusers

On Wed, 2018-03-07 at 16:23 +0100, Jakub Hrozek wrote: > > On 7 Mar 2018, at 15:53, Stephen Gallagher wrote: > > > > > > > > On Wed, Mar 7, 2018 at 9:50 AM Simo Sorce wrote: > > On Wed, 2018-03-07 at 14:24 +, Zbigniew Jędrzejewski-Szmek wrote: >

Re: Goodbye nvr.rsplit('-', 2), hello modularity

at deal of tooling. Can we reconsider > switching away from - separators in modules? Is allowing streams to have > -'s in them important enough to break so many tools? I vote for using ⨊ as the separator, makes things easier :-) Simo. -- Simo Sorce Sr. Pri

Re: F37 proposal: Deprecate openssl1.1 package (System-Wide Change)

OpenSSL 1.1 in Fedora 50. > Are you going to maintain it till Fedora 50 in the meantime? Simo. > -- > Miro Hrončok > -- > Phone: +420777974800 > IRC: mhroncok > ___ > devel mailing list -- devel@lists.fedoraproject.org >

Re: Deprecating SCP

ibcurl to slowly move scp:// to be using the sftp protocol instead ? Or they could simply deprecate it, and then users will have to change their config to say sftp:// For something like libcurl the latter is probably more appropriate anyway. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, I

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

__ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_lis

Re: INVALID USER jden...@redhat.com / FAS jdennis

ainer: > > > > https://src.fedoraproject.org/rpms/python-nss > > My motivation here is to either get this package orphaned/retired or > maintained > by a new maintainer. The former is more likely. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc __

Re: video meeting to discuss Matrix/Element and IRC

r you, this is what I got: Failed to start Your Element is misconfigured Invalid homeserver discovery response Sounds like if you already are a user it works, otherwise not -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ d

Re: Fedora 34 Change: GNU Toolchain update (gcc 11, glibc 2.33) (System-Wide Change)

git/?p=glibc.git;a=blob;f=NEWS;hb=HEAD > > > -- > Ben Cotton > He / Him / His > Senior Program Manager, Fedora & CentOS Stream > Red Hat > TZ=America/Indiana/Indianapolis > ___ > devel mailing list -- devel@lists.fedoraproject.org &g

Re: Fedora 34 Change: Route all Audio to PipeWire (System-Wide Change)

Contingency deadline: beta freeze > * Blocks release? No > * Blocks product? No > > > == Documentation == > [https://pipewire.org](PipeWire website) > [https://www.youtube.com/watch?v=8LZt4loZu64&t=14s](Video with Current status) > [https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/m

Re: video meeting to discuss Matrix/Element and IRC

On Fri, 2020-11-20 at 09:14 -0800, Adam Williamson wrote: > On Fri, 2020-11-20 at 08:32 -0500, Simo Sorce wrote: > > On Thu, 2020-11-19 at 23:14 -0500, Matthew Miller wrote: > > > On Fri, Nov 20, 2020 at 02:06:46AM +0100, Dominik 'Rathann' Mierzejewski > > > w

Re: Should the default editor be changed from vi to nano on upgrades to Fedora 33+

la.redhat.com/show_bug.cgi?id=1896707#c13 > > "dnf remove nano-default-editor". Alternatively, you can set "export > > EDITOR=vim" in your ~/.bash_profile Shouldn't we just set export EDITOR=nano in the default profile and leave existing users alone? I cann

Re: Fedora TPM1.2 Support

ee > > how everyone felt. > > I think it should be dropped, tpm2 has been shipped in hardware for 5+ > years and tpm1 has security issues, so I think the time is now to drop > it. Please do a Fedora Change proposal to ensure it's communicated > properly. Won't that hur

Re: Fedora TPM1.2 Support

On Fri, 2020-12-04 at 14:08 +, Peter Robinson wrote: > On Fri, Dec 4, 2020 at 2:04 PM Simo Sorce wrote: > > On Thu, 2020-12-03 at 21:25 +, Peter Robinson wrote: > > > > We are looking to no longer support TPM1.2 in RHEL9. Than raised the > > > > ques

Re: Fedora TPM1.2 Support

On Fri, 2020-12-04 at 11:59 -0700, Jerry Snitselaar wrote: > Simo Sorce @ 2020-12-04 07:32 MST: > > > On Fri, 2020-12-04 at 14:08 +, Peter Robinson wrote: > > > On Fri, Dec 4, 2020 at 2:04 PM Simo Sorce wrote: > > > > On Thu, 2020-12-03 at 21:25 +, Pet

Re: RFC7919 Diffie-Hellman parameters in Fedora

the reviews mentioned, which are definitely more review than randomly selected parameters which often are more suspicious. If you are worried about DH I suggest you just disable it entirely and rely on RSA/ECDH key exchanges instead. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc __

Re: RFC7919 Diffie-Hellman parameters in Fedora

___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wi

Re: RFC7919 Diffie-Hellman parameters in Fedora

On Mon, 2020-08-24 at 19:29 +0200, Christopher Engelhard wrote: > On 24.08.20 18:43, Simo Sorce wrote: > > On Fri, 2020-08-21 at 16:13 +0200, Christopher Engelhard wrote: > > We already are making it easier in some ways, but feel free to open a > > bug if there are specif

<    1   2   3   4   5   6   7   8   >