Re: Making Fedora secure - Package exit policy for security

On 07/31/2018 05:05 PM, Ondřej Lysoněk wrote: > On 31.7.2018 05:39, Huzaifa Sidhpurwala wrote: >> I would like to propose the following: >> >> >> 1. If a CRITICAL or IMPORTANT security issue is open against a package >> in Fedora-X and by the time X is EOL and the issue is not addressed, >>

Re: Making Fedora secure - Package exit policy for security

On 07/31/2018 08:51 PM, Daniel P. Berrangé wrote: > > Do we have any analysis showing what would be the fallout if we applied > these purge rules today ? ie what packages would be dropped today due > to unaddressed CVEs. > See reply to my previous email. Also i have attached the list here. I

Re: Making Fedora secure - Package exit policy for security

On 07/31/2018 08:33 PM, Rex Dieter wrote: >> 1. If a CRITICAL or IMPORTANT security issue is open against a package >> in Fedora-X and by the time X is EOL and the issue is not addressed, >> proactively remove the package from X+1 >> 2. If a MODERATE or LOW security issue is open against a

Re: Updates to mathematical software

Paul, On Tue, May 29, 2018 at 4:36 AM Paul Howarth wrote: > On Mon, 28 May 2018 21:03:34 -0600 > Jerry James wrote: > > It looks like the giac, Macaulay2, and sagemath stacks are the only > > pari consumers. There is also a pending update to clisp that will > > bring its pari integration back;

Re: Orphaning winswitch

On 29 July 2018 at 19:14, Jonathan Underwood wrote: > Dear All, > > I haven't used winswitch for a few years now, and haven't really got > the bandwidth to maintain the package, and so I plan to orphan it in > the coming week. Winswitch is developed by the same person as Xpra and > provides a

Re: Please help me test Workstation 28 -> 29 upgrade

On Wed, 2018-08-01 at 00:13 +0200, Miro Hrončok wrote: > Hi, > > could somebody please test upgrade from fully upgraded Workstation 28 to > 29? I have a suspicion that it will be blocked by [0], yet I lack disk > space to try it. > > Thanks. > > [0]

Review swap, Perl flavored

Hello, Today is my first year anniversary of contributing to Fedora, yay us! I've just proposed a Perl program to review: Bug 1610554 - (perl-Crypt-HSXKPasswd) Review Request: hsxkpasswd - Secure memorable password generator https://bugzilla.redhat.com/show_bug.cgi?id=1610554 Description: A

Please help me test Workstation 28 -> 29 upgrade

Hi, could somebody please test upgrade from fully upgraded Workstation 28 to 29? I have a suspicion that it will be blocked by [0], yet I lack disk space to try it. Thanks. [0] https://bugzilla.redhat.com/show_bug.cgi?id=1605613 -- Miro Hrončok -- Phone: +420777974800 IRC: mhroncok

Fedora Rawhide-20180731.n.0 compose check report

No missing expected images. Failed openQA tests: 60/138 (x86_64), 23/24 (i386), 1/2 (arm) New failures (same test did not fail in Rawhide-20180730.n.0): ID: 262052 Test: x86_64 Server-boot-iso install_default URL: https://openqa.fedoraproject.org/tests/262052 ID: 262054 Test: x86_64

Re: Intent to retire python-svgwrite

On 31.7.2018 21:25, Robert Brown wrote: > On Tue, Jul 31, 2018, 3:18 PM Miro Hrončok > wrote: > > On 31.7.2018 21:06, Robert Brown wrote: > > I have an account and was recently sponsored. > > > > Still waiting on joining packagers group. Are you

Re: Intent to retire python-svgwrite

Got it. Thanks. I'm not sure what to do at this point. On Tue, Jul 31, 2018, 3:18 PM Miro Hrončok wrote: > On 31.7.2018 21:06, Robert Brown wrote: > > I have an account and was recently sponsored. > > > > Still waiting on joining packagers group. Are you able to add me? > sponsoring = adding to

Re: Intent to retire python-svgwrite

On 31.7.2018 21:06, Robert Brown wrote: I have an account and was recently sponsored. Still waiting on joining packagers group. Are you able to add me? sponsoring = adding to the group -- Miro Hrončok -- Phone: +420777974800 IRC: mhroncok ___ devel

Fedora rawhide compose report: 20180731.n.0 changes

OLD: Fedora-Rawhide-20180730.n.0 NEW: Fedora-Rawhide-20180731.n.0 = SUMMARY = Added images:4 Dropped images: 3 Added packages: 12 Dropped packages:1 Upgraded packages: 134 Downgraded packages: 2 Size of added packages: 13.06 MiB Size of dropped packages

Re: Intent to retire python-svgwrite

I have an account and was recently sponsored. Still waiting on joining packagers group. Are you able to add me? On Tue, Jul 31, 2018, 12:26 PM Julien Enselme wrote: > It seems I cannot find you on > https://src.fedoraproject.org/rpms/python-svgwrite/settings > > Do you have an account and are

[Bug 1610065] perl-HTTP-Tiny-0.074 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1610065 --- Comment #5 from Fedora Update System --- perl-HTTP-Tiny-0.074-1.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See

[EPEL-devel] Fedora EPEL 6 updates-testing report

The following Fedora EPEL 6 Security updates need testing: Age URL 51 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b6c663378c unrtf-0.21.9-8.el6 19 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-d801e05f92 uwsgi-2.0.17.1-1.el6 12

License update for nodejs-qunitjs package

I updated the version of nodejs-qunitjs in Rawhide today, and it's license has changed from "MIT and ASL 2.0" to "MIT". Previously, the entire package was under the MIT license, with the exception of the src/diff.js file, which was under the ASL 2.0 license. That file has since been removed, and

Fedora testing-20180731.0 compose check report

No missing expected images. Passed openQA tests: 2/2 (x86_64) -- Mail generated by check-compose: https://pagure.io/fedora-qa/check-compose ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to

Fedora updates-20180731.0 compose check report

No missing expected images. Passed openQA tests: 2/2 (x86_64) Installed system changes in test x86_64 AtomicHost-dvd_ostree-iso install_default: Filesystem for mount /sysroot changed from /dev/mapper/fedora--atomic_ibm--p8--kvm--03--guest--02-root to

[EPEL-devel] Fedora EPEL 7 updates-testing report

The following Fedora EPEL 7 Security updates need testing: Age URL 51 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3835d39d1a unrtf-0.21.9-8.el7 46 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-15b7dc35af pass-1.7.2-1.el7 27

[Bug 1604727] ctstream-28 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1604727 --- Comment #9 from Fedora Update System --- ctstream-28-1.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving this mail because: You are on the

Fedora 29 Software String Freeze

Today (2018-07-31) we have reached the "Software String Freeze" deadline. Beyond this deadline there should not be any changes in strings. If you want to help with translations, please check the packages that follow Fedora release cycle (Main projects):

[Bug 1604727] ctstream-28 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1604727 --- Comment #8 from Fedora Update System --- ctstream-28-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving this mail because: You are on the

Re: python-pip license changed (and clarified)

On 31.7.2018 18:15, Jun Aruga wrote: 9.0.x -> 10.0.x then 18.0? https://github.com/pypa/pip/blob/master/NEWS.rst Switch to a Calendar based versioning scheme. Oh they changed the versioning rule. See also

Re: python-pip license changed (and clarified)

9.0.x -> 10.0.x then 18.0? > https://github.com/pypa/pip/blob/master/NEWS.rst > Switch to a Calendar based versioning scheme. Oh they changed the versioning rule. Jun On Tue, Jul 31, 2018 at 3:48 PM, Miro Hrončok wrote: > python-pip 9.0.x had MIT as License (bundled deps were not mentioned)

Re: Intent to retire python-svgwrite

It seems I cannot find you on https://src.fedoraproject.org/rpms/python-svgwrite/settings Do you have an account and are you a packager? -- Julien Enselme http://www.jujens.eu/ On Tue, 2018-07-31 at 10:30 -0400, Robert Brown wrote: > Thanks! It gives me something productive to do. > > Fedora

[Bug 1610065] perl-HTTP-Tiny-0.074 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1610065 Fedora Update System changed: What|Removed |Added Status|MODIFIED|ON_QA --- Comment #4 from

Re: Making Fedora secure - Package exit policy for security

On Tue, Jul 31, 2018 at 10:03:16AM -0500, Rex Dieter wrote: > Huzaifa Sidhpurwala wrote: > > > Hi All, > > > > I was asked to bring this issue[1] to the developer community before > > FESCO makes a decision. > > > > In several instances[2] there exists packages in Fedora, in which > >

Re: orphaning/retiring some packages

On 31.7.2018 16:41, Matthias Runge wrote: Hello, I'm intending to either orphan or better retire the following packages. python-wordpress-xmlrpc python-mozbase pymunin feedstail If you retire some that run on Python 3, please make a note at

Re: Making Fedora secure - Package exit policy for security

Huzaifa Sidhpurwala wrote: > Hi All, > > I was asked to bring this issue[1] to the developer community before > FESCO makes a decision. > > In several instances[2] there exists packages in Fedora, in which > package-maintainers did not patch security issues, for multiple reasons > including 1.

Re: [CoreOS] Re: [atomic-devel] Re: Starting a Container SIG

The Containers SIG is fairly broad. People who want to talk about application containers and also work on development with us might find it easier to discuss on Discourse and then be asked to file an issue on Pagure rather than having to go full on IRC/ML/Pagure. Pagure is already a learning curve

Re: dnf history - change in how rpmdb checksum is computed

On Tue, Jul 31, 2018 at 09:06:13AM +0200, Michael Mraka wrote: > > > > Is there a reason why we can't change YUM to match the DNF behavior? > > IMO, the YUM behavior is nonsense and isn't even a valid package > > identifier. > > Actually E:N-V-R.A is yum-ism no one else understand > while

Re: dnf history - change in how rpmdb checksum is computed

On Tue, Jul 31, 2018 at 3:40 PM Michal Novotny wrote: > On Tue, Jul 31, 2018 at 1:25 PM Jeff Johnson wrote: > >> This simply is not true. >> >> Whatever "rpm format" means, historically RPM itself has always gone to >> some lengths not to expose E: to users to simplify the endless fog of >>

orphaning/retiring some packages

Hello, I'm intending to either orphan or better retire the following packages. python-wordpress-xmlrpc python-mozbase pymunin feedstail All of them can be considered dead upstream, and haven't seen a release for loong time. Takers? Otherwise I'll retire them in a week. Matthias -- Matthias

Re: Intent to retire python-svgwrite

Thanks! It gives me something productive to do. Fedora username is brown2rl On Tue, Jul 31, 2018, 4:04 AM Julien Enselme wrote: > I'll gladly give you access. What is your fedora username? > > The repo: https://src.fedoraproject.org/rpms/python-svgwrite/ > The bugs on bugzilla: >

plexus-containers license correction

plexus-containers package license tag has been corrected from: ASL 2.0 and MIT to: ASL 2.0 and MIT and xpp Michael ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code

python-pip license changed (and clarified)

python-pip 9.0.x had MIT as License (bundled deps were not mentioned) python-pip 18.0 now has more enjoyable: MIT and Python and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD) License breakdown is in the specfile. -- Miro Hrončok -- Phone: +420777974800 IRC: mhroncok

HEADS UP: pip upgraded from 9 to 18 (rawhide only)

I've just built python-pip-18.0-1.fc29. It has a lot of breaking changes, so please file bugs if you have problems. We do not plan to upgrade pip in stable Fedora releases. Release notes: https://pip.pypa.io/en/stable/news/ See notes for 18 and 10, as we skipped 10. Note that upstream

HEADS UP: pip upgraded from 9 to 18 (rawhide only)

I've just built python-pip-18.0-1.fc29. It has a lot of breaking changes, so please file bugs if you have problems. We do not plan to upgrade pip in stable Fedora releases. Release notes: https://pip.pypa.io/en/stable/news/ See notes for 18 and 10, as we skipped 10. Note that upstream

Re: dnf history - change in how rpmdb checksum is computed

On Tue, Jul 31, 2018 at 1:25 PM Jeff Johnson wrote: > This simply is not true. > > Whatever "rpm format" means, historically RPM itself has always gone to > some lengths not to expose E: to users to simplify the endless fog of > dependency hell clutter. > Yeah, something which is eluding my

Re: [CoreOS] Re: [atomic-devel] Re: Starting a Container SIG

On 07/31/2018 08:29 AM, Clement Verna wrote: > On Tue, 31 Jul 2018 at 13:38, Sanja Bonic wrote: >> >> For search and threaded visibility, it would be useful to have these >> discussions happen on the forums (created a category, let's see if we use >> it:

RFC: make $releasever return "rawhide" on Rawhide

Hello devel list, this is a request for comments for a recent proposal I filed at releng tracker: https://pagure.io/releng/issue/7445 In short, package managers on Rawhide would no longer replace $releasever variable with a numerical value (like '29' at this moment, soon '30'), but with

Re: [atomic-devel] [CoreOS] Re: Starting a Container SIG

On Tue, 31 Jul 2018 at 13:38, Sanja Bonic wrote: > > For search and threaded visibility, it would be useful to have these > discussions happen on the forums (created a category, let's see if we use it: > https://discussion.fedoraproject.org/c/containers) and then be put into the > issue

scala license correction

scala package license tag has been corrected from: BSD to: BSD and CC0 and Public Domain Michael ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct:

Re: [CoreOS] Re: Starting a Container SIG

Doesn't HyperKitty provide the forum experience integrated with the traditional mailing list? On Tue, Jul 31, 2018 at 12:37:50PM +0100, Sanja Bonic wrote: > For search and threaded visibility, it would be useful to have these > discussions happen on the forums (created a category, let's see if

Re: Making Fedora secure - Package exit policy for security

On Tue, Jul 31, 2018 at 09:09:58AM +0530, Huzaifa Sidhpurwala wrote: > Hi All, > > I was asked to bring this issue[1] to the developer community before > FESCO makes a decision. > > In several instances[2] there exists packages in Fedora, in which > package-maintainers did not patch security

Re: dnf history - change in how rpmdb checksum is computed

Jeff Johnson: > This simply is not true. What is not true? Could you please include sentence you are referring to? > Whatever "rpm format" means, historically RPM itself has always gone to some > lengths not to expose E: to users to simplify the endless fog of dependency > hell clutter. Rpm

Re: [CoreOS] Re: Starting a Container SIG

For search and threaded visibility, it would be useful to have these discussions happen on the forums (created a category, let's see if we use it: https://discussion.fedoraproject.org/c/containers) and then be put into the issue tracker on Pagure where applicable. Since both Pagure and Discourse

Re: Making Fedora secure - Package exit policy for security

On 31.7.2018 05:39, Huzaifa Sidhpurwala wrote: > I would like to propose the following: > > > 1. If a CRITICAL or IMPORTANT security issue is open against a package > in Fedora-X and by the time X is EOL and the issue is not addressed, > proactively remove the package from X+1 > 2. If a MODERATE

Re: dnf history - change in how rpmdb checksum is computed

This simply is not true. Whatever "rpm format" means, historically RPM itself has always gone to some lengths not to expose E: to users to simplify the endless fog of dependency hell clutter. ___ devel mailing list -- devel@lists.fedoraproject.org To

Re: Making Fedora secure - Package exit policy for security

Don't rely on MODERATE or LOW distinctions to drop a package in FX+2. Just drop all unfixed packages with the same policy. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora

Re: Making Fedora secure - Package exit policy for security

Huzaifa Sidhpurwala writes: > Hi All, > > I was asked to bring this issue[1] to the developer community before > FESCO makes a decision. > > In several instances[2] there exists packages in Fedora, in which > package-maintainers did not patch security issues, for multiple reasons > including 1.

Re: binutils 2.31.1-4.fc29 - 2.31.1-7.fc29 produces broken ELF binaries

On 07/31/2018 10:41 AM, Hans de Goede wrote: Hi All, This is a heads up about a bug which I hit Sunday, if you're seeing any weird crashes with recently build packages then this may very well be the cause. I've filed a ticket with rel-eng to get affected packages automatically rebuild:

Re: Starting a Container SIG

On Wed, Jul 25, 2018 at 07:09:39PM +0200, Clement Verna wrote: > Container story great in Fedora. If there is a good response, I will > create a Container SIG wiki page, and I guess we can ask for > container-devel mailing list for SIG discussions. What about trying

[Bug 1610065] perl-HTTP-Tiny-0.074 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1610065 --- Comment #3 from Fedora Update System --- perl-HTTP-Tiny-0.074-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-58a4436322 -- You are receiving this mail because: You are on the CC

[Bug 1610065] perl-HTTP-Tiny-0.074 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1610065 --- Comment #2 from Fedora Update System --- perl-HTTP-Tiny-0.074-1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-25a251c107 -- You are receiving this mail because: You are on the CC

[Bug 1610065] perl-HTTP-Tiny-0.074 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1610065 Petr Pisar changed: What|Removed |Added Status|ASSIGNED|MODIFIED Fixed In Version|

binutils 2.31.1-4.fc29 - 2.31.1-7.fc29 produces broken ELF binaries

Hi All, This is a heads up about a bug which I hit Sunday, if you're seeing any weird crashes with recently build packages then this may very well be the cause. I've filed a ticket with rel-eng to get affected packages automatically rebuild: https://pagure.io/releng/issue/7670 Here is the

License tags of i2c-tools corrected

I reviewed the licensing of i2c-tools and found the License tags to be inaccurate. I changed the tags as follows. i2c-tools-eepromer subpackage: License tag changed from GPLv2+ to GPLv2+ and Public Domain python3-i2c-tools subpackage: License tag changed from GPLv2+ to GPLv2 Best regards Ondřej

Re: Making Fedora secure - Package exit policy for security

On Tue, Jul 31, 2018 at 09:09:58AM +0530, Huzaifa Sidhpurwala wrote: > Hi All, > > I was asked to bring this issue[1] to the developer community before > FESCO makes a decision. > > In several instances[2] there exists packages in Fedora, in which > package-maintainers did not patch security

Re: Intent to retire python-svgwrite

I'll gladly give you access. What is your fedora username? The repo: https://src.fedoraproject.org/rpms/python-svgwrite/ The bugs on bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1605936 PS: I made a mistake in the package name. The name is python-svgwrite, not just python-svg. Sorry

Re: dnf history - change in how rpmdb checksum is computed

Neal Gompa: > > Regarding these two questions: > > > >>> Are there any concerns about such change? > >>> I believe that >90% users wouldn't notice anything as it's related to the > >>> history database only. > > > >> On Wed, Jul 18, 2018 at 10:01 AM Igor Gnatenko > >> wrote: > >> Since we've

Re: dokuwiki packagers unresponsive

On Mon, Jul 30, 2018 at 11:07:21PM +0200, Peter 'Pessoft' Kolínek wrote: > I've already submitted a pull request for dokuwiki circa a month ago: > https://src.fedoraproject.org/rpms/dokuwiki/pull-request/2 > Also for topdog's other package ike 10 days ago: >