Re: Openssl heartbleed
On Tue, Apr 8, 2014 at 8:46 PM, Adam Williamson wrote: > On Tue, 2014-04-08 at 18:47 -0700, Gregory Maxwell wrote: >> On Tue, Apr 8, 2014 at 6:44 PM, Chuck Forsberg WA7KGX wrote: >> > According to the announcement, that version is vulnerable. >> > Of the 1.01 versions, only 1.01g is saf(er). >> >> RedHat backported the fix as the openssl in fedroda/rhel is carrying a >> ton of patches. >> >> I expect this is going to cause a lot of confusion. > > I don't see why. Backporting security fixes is standard procedure and > has been for decades. It would be extremely irresponsible to just shove > out a new and untested openssl build as a stable update. Just because it has the attention of less experienced people. I've now seen confusion about Fedora being fixed in two places. Just a data point. I don't think that any different behavior is advisable. -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: Openssl heartbleed
On Tue, Apr 8, 2014 at 6:44 PM, Chuck Forsberg WA7KGX wrote: > According to the announcement, that version is vulnerable. > Of the 1.01 versions, only 1.01g is saf(er). RedHat backported the fix as the openssl in fedroda/rhel is carrying a ton of patches. I expect this is going to cause a lot of confusion. -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: Linking negative karma points to a reported bug
On Wed, Jun 27, 2012 at 11:54 AM, Jóhann B. Guðmundsson wrote: > Just bringing this topic to the appropriate mailing list > > On the last kernel meeting [1] it was suggested negative karma points should > be linked to a reported bug which kinda makes sense if you think about it. > > What that means is that you ( as in reporter ) will no longer be able to > provide negative karma without linking it to an already existing bug report > either created by your or someone else if that came to be. Is there such a surplus of people testing things and providing negative karma that it's acceptable to refuse any that doesn't come with a bug report? And is the pain of bugless negative karma so great that it will overcome the cost of an additional mandatory step in the karma reporting process? Why not start by sending email nags to people who've added negative karma but who haven't provided a buglink? -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: bash filename completion buggy in F16?
On Thu, Oct 20, 2011 at 1:33 PM, Adam Williamson wrote: >> Firefox plays ogg files just fine too. > > I can't think of a sensible reason for actually using it to play them, > though. Firefox isn't a music player. It just calls some other app to > play oggs and embeds it anyway, I think. Thats not at all true. (And FWIW, Fedora _still_ appears to be shipping Firefox with internally bundled libtheora, libvorbis, libogg which IIRC are identical with upstream; and libvpx which it appears is not identical to upstream) With the exception of support for chained files and surround the ogg support in firefox is probably the most complete of any application shipped with fedora (depending on the phase of the moon gstreamer/totem is variously broken e.g. I don't think the version shipped in fedora will seek in streams over the network). It's a reasonable enough basic player, and its often the only player for these files on Mac and Windows machines, so cross platform instructions would be good to advise people to use firefox. (Although, I suppose they won't be advising them to launch it via the CLI!) Moreover, what benefit are you providing to users by inexplicably refusing to complete file names? I think inexplicable is perfectly well justified word here— since you're certainly not using the program's ability to support the file as the criteria. -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: bash filename completion buggy in F16?
On Thu, Oct 20, 2011 at 1:15 PM, Joachim Backes wrote: > I opened a BZ (682785) concerning the described problems, and it was > rejected as "no bug" (obviously the completion works not independent > from the leading command, for example if the cmd is firefox, as in my > case, it's not expected that an ogg file is to be opened :-) For me, > this philosophy is rather weird! Firefox plays ogg files just fine too. :-/ At least you're not getting multisecond waits while the competition tries to do some packagekit crap to connect to a remote repository that you can't currently reach. :-/ -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: Well, I've tried GNOME 3 now...
On Mon, Apr 25, 2011 at 5:23 PM, Bill Nottingham wrote: > http://git.gnome.org/ > http://spins.fedoraproject.org/ > > The beautiful thing about open source is that you always have that choice. > Sure, you may not like the amount of effort that may be involved (on a > scale that goes from switching your local desktop, all the way up to forking > your own copy of GNOME 2.30 and taking it in whatever direction you feel > like), but it doesn't mean you don't have that choice. Even if there were no "open source" you'd have the _choice_ of creating your own operating system and software all from scratch if the available software didn't work the way you needed it to. But because of the enormous effort required that "freedom" isn't very meaningful. Likewise, when the whole distribution is driven in a particular direction going against that direction is quite costly: Even if you're willing to put in the effort to support and maintain gnome 2.30 you will still suffer from the fact that Fedora is developed against and tested with the new stuff and will almost certainly become gratuitously incompatible with the old stuff. People use distributiosn because assembling and maintaining the whole system on their own is not a good (or available) option for them. Fedora's support for non-standard configurations is not especially good, even compared to some other distributions. The difference from the above no-open-source example is only quantitative. Meaningfully so, but "you can break free from the fedora default and engage in an unsupported high effort configuration" is still not a valid argument against claims that a decision is net-detrimental to the Fedora user community, even if it is technically true. That sort of argument should be rebutted with evidence that on the whole and in the long term the change is expected to be beneficial to the user community and/or the GNU/Linux ecosystem overall and evidence that these goals could not otherwise be met through means which deprived (by forcing them into non-standard configurations) fewer users of the value that Fedora provides. -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: Fedora 14 NTP and SELinux
On Mon, Nov 29, 2010 at 1:05 AM, Rahul Sundaram wrote: > Hi > > Read a couple of reviews and blog posts mentioning this, if you use ntp > via firstboot in Fedora 14 and you login, you get SELinux warnings on > login. I tried testing this in a vm and this is very much reproducible > and is such a jarring user experience. What can we do to avoid these > class of problems for the next release? Not having so many fedora developers, testers, and redhat staff running with selinux in disabled/in permissive mode would be a good start. Can you link to the reviews? I'm pretty sure I enabled ntp in first boot on all the systems I've installed F14 on and I don't recall seeing alerts on the first login— and it's something I would have reported if I noticed it. -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test