Re: Notification of uploads to the lookaside cache
On Sat, 2009-11-21 at 19:34 -0500, Jon Stanley wrote: As part of our ever vigilant stance towards security around our packaging process, we have added a new feature to upload.cgi (which accepts file uploads into the lookaside cache) which will email the package owner (package-ow...@fedoraproject.org, specifically) and fedora-extras-comm...@redhat.com whenever a file is uploaded to the lookaside cache. Previously this was a big black box and an area of concern. The message will contain the name of the file, the package concerned, the md5sum, and the user that uploaded it. An example is below: File upload.cgi for package sportrop-fonts has been uploaded to the lookaside cache with md5sum 26489f9e92601f0f84cfbb278c2b98e1 by jstanley Please let me know if you have any questions, comments, or room for improvement! Can we get an X-Fedora-Upload: header in these or something? Filtering by subject line always makes me feel dirty. - ajax signature.asc Description: This is a digitally signed message part -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Notification of uploads to the lookaside cache
Adam Jackson wrote: Can we get an X-Fedora-Upload: header in these or something? Filtering by subject line always makes me feel dirty. How about using the Keywords header? That way we can also use it to create a topic for the fedora-extras-commits list. Something like: Keywords: Fedora file upload ($package, $filename) perhaps? -- ToddOpenPGP - KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~ Tell a man there are 300 billion stars in the universe, he'll believe you. Tell him a bench has wet paint on it and he'll have to touch it to be sure. pgp3455PcwnQy.pgp Description: PGP signature -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Notification of uploads to the lookaside cache
On Sat, 2009-11-21 at 19:34 -0500, Jon Stanley wrote: As part of our ever vigilant stance towards security around our packaging process, we have added a new feature to upload.cgi (which accepts file uploads into the lookaside cache) which will email the package owner (package-ow...@fedoraproject.org, specifically) and fedora-extras-comm...@redhat.com whenever a file is uploaded to the lookaside cache. Previously this was a big black box and an area of concern. Awesome. Thanks a whole bunch! Jon. -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Notification of uploads to the lookaside cache
On Sat, 2009-11-21 at 19:34 -0500, Jon Stanley wrote: As part of our ever vigilant stance towards security around our packaging process, we have added a new feature to upload.cgi (which accepts file uploads into the lookaside cache) which will email the package owner (package-ow...@fedoraproject.org, specifically) and fedora-extras-comm...@redhat.com whenever a file is uploaded to the lookaside cache. Previously this was a big black box and an area of concern. Minor gripe --- could we have these emitted by a less bogus sender address than nob...@fedoraproject.org? That's getting eaten by my spam filters. regards, tom lane -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Notification of uploads to the lookaside cache
On Sunday, 22 November 2009 at 01:34, Jon Stanley wrote: [...] Please let me know if you have any questions, comments, or room for improvement! It'll provide means for maintainers to verify their changes, and that's always a good thing. Thanks! Regards, R. -- Fedora http://fedoraproject.org/wiki/User:Rathann RPMFusion http://rpmfusion.org | MPlayer http://mplayerhq.hu Faith manages. -- Delenn to Lennier in Babylon 5:Confessions and Lamentations -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Notification of uploads to the lookaside cache
Jon Stanley wrote: The message will contain the name of the file, the package concerned, the md5sum, and the user that uploaded it. An example is below: File upload.cgi for package sportrop-fonts has been uploaded to the lookaside cache with md5sum 26489f9e92601f0f84cfbb278c2b98e1 by jstanley Please let me know if you have any questions, comments, or room for improvement! Well, since you asked... :) I'd like to suggest that we use the name of the account uploading the file instead of nob...@fedoraproject.org and tweak the format of the message just a little, to make it easier to compare the output to locally generated md5sum output. An example: A file has been added to the lookaside cache for sportrop-fonts: 26489f9e92601f0f84cfbb278c2b98e1 sportrop-fonts-1.0.tar.gz Being lazy, I try to be the last one to volunteer anyone else for work, so I have also made these suggestions in convenient unified diff format (easily applied using git am to the infrastructure puppet repository) at: http://tmz.fedorapeople.org/patches/upload_cgi/ Thanks for adding this feature to the upload scripts. I think it's a good idea. Next up, moving from MD5 to something stronger, like SHA256. ;) -- ToddOpenPGP - KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~ Anyone who is capable of getting themselves made President should on no account be allowed to do the job. -- Douglas Adams pgpiigayDaS9L.pgp Description: PGP signature -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Notification of uploads to the lookaside cache
Jon Stanley wrote: The message will contain the name of the file, the package concerned, the md5sum, and the user that uploaded it. An example is below: File upload.cgi for package sportrop-fonts has been uploaded to the lookaside cache with md5sum 26489f9e92601f0f84cfbb278c2b98e1 by jstanley Please let me know if you have any questions, comments, or room for improvement! Well, since you asked... :) I'd like to suggest that we use the name of the account uploading the file instead of nob...@fedoraproject.org and tweak the format of the message just a little, to make it easier to compare the output to locally generated md5sum output. An example: A file has been added to the lookaside cache for sportrop-fonts: 26489f9e92601f0f84cfbb278c2b98e1 sportrop-fonts-1.0.tar.gz Being lazy, I try to be the last one to volunteer anyone else for work, so I have also made these suggestions in convenient unified diff format (easily applied using git am to the infrastructure puppet repository) at: http://tmz.fedorapeople.org/patches/upload_cgi/ Thanks for adding this feature to the upload scripts. I think it's a good idea. Next up, moving from MD5 to something stronger, like SHA256. ;) Does anyone know why I'm getting tons of notifications concerning packages for which I am not maintainer, co-maintainer? -- ToddOpenPGP - KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~ Anyone who is capable of getting themselves made President should on no account be allowed to do the job. -- Douglas Adams -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list -- in your fear, seek only peace in your fear, seek only love -d. bowie -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Notification of uploads to the lookaside cache
On Sun, Nov 22, 2009 at 3:16 PM, Jon Ciesla l...@jcomserv.net wrote: Does anyone know why I'm getting tons of notifications concerning packages for which I am not maintainer, co-maintainer? No clue - are you on fedora-extras-commits maybe? You'd get them all in that case. -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list