Re: What I HATE about F11
On Sat, 13 Jun 2009 22:19:17 -0400 Charles Butterfield charles.butterfi...@nextcentury.com wrote: Okay, so I mostly love Fedora. However, here are 4 things that got by blood really, really boiling, so I thought I'd share my emotions. They are mostly policy issues, where I think you have gotten it very very wrong. Well, wrong is a fairly subjective term, but each to their own. :-D Just installed F11 64 bit, here are the things I hate about it in the first 30 minutes (of course there are a lot of things I like too, but they work, these don't). No doubt more will crop up. * Root gdm login - gets harder every release - SHAME ON YOU root nazis! Ich bin ein secure user and you should be too. Logging in as root into X directly (or the console for that matter) is a *bad idea*. Yes a *BAD IDEA* This isn't specific to Fedora or even Linux/UNIX for that matter (Savvy Windows admins have been trying this too to no avail. They do exist, in times past I was one..) With the likes of sudo / ConsoleKit / console-helper et. al you should never, ever need to run an extended session as root. Your day-to-day work can be done perfectly well as a standard non-privileged user, the applications that *need* root, especially in X, are hooked into consolehelper/ConsoleKit anyway and will prompt you for the root password in any case (when run as a regular user) As a systems administrator I applaud this idea, as it stops people from shooting themselves in the foot (which is more like a Howtizer, be it a desktop or server) As a BOFH I'd like to see it extended further, lecturing/LARTing the user for even attempting root login on X/direct tty :-P * Samba (outbound) browsing requires firewall mods Turn off the firewall (if you're on a trusted local network) or punch the required holes (137-139,445,kerberos) via system-config-firewall otherwise. The default firewall is quite strict, which given that new users are often ignorant of UNIX security is not such a bad idea (see bullet/foot above) * Jamming SELinux enforcing mode with no query during install I've done reinstalls and upgrades and not seen a denial AVC - I believe if it runs during the installer it would be a permissive / targeted mode. I did have SELinux break an upgrade but that was many releases back, and a relabel fixed it. And a bug: * My supported NVIDIA card (Quadro NVS 295) is not detected - okay this may not be due to overt, mulish arrogance, but I did check the supported card list and it is really annoying. While noveau is better than prior releases, it's not perfect - I have a 8800GS - noveau works but it kernel panics and glitched out on me on a couple of occasions (suspect my system has a conflict somewhere) - the nvidia binary blob works, it's not my preference but got things going. I'll give it another whirl in a future update My card is supported too, but it doesn't mean it's perfect. The first 3 items are just freaking absurd and represent some sort of political agenda combined with astonishing arrogance. You forgot the IMHO. Can you outline this political agenda you speak of, or are you being melodramatic? I happen to believe the reasons are much simpler - sound technical and *secure* usability. We're not being bastards for the sake of it. Is a graphical root login dangerous -- of course! So are a lot of things, which have obvious enable/disable controls. Was this this discussed in the release note? - NO. Should it be inhibited by an ever-increasing set of obscure work-arounds (in this case an new file to edit in F11)? Of course not. Again, you forgot the IMHO. Your case is (hopefully) a minority one - most users won't know or care, those that do will try and find out how to enable it if they *really* want it. Making it simple to do something that is inherently dangerous is just bad practice and WILL bite users on the backside. (Well as was pointed out to me in thread http://forums.fedoraforum.org/showthread.php?t=223793 this is discussed... but in non-highlighted text at the end of the boring last bullet suggesting you save and close). And why on earth show the stupid Windows Network if it doesn't work -- just gives an obscure error message Failed to retrieve share list from server. If you install the client, the reasonable man would open the ports, OR provide a cluefull error message. Take up the error message with the nautilus developers - it's technically correct (if the firewall is closed then the browse list will not be retrievable from the DC/browse master) but not very specific. The firewall case is different again: The precise ports to open vary by environment (are you on an Active Directory domain or a Samba3/NT4 style domain? The ports differ slightly between versions) Also changing system security silently and dynamically in a package install, without the user/admin's knowledge is a definite no-no. SELinux - enforcing So all the bugs are worked out? I think
Re: rpmconf - tool to handle rpmnew and rpmsave files
Hi, from these tools only Gentoo looks to me to do the right thing - one has to do a 3-files merge. Just having the old modified file and the new unmodified files has no solution how to do the automatic merge = how to get the new configuration file with all the local changes of the old file brought in. rpm should save originals of all the configuration files it installs. On Fedora I have to save them by hand before modifying any config file (I save them to name-orig files). Then by hand (or by the automated attached script) do the diff/patch merge. http://miroslav.suchy.cz/fedora/rpmconf/rpmconf http://svn.mandriva.com/cgi-bin/viewvc.cgi/soft/rpmdrake/trunk/Rpmdrake/rpmnew.pm?view=markup yum-plugin-merge-conf (not installed by default) All these tools require human interaction even in the case a fully automated (95% safe) merge is possible. Moreover the human can never be sure if (s)he did not forget to merge in some of the changes from the old version of the file. http://learn.clemsonlinux.org/wiki/Gentoo:etc-update Not sure if this one but maybe Gentoo dispatch-conf does the right thing. Regards, Jan #! /bin/sh set -ex for base in $@;do base=`echo $base|sed 's/[.]rpmnew$//'` test -f $base test -f $base.rpmnew test ! -f $base.orig test ! -f $base.rej if test ! -f $base-orig then cmp $base $base.rpmnew mv -f $base.rpmnew $base continue fi if diff -u $base-orig $base.rpmnew | patch -f $base then test ! -f $base.rej rm -f $base.orig mv -f $base.rpmnew $base-orig continue fi test -f $base.orig test -f $base.rej mv -f $base.orig $base rm -f $base.rej exit 1 done echo OK -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Do we need split media CDs for F12?
On Sat, Jun 13, 2009 at 11:38 PM, Bradley Baetz bba...@gmail.com wrote: On 14/06/09 04:53, Robert 'Bob' Jensen wrote: - Frank Murphyfrankl...@gmail.com wrote: Just curious. But if a user has bandwidth problems, how is\are mutiple CD's going to help, or is it purely on hardware grounds, no dvd-rom. Does no one remember what happened last time the CD ball was dropped? Lets not repeat history just for fun. We have been down this road before, it was ugly and only lasted one release. Torrent tracker numbers BTW do not always tell the truth. In many cases in these less fortunate areas one person will download the ISO images, then make CDs for any one in the surrounding villages. Sneakernet is alive and well. I asked about this topic a few minutes ago in the #fedora-social IRC channel because we seemed to have a pretty diverse mix of people chatting. There was a resounding response that the CDs need to be kept. What about a script that takes the DVD image and produces CD .isos? That saves on mirror space, but still allows people who want/need CDs to make them. Although it would require (temporarily) 2-3 times the disk space for that process, I guess. Bradley A script that takes the DVD image to produce the CD versions would basically require extracting the whole DVD image and then generating new ISOs from that tree. Maybe mirrors could do it if you want to save space on the main server or whatever. Also, maybe we should support PXE/network booting the Live version from mirrors or whatever with the advent of netbooks and other computers without an optical drive. While doing it via USB is preferable, it is not always possible. For example I have a laptop with a completely damaged drive bay where the CD drive is and it does not support booting from USB devices. Being able to boot the Live distro from a network would be a great alternative. -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On Sat, 2009-06-13 at 22:19 -0400, Charles Butterfield wrote: snip * Root gdm login - gets harder every release - SHAME ON YOU root nazis! You can always init 3, login as root and startx if you *really need* graphical root login (or use su in gnome-terminal or whatever gui terminal is your favourite). I think that disabling root login in gdm is fairly good security measure for noobs coming windows while experienced administrators still know what to do if they need it. But I've never really needed gui root login for the 4 past years I've been using Fedora linux. * Samba (outbound) browsing requires firewall mods I don't know how Samba works, so forgive me if I say obvious stupidity, but shouldn't *client* work even behind closed firewall (like with any other services like ssh, ftp, ...)? Isn't this a samba bug then? * Jamming SELinux enforcing mode with no query during install Well, what works for me does not tell anything in general, but for the first time, I've been using SELinux enforcing mode since installing Fedora 11 Alpha. It does not get into my way. And a bug: * My supported NVIDIA card (Quadro NVS 295) is not detected - okay this may not be due to overt, mulish arrogance, but I did check the supported card list and it is really annoying. I don't know how to read this. Your X does not start? Or does it start with weird resolution? What are the results of the card not being detected? Which drivers does not work (nouveau, nv, proprietary one)? Have you filled a bug? Martin signature.asc Description: This is a digitally signed message part -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Do we need split media CDs for F12?
On 14/06/09 04:47, Jesse Keating wrote: Don't be clouded by who is requesting it. Releng qa anaconda et al would love to stop doing split cds. Less confusion on what to download would be appreciated by many too. We are one of the last distros to still do cd media outside of live media. Is this a case of users not knowing there are better choices than split CDs? Research into those demanding splits should be done and documented by those eager to continue seeing them produced. A thought. Maybe put this to the various Ambassador groupings. EMEA, APAC. etc. Find out from the locals, what it's like on the ground. If it comes back that Area X,Y. are the main splitters. For HW,BW reasons, whatever. Ask them do a poll in their localities, schools, workplaces. They are best placed. Just worried about any negative karma. *Fedora dumps on xyz* Frank -- jabber | msn | google-talk | skype: frankly3d (Skype will be scrapped 1st July 2009) http://www.frankly3d.com Mailing-List Reply to: Mailing-List -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: FESCo meeting summary for 2009-06-12
On 12.06.2009 20:54, Jon Stanley wrote: Here's the minutes and IRC log of today's FESCo meeting Minutes: http://www.scrye.com/~kevin/fedora/fedora-meeting/2009/fedora-meeting.2009-06-12-17.01.html Log: http://www.scrye.com/~kevin/fedora/fedora-meeting/2009/fedora-meeting.2009-06-12-17.01.log.html I actually must say that I don't like this log very much (and that is the diplomatic version), but well, it's better then nothing and maybe I got used to it. Is there a text version that could be cut'n'pasted in the mail? That way people can read them immediately and reply to certain parts easily. Cu knurd -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
rawhide report: 20090614 changes
Compose started at Sun Jun 14 06:15:11 UTC 2009 Updated Packages: Miro-2.0.4-1.fc12 - * Sat Jun 13 2009 Alex Lancaster alexlan[AT}fedoraproject org - 2.0.3-3 - Rebuild against newer Python boost * Sat Jun 13 2009 Alex Lancaster alexlan[AT}fedoraproject org - 2.0.4-1 - Update to upstream 2.0.4 PyKDE-3.16.3-1.fc12 --- * Sat Jun 13 2009 Rex Dieter rdie...@fedoraproject.org - 3.16.3-1 - PyKDE-3.16.3 TeXmacs-1.0.7.2-1.fc12 -- * Sat Jun 13 2009 Gerard Milmeister g...@bluewin.ch - 1.0.7.2-1 - new release 1.0.7.2 abcMIDI-20090317-1.fc12 --- * Sat Jun 13 2009 Gerard Milmeister g...@bluewin.ch - 20090317-1 - new release 2009-03-17 abcm2ps-5.9.5-1.fc12 * Sat Jun 13 2009 Gerard Milmeister g...@bluewin.ch - 5.9.5-1 - new release 5.9.5 acpi-1.3-1.fc12 --- * Sat Jun 13 2009 Steven M. Parrish smparr...@gmail.com 1.3-1 - New upstream release - Removed obsolete patch amarok-2.1.1-1.fc12 --- * Fri Jun 12 2009 Rex Dieter rdie...@fedoraproject.org 2.1.1-1 - amarok-2.1.1 banshee-1.5.0-1.fc12 * Fri Jun 12 2009 Michel Salim sali...@fedoraproject.org - 1.5.0-1 - Update to 1.5.0 choqok-0.6.1-7.fc12 --- * Sun Jun 14 2009 Tejas Dinkar te...@gja.in - 0.6.1-7 - Choqok 0.6.1 is out with the below two patches * Sat Jun 13 2009 Tejas Dinkar te...@gja.in - 0.6-5 - Fixed the twitpocalypse (via patch) * Sat Jun 13 2009 Tejas Dinkar te...@gja.in - 0.6-6 - Fixed the inreplyto (via patch) cone-0.78-1.fc12 * Sat Jun 13 2009 Milos Jakubicek xja...@fi.muni.cz - 0.78-1 - Update to 0.78 (resolves BZ#496421, BZ#426952). - Dropped cone-gcc44.patch (merged upstream). drpython-3.11.0-5.fc12 -- * Sat Jun 13 2009 Marc Wiriadisastra m...@mwiriadi.id.au - 1:3.11.0-5 - Fixed the drpython bin file to look for python instead of hard coding the python location florence-0.4.2-0.1.fc12 --- * Sat Jun 13 2009 Simon Wesp cassmod...@fedoraproject.org - 0.4.2-0.1 - Update to an unofficial prerelease (upstream sent it via email) jd-2.4.1-0.1.svn2883_trunk.fc12 --- * Sat Jun 13 2009 Mamoru Tasaka mtas...@ioa.s.u-tokyo.ac.jp - rev 2883 kanatest-0.4.8-2.fc12 - * Sat Jun 13 2009 Robert Marcano rob...@marcanoonline.com - 0.4.8-2 - Update to upstream release 0.4.8 kde-filesystem-4-27.fc12 * Sat Jun 13 2009 Rex Dieter rdie...@fedoraproject.org 4-27 - Should own /usr/share/kde4/services/ServiceMenus (#505735) libicns-0.7.0-1.fc12 * Sat Jun 13 2009 Andrea Musuruane musur...@gmail.com - 0.7.0-1 - Updated to upstream 0.7.0 libpng-1.2.37-1.fc12 * Sat Jun 13 2009 Tom Lane t...@redhat.com 2:1.2.37-1 - Update to libpng 1.2.37, to fix CVE-2009-2042 Related: #504782 loudmouth-1.4.3-5.fc12 -- * Fri Jun 12 2009 Brian Pepple bpep...@fedoraproject.org - 1.4.3-5 - Add patch to fix digest uri bug. (#503901) lxde-common-0.4.1-3.fc12 * Sat Jun 13 2009 Christoph Wickert cwick...@fedoraproject.org - 0.4.1-2 - Include logout and screenlock buttons (#503919) * Sat Jun 13 2009 Christoph Wickert cwick...@fedoraproject.org - 0.4.1-2 - Add XO keyboard shortcuts moin-1.8.4-1.fc12 - * Sat Jun 13 2009 Ville-Pekka Vainio vpivaini AT cs.helsinki.fi 1.8.4-1 - Update to 1.8.4, http://moinmo.in/MoinMoinRelease1.8 has a list of changes. - Includes a security fix for hierarchical ACL (not the default mode), http://moinmo.in/SecurityFixes has the details. - Drop previous security patches, those are not needed anymore. perl-Catalyst-Runtime-5.80005-2.fc12 * Sat Jun 13 2009 Iain Arnell iarn...@gmail.com 5.80005-2 - requires perl(MooseX::Emulate::Class::Accessor::Fast) perl-Net-Amazon-0.52-1.fc12 --- * Sat Jun 13 2009 Iain Arnell iarn...@gmail.com 0.52-1 - update to latest upstream perl-POE-Component-Client-Keepalive-0.2500-1.fc12 - * Sat Jun 13 2009 Stepan Kasal ska...@redhat.com 0.2500-1 - work around the broken versioning perl-SQL-Abstract-1.56-1.fc12 - * Sat Jun 13 2009 Chris Weyl cw...@alumni.drew.edu 1.56-1 - auto-update to 1.56 (by cpan-spec-update 0.01) python-zope-testing-3.7.3-2.fc12 * Sat Jun 13 2009 Conrad Meyer kon...@tylerc.org - 3.7.3-2 - Fix file conflict with python-zope-filesystem. rapid-photo-downloader-0.0.10-1.fc12 * Sun Jun 14 2009 Fabian Affolter fab...@bernewireless.net - 0.0.10-1 - Added translations - Changed source url - Updated to new upstream version ratpoison-1.4.4-2.fc12 -- * Fri Jun 12 2009 Ville Skyttä ville.skytta at iki.fi - 1.4.4-2 - Build with $RPM_OPT_FLAGS. - Disable autotools dependency tracking for
Re: What I HATE about F11
Hi, To be honest, I like the Ubuntu way of adding a sudoers entry for the first user that gets created. Then suggest it as a feature for F12 That is actually a very good idea. Ubuntu has an admin group, and users in that group can use sudo due to this line in sudoers: %admin ALL=(ALL) ALL I might suggest this as a feature unless anyone else wants to (or thinks I shouldn't) ? Rich -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
Ubuntu has an admin group, and users in that group can use sudo due to this line in sudoers: %admin ALL=(ALL) ALL I might suggest this as a feature unless anyone else wants to (or thinks I shouldn't) ? # grep -n wheel /etc/sudoers 81:## Allows people in group wheel to run all commands 82:# %wheel ALL=(ALL) ALL 85:# %wheel ALL=(ALL) NOPASSWD: ALL All you have to do is uncomment one line ;) -- Mathieu Bridon (bochecha) -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
# grep -n wheel /etc/sudoers 81:## Allows people in group wheel to run all commands 82:# %wheel ALL=(ALL) ALL 85:# %wheel ALL=(ALL) NOPASSWD: ALL All you have to do is uncomment one line ;) That's exactly what I do, followed by: $ usermod -a -G wheel rich But wouldn't it be nice if this line was uncommented by default, and firstboot added the first user to this group automatically? Rich -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Where do i file a bug against the kde-redhat repository?
Yaakov Nemoy wrote: Hey All, As the subject says, i'm looking to figure out where is the accountable place for filing bug reports. For anyone who can apply a quick fix, the repo is missing repo closure, and i can't install the latest KDE beta because PyKDE is out of date. fedora-kde mailing list or #fedora-kde on freenode irc. In this case, the problem is known, the latest kdebindings fails to build on anything f12/rawhide, cause is currently unknown. -- Rex -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: [Phoronix] Ubuntu 9.04 vs. Fedora 11 Performance
On Sat, 2009-06-13 at 21:05 +0200, Kevin Kofler wrote: Too bad their hardware benchmarks do not match the development news, and too bad they also feel it necessary to continuously warn about alleged unsuitability of the Free drivers for production use (when in reality they just work as long as you pick hardware which is already fully supported, but their hardware section makes no effort to recommend such hardware). I don't care how they compare with proprietary modules. I want comparisons between the different Free drivers and recommendations for the best hardware when benchmarked using Free drivers. They have no such benchmark. I disagree, they should not be promoting proprietary software, they should focus on graphics in Free Software, not with proprietary drivers on an otherwise Free system. But even if they did 2 sections about hardware, one with proprietary drivers and one with Free drivers, comparing what is comparable (i.e., at this stage, in most cases, proprietary vs. proprietary and Free vs. Free), that'd already be an improvement. Of course, if the Free drivers manage to beat the proprietary ones for comparably-priced hardware, that's always worth reporting! But they shouldn't be required to to even get mentioned at all in the benchmarks. In your view, once a site compares the performance of OSS drivers vs. proprietary drivers their results are no longer valid. What about SAMBA performance? Should we ignore sites that compare Linux vs. Windows 2K8 file servers? Should we ban sites that compare VMWare and KVM? Where does it stop? - Gilboa P.S. One correction: Phoronix ran a large number of OSS vs. OSS drivers benchmarks. As far as I know, there are the only ones to do it. (Has anyone @Fedora ever published a Fedora 8 vs Fedora 10 on i810 benchmark?) -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On Sun, 2009-06-14 at 10:35 +0200, Martin Sourada wrote: On Sat, 2009-06-13 at 22:19 -0400, Charles Butterfield wrote: snip * Root gdm login - gets harder every release - SHAME ON YOU root nazis! You can always init 3, login as root and startx if you *really need* graphical root login (or use su in gnome-terminal or whatever gui terminal is your favourite). I think that disabling root login in gdm is fairly good security measure for noobs coming windows while experienced administrators still know what to do if they need it. But I've never really needed gui root login for the 4 past years I've been using Fedora linux. I haven't done a graphical root login in the past 10 years probably and on multiple distribution. Graphical root login is meaningless. * Samba (outbound) browsing requires firewall mods I don't know how Samba works, so forgive me if I say obvious stupidity, but shouldn't *client* work even behind closed firewall (like with any other services like ssh, ftp, ...)? Isn't this a samba bug then? Samba as a client needs to listen for Netbios packets replies (UDP) to do browsing, so since F-10 (yes this is not something new in F-11) the firewall has strict rules and there is a samba client specific rule. * Jamming SELinux enforcing mode with no query during install Well, what works for me does not tell anything in general, but for the first time, I've been using SELinux enforcing mode since installing Fedora 11 Alpha. It does not get into my way. I've been developing even on F-11 pres and on F-10 with SELinux enforcing. I had a relabeling problem only after the upgrade process done during beta (where you don't expect everything to work fine anyway). No real problem whatsoever for regular usage. Simo. -- Simo Sorce * Red Hat, Inc * New York -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Do we need split media CDs for F12?
On Jun 14, 2009, at 1:30, King InuYasha ngomp...@gmail.com wrote: On Sat, Jun 13, 2009 at 11:38 PM, Bradley Baetz bba...@gmail.com wrote: On 14/06/09 04:53, Robert 'Bob' Jensen wrote: - Frank Murphyfrankl...@gmail.com wrote: Just curious. But if a user has bandwidth problems, how is\are mutiple CD's going to help, or is it purely on hardware grounds, no dvd-rom. Does no one remember what happened last time the CD ball was dropped? Lets not repeat history just for fun. We have been down this road before, it was ugly and only lasted one release. Torrent tracker numbers BTW do not always tell the truth. In many cases in these less fortunate areas one person will download the ISO images, then make CDs for any one in the surrounding villages. Sneakernet is alive and well. I asked about this topic a few minutes ago in the #fedora-social IRC channel because we seemed to have a pretty diverse mix of people chatting. There was a resounding response that the CDs need to be kept. What about a script that takes the DVD image and produces CD .isos? That saves on mirror space, but still allows people who want/need CDs to make them. Although it would require (temporarily) 2-3 times the disk space for that process, I guess. Bradley A script that takes the DVD image to produce the CD versions would basically require extracting the whole DVD image and then generating new ISOs from that tree. Maybe mirrors could do it if you want to save space on the main server or whatever. Also, maybe we should support PXE/network booting the Live version from mirrors or whatever with the advent of netbooks and other computers without an optical drive. While doing it via USB is preferable, it is not always possible. For example I have a laptop with a completely damaged drive bay where the CD drive is and it does not support booting from USB devices. Being able to boot the Live distro from a network would be a great alternative. Why the live and not the normal install via pxe? -- Jes-- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On Jun 14, 2009, at 5:31, Richard Fearn richardfe...@gmail.com wrote: Hi, To be honest, I like the Ubuntu way of adding a sudoers entry for the first user that gets created. Then suggest it as a feature for F12 That is actually a very good idea. Ubuntu has an admin group, and users in that group can use sudo due to this line in sudoers: %admin ALL=(ALL) ALL I might suggest this as a feature unless anyone else wants to (or thinks I We have the wheel group which would fit the bill. -- Jes -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Deltarpms for Rawhide?
On Jun 14, 2009, at 6:24, Jonathan Dieter jdie...@gmail.com wrote: Are we no longer generating deltarpms in Rawhide? Both the June 13 and June 14 composes no longer have the drpms directory. Because of bandwidth issues, on our school's private mirror I normally rsync the drpms first, build the rpms, and then rsync everything. I probably won't be able to mirror Rawhide if we're not generating deltarpms for it anymore. Jonathan -- We are chasing a bug in the delta path that is making rawhide take over 24 hours to compose. For now, no deltas. -- Jes -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On Sun, Jun 14, 2009 at 17:45:43 +1000, Michael Fleming mflem...@thatfleminggent.com wrote: I've done reinstalls and upgrades and not seen a denial AVC - I believe if it runs during the installer it would be a permissive / targeted mode. I did have SELinux break an upgrade but that was many releases back, and a relabel fixed it. There is a bit of confusion here. It doesn't make sense to alternate permissive and targeted. SELinux can be disabled, running in permissive mode or enforcing mode. Fedora has 3 differently policies provided for you to use, mimimum, targeted and mls. The old strict policy has been merged into targeted. -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Do we need split media CDs for F12?
- King InuYasha ngomp...@gmail.com wrote: A script that takes the DVD image to produce the CD versions would basically require extracting the whole DVD image and then generating new ISOs from that tree. Maybe mirrors could do it if you want to save space on the main server or whatever. I think Bradley was suggesting something that the user could use to create CDs from an expanded DVD. I believe that revisor can do this pretty easily for users that already have an existing Fedora or EL install, kanarip will be speaking up on this I hope now that he is home. - Bob | Robert 'Bob' Jensen|| Fedora Unity Founder | | b...@fedoraunity.org|| http://fedoraunity.org/ | | http://bjensen.fedorapeople.org/ | |http://blogs.fedoraunity.org/bobjensen| -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
We have the wheel group which would fit the bill. Yeah, I always uncomment the %wheel line in sudoers and then add myself to that group. Hmmm, having looked at the Features guidelines I'm not sure if this warrants a feature page or not. It would only involve a change to the default sudoers file, and a change to firstboot to add the first user to the wheel group. Can someone from FESCo help out here? Should I make a feature page for this or not? Thanks, Rich -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On 14/06/09 16:07, Orcan Ogetbil wrote: snip However I agree with you that samba is always a pain to setup on new systems. I do not hate it, but I wish this had been made easier. Logging into X as root? I can't comment on this as I didn't ever feel the need to do that. I didn't know it was prevented by a Nazi force. They probably have a very good reason. Peace, Orcan Why not install ebox-platform. Frank -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Deltarpms for Rawhide?
On Sun, 14 Jun 2009 07:52:04 -0700, Jesse wrote: We are chasing a bug in the delta path that is making rawhide take over 24 hours to compose. For now, no deltas. Does the bug affect RPM Fusion, too? -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
The way it is done right now, you have a system that might give too few permissions to some users. If that causes a problem, you'll notice it, and you can correct it in a very simple way (uncomment one line and add a user to a group). However, if we change the default, you have a system that may be giving too much permissions to some users depending on your taste. And the worse part is that you (as an admin) might not even know it ! I think uncommenting the line by default would be OK as on the two F11 systems I have the only user in the wheel group is root. I had to manually add myself to wheel to get extra permissions. If you install the system, you know the root password, so you can use su to get a root prompt anyway. So I suppose it comes down to whether we should be adding users to the wheel group by default. I guess it could be a checkbox in firstboot... Allow this user to perform administrative tasks or something. Then administrators could choose whether or not to add the user to wheel. IMHO, stricter by default in such a case is better. It's easier to add permissions, open holes when you need them, rather than having to chase some opened-by-default holes you don't even know about. I agree, but if this were an option in firstboot I think it would be obvious. Rich -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Do we need split media CDs for F12?
On Sun, 2009-06-14 at 14:53 +, Robert 'Bob' Jensen wrote: I appreciate the clarification from you and Matt on the request. As you know Jesse my, and Unity's, goal has been for a while has been to get Fedora in to the hands of as many people as possible with the least amount of pain. That is why we make the Re-Spins, it was why we made the original Live media. I know and understand the extra man hours required to properly test all the different varieties of media. As I said Unity will produce CDs for those that need/want them should RE or whoever decides that it is impractical for Fedora Project to continue producing them. Another compromise I am sure that would work for us is if you produced them, handed them off to us for testing and distribution. My (mostly unfounded) worry is that Fedora Unity is reacting to requests without investigating the reasoning behind the request. Think of this as the Henry Ford problem. If all Henry Ford did was produce what his customers asked for, all we'd have right now is fast horses. What we need to be doing is investigating why these people think they need split CDs, to be certain that there is no other offering within the Fedora universe that satisfies their needs. Just producing it, somebody will download it, because they know no better, so having numbers that say somebody wanted it isn't enough in my book, and right now, I feel that the anaconda, qa, releng teams are being held hostage by Fedora Unity due to blanket claims of if Fedora Project does not produce them Fedora Unity will. Looking around the competition: Ubuntu - Live CD or DVD Mandriva - DVD, Live CD, or purchasable flash stick OpenSuSE - DVD, Live CD, or netinstall iso Gentoo - Single CD or Live image. Mostly set to network install Debian - 31 CDs or 5 DVDs Slackware - 6 CDs or a DVD So it seems only Debian and Slackware still dabble in split CDs, everyone else has moved on to either a Live image, or a minimal install iso that sets you up for network install. We have both of those, a plethora of Live images to choose from as well as a netinst.iso that sets you up for a network install, and we have our DVD image. Is that truly not enough? -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On Sun, 2009-06-14 at 15:59 +0100, Richard Fearn wrote: We have the wheel group which would fit the bill. Yeah, I always uncomment the %wheel line in sudoers and then add myself to that group. Hmmm, having looked at the Features guidelines I'm not sure if this warrants a feature page or not. It would only involve a change to the default sudoers file, and a change to firstboot to add the first user to the wheel group. Can someone from FESCo help out here? Should I make a feature page for this or not? Thanks, Rich You're going to be touching multiple packages, asking people to write code for you, and needing to change documentation and user expectations. I would warrant that this very much is a feature. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Do we need split media CDs for F12?
On Sun, 2009-06-14 at 03:30 -0500, King InuYasha wrote: A script that takes the DVD image to produce the CD versions would basically require extracting the whole DVD image and then generating new ISOs from that tree. Maybe mirrors could do it if you want to save space on the main server or whatever. That only serves to complicate matters for the users. Good chunks of our users have a hard enough time figuring out what to download, how to burn it, and how to install it. Adding in some weird script to take a DVD.iso file and split it into many smaller files isn't going to help matters, and certainly doesn't improve things for anaconda/qa/releng. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On Sun, Jun 14, 2009 at 05:10:14PM +0200, Mathieu Bridon (bochecha) wrote: However, if we change the default, you have a system that may be giving too much permissions to some users depending on your taste. And the worse part is that you (as an admin) might not even know it ! The semantics of the wheel group are pretty well defined. -- Matthew Garrett | mj...@srcf.ucam.org -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Fwd: google-gadgets
Original Message Subject: google-gadgets Date: Sun, 14 Jun 2009 16:28:52 +0200 From: Eric Tanguy eric.tan...@univ-nantes.fr Reply-To: Community assistance, encouragement, and advice for using Fedora. fedora-l...@redhat.com To: Community assistance, encouragement,and advice for using Fedora. fedora-l...@redhat.com Crash bug (#499139) seems to be open since a long time without any reaction and a new release (0.11) is out since May 31. Someone have news about this ? Thanks Eric -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Do we need split media CDs for F12?
On Sun, 14 Jun 2009 15:34:19 +, Jesse Keating jkeat...@redhat.com wrote: On Sun, 2009-06-14 at 14:53 +, Robert 'Bob' Jensen wrote: I appreciate the clarification from you and Matt on the request. As you know Jesse my, and Unity's, goal has been for a while has been to get Fedora in to the hands of as many people as possible with the least amount of pain. That is why we make the Re-Spins, it was why we made the original Live media. I know and understand the extra man hours required to properly test all the different varieties of media. As I said Unity will produce CDs for those that need/want them should RE or whoever decides that it is impractical for Fedora Project to continue producing them. Another compromise I am sure that would work for us is if you produced them, handed them off to us for testing and distribution. My (mostly unfounded) worry is that Fedora Unity is reacting to requests without investigating the reasoning behind the request. Think of this as the Henry Ford problem. If all Henry Ford did was produce what his customers asked for, all we'd have right now is fast horses. What we need to be doing is investigating why these people think they need split CDs, to be certain that there is no other offering within the Fedora universe that satisfies their needs. Just producing it, somebody will download it, because they know no better, so having numbers that say somebody wanted it isn't enough in my book, and right now, I feel that the anaconda, qa, releng teams are being held hostage by Fedora Unity due to blanket claims of if Fedora Project does not produce them Fedora Unity will. If Fedora Unity's motivation to continue a service to the community -at it's own expense, not yours- is holding you and the other teams hostage, call S.W.A.T. -Jeroen -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
Am Sonntag, den 14.06.2009, 17:10 +0200 schrieb Mathieu Bridon The way it is done right now, you have a system that might give too few permissions to some users. If that causes a problem, you'll notice it, and you can correct it in a very simple way (uncomment one line and add a user to a group). However, if we change the default, you have a system that may be giving too much permissions to some users depending on your taste. And the worse part is that you (as an admin) might not even know it ! IMHO, stricter by default in such a case is better. It's easier to add permissions, open holes when you need them, rather than having to chase some opened-by-default holes you don't even know about. Full ACK. Stricter by default is definitely better, changing on little line is not too hard. Charles Butterfield wrote: Samba (outbound) browsing requires firewall mods So, solving this is pretty easy, even for newbies. But I agree that the error message will not help someone without advanced knowledge. Although I think people running Samba generally will know where to look for the problem. signature.asc Description: Dies ist ein digital signierter Nachrichtenteil -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Do we need split media CDs for F12?
On Sun, 14 Jun 2009 08:37:41 -0700, Jesse Keating jkeat...@redhat.com wrote: On Sun, 2009-06-14 at 03:30 -0500, King InuYasha wrote: A script that takes the DVD image to produce the CD versions would basically require extracting the whole DVD image and then generating new ISOs from that tree. Maybe mirrors could do it if you want to save space on the main server or whatever. That only serves to complicate matters for the users. Good chunks of our users have a hard enough time figuring out what to download, how to burn it, and how to install it. Adding in some weird script to take a DVD.iso file and split it into many smaller files isn't going to help matters, and certainly doesn't improve things for anaconda/qa/releng. This to me sounds like there's two separate problems; 1) Users might not know what to download 2) We might put resources into something that isn't used as much as we would have hoped. I'm not sure whether one single solution is appropriate for both problems. I'm also not sure the numbers that Matt has are reflecting the actual foot-print of users that require CD media, as our numbers show things differently[1]. Regrettably, we have no numbers on the Jigdo releases. I know Matt's numbers are accurate, but put in context, isn't this only redirect links such as http://download.fedoraproject.org/pub/fedora/linux/releases/11/Fedora/iso/disc1.iso like shown on http://fedoraproject.org/get-fedora/ ? Are we not missing out on *a lot* of downloading users that navigate to their mirror of preference directly? For Fedora Unity, this is considered a service to those in the community that need it. It's most definitely not considered the most efficient balance between corporate resource investments and user satisfaction. Whether it be 3 or a million smiles we get in return for doing split media, I don't care. Split media will continue to exist anyway; I release split dual-layer DVD images with the Everything Spin. Whether as such Fedora Unity is putting the pressure on the people that would rather drop the split media, I don't know. All I'm saying is that if the Fedora Project won't, we will. We've been down that path before and we all know it's pretty painless[2]. If the Fedora Project considers to no longer release split CD media, would the Fedora Project then also consider allowing Fedora Unity (members) to continue servicing those that request or even require split CD media? If that is too much to ask from a anaconda/qa/releng perspective, would the Fedora Project maybe consider finally allowing those from Fedora Unity that do it anyway, to do it *via* the Fedora Project? Kind regards, Jeroen van Meeuwen -kanarip [1] http://spinner.fedoraunity.org:6969 [2] If not, please show me where it isn't. -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Do we need split media CDs for F12?
On Sun, 14 Jun 2009 14:58:36 + (UTC), Robert 'Bob' Jensen b...@fedoraunity.org wrote: - King InuYasha ngomp...@gmail.com wrote: A script that takes the DVD image to produce the CD versions would basically require extracting the whole DVD image and then generating new ISOs from that tree. Maybe mirrors could do it if you want to save space on the main server or whatever. I think Bradley was suggesting something that the user could use to create CDs from an expanded DVD. I believe that revisor can do this pretty easily for users that already have an existing Fedora or EL install, kanarip will be speaking up on this I hope now that he is home. Revisor can do this very easily, but it's a hidden feature (not exposed in the GUI, barely documented, blabla) It's called --reuse, which allows you to not rebuild the installer images, but instead reuse existing installer images. You would point it at a mounted DVD, configure a repository pointing to the DVD, and voila, you can do anything you like with it. This is what I use to create the Everything spins too; I just change the package payload, but do not change the installer images. Kind regards, Jeroen van Meeuwen -kanarip -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
The way it is done right now, you have a system that might give too few permissions to some users. If that causes a problem, you'll notice it, and you can correct it in a very simple way (uncomment one line and add a user to a group). However, if we change the default, you have a system that may be giving too much permissions to some users depending on your taste. And the worse part is that you (as an admin) might not even know it ! Bikeshed! Must be some weird stuff smoking admin who simply adds someone to the wheel group not knowing what that group was for! The purpose of the wheel group has always been to be used for more privileged users. http://en.wikipedia.org/wiki/Wheel_%28Unix_term%29 http://catb.org/~esr/jargon/html/W/wheel.html Did I say the contrary ? I don't think so, but being a non-native english speaker, I might have said something I didn't want to :) I didn't say the wheel group was a nonsense or a problem. I was responding to Richard who wanted the line to be uncommented (harmless per se) AND the first user to be added to the wheel group by default. Having the admin's user in the wheel group to be able to use sudo for administrative tasks is a great idea. I just don't think it should be added by default, without an explicit consent of the admin. For example, a « add to the wheel group » checkbox in system-config-users and firstboot could be great. Not sure it would be a good idea to have it checked and hidden by default. Regards, -- Mathieu Bridon (bochecha) -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On Sun, Jun 14, 2009 at 6:13 PM, Julian Aloofijulian.fedorali...@googlemail.com wrote: Am Sonntag, den 14.06.2009, 17:10 +0200 schrieb Mathieu Bridon Samba (outbound) browsing requires firewall mods So, solving this is pretty easy, even for newbies. But I agree that the error message will not help someone without advanced knowledge. Although I think people running Samba generally will know where to look for the problem. I doubt that -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
Charles Butterfield wrote: ... Does it help if more people (dis)agree? I will add my voice. - I like a root login option, especially when first setting up the system, as it is helpful to do things as root. I consciously choose to use root and realize that I MYSELF could be exposing MY OWN computer to risks. I ALWAYS uncomment %wheel in sudoers and add myself to the wheel group, but just to get to do this is sometimes difficult, as it gets constantly more awkward to even have the privileges to edit sudoers (fortunately, fedora is one of the more permissive distros with regard to editing sudoers). It is ESSENTIAL that a user be able to modify system settings on his OWN computer, if he chooses to do so. I fully support your outrage. Luckily, as a kde user, kdm has not been hit my the root nazi bug, so I am not hugely affected. - Since about fedora 10, selinux is working so well that I no longer need to disable it at all, which I used to have to do. I am able to do everything I need to do without problems and I appreciate the extra security it might provide to my system, and hence, to my data and online experience. It is easy to disable, too, simply by editing grub's kernel boot line or using the gui interface. I cannot support your rage, as it IS working well and is so easily disabled. -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On Sun, 14 Jun 2009, Lennart Poettering wrote: The way it is done right now, you have a system that might give too few permissions to some users. If that causes a problem, you'll notice it, and you can correct it in a very simple way (uncomment one line and add a user to a group). However, if we change the default, you have a system that may be giving too much permissions to some users depending on your taste. And the worse part is that you (as an admin) might not even know it ! Bikeshed! No. the bikeshed is about not agreeing on details and not starting work on the item. That's not the case here. Here the argument is that it *needs* to work. That said, I agree the wheel group should be enabled with sudo, though I disagree that the initial install user should be automatically added to it. But then again, I hate sudo :P I do most scripting that requires root access via root logins directly with ssh and keys. Paul -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
glibc malloc errors
hi, running libmicro[1] microbenchmarks, sometimes some of them broke for no reason. running them again with $ export MALLOC_CHECK_=1 I got. output: *** glibc detected *** bin/malloc: free(): invalid pointer: 0x01b16e80 *** *** glibc detected *** bin/malloc: free(): invalid pointer: 0x01b16a70 *** *** glibc detected *** bin/malloc: free(): invalid pointer: 0x01b16660 *** *** glibc detected *** bin/malloc: free(): invalid pointer: 0x01b176a0 *** *** glibc detected *** bin/malloc: free(): invalid pointer: 0x01b17ec0 *** dmesg: Jun 14 19:37:03 querida kernel: malloc[2745] general protection ip:3039e75951 sp:7fff41ce27f0 error:0 in libc-2.10.1.so[3039e0+164000] Jun 14 19:37:03 querida kernel: malloc[2744] trap divide error ip:402fa6 sp:7fff41ce2820 error:0 in malloc[40+6000] Something similar happens in openSUSE:Factory http://sourceware.org/ml/libc-alpha/2009-06/msg00052.html -thanks- regards, [1] http://opensolaris.org/os/project/libmicro/ -- «Allá muevan feroz guerra, ciegos reyes por un palmo más de tierra; que yo aquí tengo por mío cuanto abarca el mar bravío, a quien nadie impuso leyes. Y no hay playa, sea cualquiera, ni bandera de esplendor, que no sienta mi derecho y dé pecho a mi valor.» -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: FESCo meeting summary for 2009-06-12
On Sun, 14 Jun 2009 12:09:19 +0200 Thorsten Leemhuis fed...@leemhuis.info wrote: On 12.06.2009 20:54, Jon Stanley wrote: Here's the minutes and IRC log of today's FESCo meeting Minutes: http://www.scrye.com/~kevin/fedora/fedora-meeting/2009/fedora-meeting.2009-06-12-17.01.html Log: http://www.scrye.com/~kevin/fedora/fedora-meeting/2009/fedora-meeting.2009-06-12-17.01.log.html I actually must say that I don't like this log very much (and that is the diplomatic version), but well, it's better then nothing and maybe I got used to it. Could you expand on this? What part of it do you not like? How can we improve it? We have the source and the upstream maintainer has been very responsive so far, so hopefully we can enhance it to meet our needs. Note that it uses pygments to highlight the logs and it's IRC highlight is... minimal. There is a bug to enhance it, see: http://dev.pocoo.org/projects/pygments/ticket/341 and https://bugzilla.redhat.com/show_bug.cgi?id=504648 Is there a text version that could be cut'n'pasted in the mail? That way people can read them immediately and reply to certain parts easily. Sure, we can do that. Cu knurd kevin signature.asc Description: PGP signature -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On Sun, 2009-06-14 at 10:52 -0700, Arjan van de Ven wrote: On Sun, 14 Jun 2009 18:34:52 +0100 I think this is actually a problem that needs solving. We have several network services that are either installed by default or might be expected to be part of a standard setup, but which don't work because of the default firewall rules. The Anaconda people have (sensibly, IMHO) refused to simply add further exceptions to the firewall policy. there is an interesting issue; if you poke a hole in your firewall for all the ports that are listening automatically. you might as well not have a firewall in the first place... This is a chicken-and-egg problem. FWIW, I'd want my created normal user to be added to wheel automatically, and the useless firewall removed from the default desktop install. -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: glibc malloc errors
On 06/14/2009 08:17 PM, Xose Vazquez Perez wrote: running libmicro[1] microbenchmarks, sometimes some of them broke for no reason. Fedora 11 x86_64 (64-bit) -- «Allá muevan feroz guerra, ciegos reyes por un palmo más de tierra; que yo aquí tengo por mío cuanto abarca el mar bravío, a quien nadie impuso leyes. Y no hay playa, sea cualquiera, ni bandera de esplendor, que no sienta mi derecho y dé pecho a mi valor.» -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On Sun, 14 Jun 2009 15:59:58 +0100 Richard Fearn richardfe...@gmail.com wrote: We have the wheel group which would fit the bill. Yeah, I always uncomment the %wheel line in sudoers and then add myself to that group. Hmmm, having looked at the Features guidelines I'm not sure if this warrants a feature page or not. It would only involve a change to the default sudoers file, and a change to firstboot to add the first user to the wheel group. Can someone from FESCo help out here? Should I make a feature page for this or not? https://fedoraproject.org/wiki/Features/Policy/Definitions I think this would fall under several of the tests for it being a feature. Note however, making a feature page does not mean that this magically gets done. It would be up your YOU (or whoever else helps you) to get the work done, coordinate with package maintainers who are affected, etc. Basically a feature page says I am going to work on getting this done, not this would be nice, someone should do it. That said, if you are willing to work on it, great. :) Thanks, Rich kevin signature.asc Description: PGP signature -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
iptables/firewall brainstorming
On Sun, 14 Jun 2009 18:34:52 +0100 Matthew Garrett m...@redhat.com wrote: On Sun, Jun 14, 2009 at 06:13:51PM +0200, Julian Aloofi wrote: So, solving this is pretty easy, even for newbies. But I agree that the error message will not help someone without advanced knowledge. Although I think people running Samba generally will know where to look for the problem. I think this is actually a problem that needs solving. We have several network services that are either installed by default or might be expected to be part of a standard setup, but which don't work because of the default firewall rules. The Anaconda people have (sensibly, IMHO) refused to simply add further exceptions to the firewall policy. So, what should happen here? Should we leave the firewall enabled in these cases* by default and require admins to open them? If so, is there any way that we can make this easier in some Packagekit-oriented manner? If not, how should we define that packages indicate that they need ports opened? Should this be handled at install time or run time? * The case that I keep hitting is mDNS resolution, which requires opening a hole in the firewall I keep wondering if we couldn't come up with something like a /etc/iptables.d/ type setup somehow that would work for these cases. In the case of a package that does not need any configuration done and only needs a firewall rule to function, we could add a file in there to add it's rule. For cases of packages that DO need to be configured, add a file, but have it disabled/commented until the service is configured. This could be done by hand, or when someone runs a system-config-whatever and finishes configuring, the rules could be enabled by the tool as part of a 'make live' or 'activate' or something. If we had something like this, packages could ship their own /etc/iptables.d files. Just a thought. kevin signature.asc Description: PGP signature -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On Sun, Jun 14, 2009 at 1:05 PM, Paul Woutersp...@xelerance.com wrote: That said, I agree the wheel group should be enabled with sudo, though I disagree that the initial install user should be automatically added to it. Should sudo be treated in this case any differently than su? I think wheel should be either enabled by default in both or in neither. I'm happy with the status quo, in both cases the admin is required to remove one comment from the appropriate configuration file to enable it. I am strongly against the first user automatically being in the wheel group but if it were a checkbox that seems ok. Actually, I am strongly against the way Fedora forces the creation of the first user without allowing the admin to set the uid/gid of the user. That is a different annoying issue. John -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On Sun, Jun 14, 2009 at 20:08:31 +0200, Lennart Poettering mzerq...@0pointer.de wrote: enabled by default, like we currently do. If an application cannot be trusted then it should not be allowed to listen on a port by default in the first place. A firewall is an extra layer of security that simply hides the actual problem. The point of the firewall is to block connections to services that are only supposed to be connected from trusted locations. This may be things you are testing, don't intend to be running, don't bind to 127.0.0.1 instead of 0.0.0.0, even though they are intended to be accessed from the local machine, or services that you only want to accept connections from a white list of IP addresses. -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: iptables/firewall brainstorming
On Sun, Jun 14, 2009 at 12:30:41PM -0600, Kevin Fenzi wrote: On Sun, 14 Jun 2009 18:34:52 +0100 Matthew Garrett m...@redhat.com wrote: On Sun, Jun 14, 2009 at 06:13:51PM +0200, Julian Aloofi wrote: So, solving this is pretty easy, even for newbies. But I agree that the error message will not help someone without advanced knowledge. Although I think people running Samba generally will know where to look for the problem. I think this is actually a problem that needs solving. We have several network services that are either installed by default or might be expected to be part of a standard setup, but which don't work because of the default firewall rules. The Anaconda people have (sensibly, IMHO) refused to simply add further exceptions to the firewall policy. So, what should happen here? Should we leave the firewall enabled in these cases* by default and require admins to open them? If so, is there any way that we can make this easier in some Packagekit-oriented manner? If not, how should we define that packages indicate that they need ports opened? Should this be handled at install time or run time? * The case that I keep hitting is mDNS resolution, which requires opening a hole in the firewall For the case of mDNS resolution, we should create a nf_conntrack module to track outbound requests and allow the related replies back in. This case is identical to the Samba browsing case where we created nf_conntrack_netbios_ns [1]. We need a nf_conntrack_mdns too. I keep wondering if we couldn't come up with something like a /etc/iptables.d/ type setup somehow that would work for these cases. That might be a good idea for services, but for clients (Samba NetBIOS browsing, mDNS, other client-initiated broadcast/multicast-based browsing or discovery protocols) we should just unconditionally install and enable iptables conntrack modules to handle them by default [1] [2]. Clients should just work out-of-the-box without requiring any user configuration. [1] https://bugzilla.redhat.com/show_bug.cgi?id=113918 [2] https://bugzilla.redhat.com/show_bug.cgi?id=469884 -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On Sun, Jun 14, 2009 at 10:45:09AM -0400, Simo Sorce wrote: * Samba (outbound) browsing requires firewall mods I don't know how Samba works, so forgive me if I say obvious stupidity, but shouldn't *client* work even behind closed firewall (like with any other services like ssh, ftp, ...)? Isn't this a samba bug then? Samba as a client needs to listen for Netbios packets replies (UDP) to do browsing, so since F-10 (yes this is not something new in F-11) the firewall has strict rules and there is a samba client specific rule. ...which is broken in that it is too permissive, and in that it isn't enabled by default. We need to fix it so it only uses the conntrack module but doesn't open inbound ports, and also enable it in the default install. https://bugzilla.redhat.com/show_bug.cgi?id=469884 -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: iptables/firewall brainstorming
On Sun, 14.06.09 15:09, Chuck Anderson (c...@wpi.edu) wrote: I think this is actually a problem that needs solving. We have several network services that are either installed by default or might be expected to be part of a standard setup, but which don't work because of the default firewall rules. The Anaconda people have (sensibly, IMHO) refused to simply add further exceptions to the firewall policy. So, what should happen here? Should we leave the firewall enabled in these cases* by default and require admins to open them? If so, is there any way that we can make this easier in some Packagekit-oriented manner? If not, how should we define that packages indicate that they need ports opened? Should this be handled at install time or run time? * The case that I keep hitting is mDNS resolution, which requires opening a hole in the firewall For the case of mDNS resolution, we should create a nf_conntrack module to track outbound requests and allow the related replies back in. This case is identical to the Samba browsing case where we created nf_conntrack_netbios_ns [1]. We need a nf_conntrack_mdns too. No. Absolutely not. Firstly, mDNS is not a client/server protocol where you just send out a query and then wait for one response. Instead mDNS is about minimizing traffic by having an elaborate caching logic. And that logic is based on learning from other machine's queries, from gratuitious announcement and goodbye packets. mDNS is genuinly peer-to-peer and it needs the whole traffic that goes on the mdns multicast group on the local LAN segment. Secondly, connection tracking is not a magic wand. It creates almost as many problems as it solves. Lennart -- Lennart PoetteringRed Hat, Inc. lennart [at] poettering [dot] net http://0pointer.net/lennart/ GnuPG 0x1A015CC4 -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: (Most) Results from the Candidate Questionnaire are available now
Thorsten Leemhuis wrote: * some people dislike questions like do you prefer Gnome or KDE that are/should be mostly irrelevant for Fedora as whole and the position the candidate is nominated for It's pretty much relevant, we don't want GNOME bias all over the Fedora governing bodies. For some of us, the answer to that question was the one answer on which to base the decision whom to vote for. Kevin Kofler -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On 6/13/2009 10:19 PM, Charles Butterfield wrote: Okay, so I mostly love Fedora. However, here are 4 things that got by blood really, really boiling, so I thought I’d share my emotions. They are mostly policy issues, where I think you have gotten it very very wrong. Just installed F11 64 bit, here are the things I hate about it in the first 30 minutes (of course there are a lot of things I like too, but they work, these don't). No doubt more will crop up. * Root gdm login - gets harder every release - SHAME ON YOU root nazis! * Samba (outbound) browsing requires firewall mods * Jamming SELinux enforcing mode with no query during install And a bug: * My supported NVIDIA card (Quadro NVS 295) is not detected - okay this may not be due to overt, mulish arrogance, but I did check the supported card list and it is really annoying. The first 3 items are just freaking absurd and represent some sort of political agenda combined with astonishing arrogance. Is a graphical root login dangerous -- of course! So are a lot of things, which have obvious enable/disable controls. Was this this discussed in the release note? - NO. Should it be inhibited by an ever-increasing set of obscure work-arounds (in this case an new file to edit in F11)? Of course not. (Well as was pointed out to me in thread http://forums.fedoraforum.org/showthread.php?t=223793 this is discussed... but in non-highlighted text at the end of the boring last bullet suggesting you “save and close”). And why on earth show the stupid Windows Network if it doesn't work -- just gives an obscure error message Failed to retrieve share list from server. If you install the client, the reasonable man would open the ports, OR provide a cluefull error message. SELinux - enforcing So all the bugs are worked out? I think not. Regards -- Charlie Butterfield P.S. Here is a bit more context: Bob -- Thanks for the tip, I did NOT realize the developers didn't scan the forums. I have been using Fedora since FC2 (I think), and overall think its great, esp as a bleeding edge incubator for RHEL/CentOS. BUT there are some annoying trends occurring that finally pushed me over rant/no-rant threshold. Dan -- I like all manner of stuff, but what caused me to just wipe my CentOS 5.3 root partition and replace it with F11 was a desire to get the relatively new GNOME gvfs stuff -- so I can manipulate remote windows shares with any tool, not just GnomeVFS aware tools. On a higher level I am amazed and impressed by the creative outpouring from the various Open Source communities, although it is also a stark reminder of the fact that programmers hate, hate, hate documentation :-) This is an interesting debate that you all are having here. But has anyone, other than me that is, noticed the complete absence to the OP, Mr. Charlie Butterfield, after his original rants? Or would this be trolling? ;-) BTW. Great job on Fedora 11. -- David -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
2009/6/14 Richard Fearn richardfe...@gmail.com: # grep -n wheel /etc/sudoers 81:## Allows people in group wheel to run all commands 82:# %wheel ALL=(ALL) ALL 85:# %wheel ALL=(ALL) NOPASSWD: ALL All you have to do is uncomment one line ;) That's exactly what I do, followed by: $ usermod -a -G wheel rich But wouldn't it be nice if this line was uncommented by default, and firstboot added the first user to this group automatically? It might be nice, but unless we document that feature heavily and declare that 'first' user to be administrator with big warnings all over the place, some noob will still do something stupid. I don't mean stupid like 'i'm a noob and i don't know what i'm doing', but stupid like 'i didn't know firefox had a security vulnerability that used a hole in sudo to run stuff as root, because i was using some silly extension'. We would have to set up a user account that is a non root user with extra priveleges and constant warnings to the user that i really wonder what the advantage is to it. The best argument against all this nonsense is like this. User space programs are complex and there are many of them. Unless you have audited each bit that is going to be run as a privileged user, you should avoid runnning it as some privileged user. When you log in to a graphical desktop environment with lots of userspace programs, they should all be running on the least amount of privileges necessary and furthermore confined with SELinux where possible. Seriously, who wants to audit the entire GNOME or KDE codebase? There should never be a user that has more privileges and also running in a graphical environment. Ever. The only interesting debate i've heard is over two security models i'll call 'su' and 'sudo', for their recognized behavior. 'su' requires the root password, and 'sudo' requires your own password. Let me argue for one more model called 'sird'. 'sird' asks for a per user 'root' password. Each user has two passwords, one is an everyday password and one is for actions that require root access. Currently Fedora uses a mix of 'sudo' and 'su', and is inconsistent. Ubuntu relies only on 'sudo' for the most part, except for certain weird programs they haven't set up to do so, and then the experince is inconsistent. The security issue here though is how do we securely give 'sudo' and 'sird' like rights to users without violating the rule i stated above? With Fedora we require that you use the root password the first time. This way the user has to intelligently maintain that the specified account should be given more privileges. It's then on the user's head to violate the rule above. Ubuntu just gives sudo to the first user created, and since i haven't touched the brown since the beginning of 2007, i have no clue how much they alert the user to the possible security risks. If i can put my own 2 cents in what needs to be done here: Currently we implement this barrier to entry via the command line. Perhaps if we could leverage PolicyKit better so we can have an icon or control tool for the person who installs Fedora on the machine to use the root password to grant rights to other users. Then the administrator, aka the person responsible for instalation, could decide whether to use su, sudo, or sird style access. If you're wondering what 'sird' is, it's just an arbitrary name that sounds like third, because there would be a 'third' password. (Root = 1, User = 2, Sird = 3) -Yaakov -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
No bluetooth for PulseAudio nonbelievers
Hi fedorians, Having spent more than a day trying to get Skype working smoothly with PA, and failing (cranky sound, or 100% CPU usage). Now I know Skype is closed crap that is using deprecated apis and it along with flash should be sentenced to software hell, but at the end of the day I need to use it at work. So, what I ended up doing was to yum remove pulseaudio. Alsa software dmixing usually works fine for me. However, yum needed to remove gnome-bluetooth as it depends on PA! And it refuses to bring it back without PA!! duh! I want my bluetooth back, and I don't want PA. Nothing against PA, but it doesn't benefit me in anyway and only causes problems. Is this a case of rpm dependency abuse ? Regards -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
Le dimanche 14 juin 2009 à 20:08 +0200, Lennart Poettering a écrit : I still think that the current firewall situation on Fedora is pretty much broken. It's a bit like SELinux: it's one of the first features most people disable. For the people I know disabling the firewall is very low under disabling SELinux and (ahem) PulseAudio. At that point iptables is fairly solid and well understood and documented. -- Nicolas Mailhot signature.asc Description: Ceci est une partie de message numériquement signée -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: No bluetooth for PulseAudio nonbelievers
If you don't want to use gnome-bluetooth and how it integrates with all other software and automates things then don't use it. Nobody forces you. I didn't even mean using BT for any audio related tasks. I basically use BT to transfer files back and forth from my cell phone. And gnome-bluetooth is very good for that. Why is that functionality being removed from me ? Can't we have gnome-bluetooth-audio with this part only depending on PA ? so that I can keep the rest of gnome-bluetooth if I choose to remove PA ? Thanks Lennart, I really wish Skype would update their crap -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
Michael Fleming mflem...@thatfleminggent.com writes: With the likes of sudo / ConsoleKit / console-helper et. al you should never, ever need to run an extended session as root. Your day-to-day work can be done perfectly well as a standard non-privileged user, the applications that *need* root, especially in X, are hooked into consolehelper/ConsoleKit anyway and will prompt you for the root password in any case (when run as a regular user) That doesn't mean it's more secure that directly logging as root using e.g. ssh, tty or xterm. I won't argue about X desktop. A non-privileged account ceases to be non-privileged when you use it to become root. It may save you from incidental rm -rf /, but it creates a false feeling that the non-privileged account doesn't need the same level of protection as the root account needs. From a security standpoint, it's thus usually less secure that using root directly. Obviously one shouldn't use root account for non-admin tasks, sure. But it has nothing to do with security. If one has to perform many root tasks, there is nothing wrong in doing it in an extended root session. Having to type root password many times may only create an additional opportunity for a compromise. As a systems administrator I applaud this idea, as it stops people from shooting themselves in the foot That may be true. The same can probably be said about alias rm='rm -i' and so on. This is not security, however. -- Krzysztof Halasa -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
inode0 ino...@gmail.com writes: Actually, I am strongly against the way Fedora forces the creation of the first user without allowing the admin to set the uid/gid of the user. That is a different annoying issue. Hmm... Does it? I installed F11 (i386, with netinstall) recently and it didn't create normal accounts (nor asked). -- Krzysztof Halasa -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
I didn't say the wheel group was a nonsense or a problem. I was responding to Richard who wanted the line to be uncommented (harmless per se) AND the first user to be added to the wheel group by default. I've since changed my mind :-) For example, a « add to the wheel group » checkbox in system-config-users and firstboot could be great. That's a good idea. Not sure it would be a good idea to have it checked and hidden by default. Agreed. Rich -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On Sun, Jun 14, 2009 at 05:45:43PM +1000, Michael Fleming wrote: Ich bin ein secure user and you should be too. Logging in as root into X directly (or the console for that matter) is a *bad idea*. Erm, logging as root on the console is a bad idea? _You've_ obviously not got any machines running NIS or NFS-mounted /home :-) Rich. -- Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://et.redhat.com/~rjones/virt-top -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
Who says the first created user is root-equivalent? It wouldn't be root-equivalent. You have to explicitly use sudo, and enter your password when you do use it. It's not the same as a root prompt. In any case, I like Mathieu Bridon's idea of having a firstboot option. Rich -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
Dnia 2009-06-14, o godz. 22:12:47 Krzysztof Halasa k...@pm.waw.pl napisał(a): a false feeling that the non-privileged account doesn't need the same level of protection as the root account needs. The feeling isn't false - overtaking a root-run program is potentially more harmful to the system, other users and everyone in sight (root can harm the network, for example). Hence the root account does need more protection. I think you wanted to refer to false sense of safety that someone could derive from running unprivileged. This is a danger much less than giving any OS to any normal (non-technical) user. You need to educate users about all the risks that are left and NOT give them deadly weapons which they don't know how to use and presume they'll going to be scared of them for the rest of their lives (they're not). Lam signature.asc Description: PGP signature -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Do we need split media CDs for F12?
On Sun, 2009-06-14 at 17:54 +0200, Jeroen van Meeuwen wrote: If Fedora Unity's motivation to continue a service to the community -at it's own expense, not yours- is holding you and the other teams hostage, call S.W.A.T. If it was just Fedora Unity's expense that'd be one thing. But it's not. Upstream anaconda is still going to have to deal with split media bugs and code. Compose tools are still going to have to handle split media cases (createrepo being a notable one). QA is still going to have to test this install method or else be faced with scrambling to fix stuff when Fedora Unity goes to make them. I really don't mind making split media, if there is a real hard need for it. I wish that Fedora Unity would do the legwork to ensure there really is a need for split CDs that isn't being met by our other offerings before claiming that split CDs are a hard need. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Do we need split media CDs for F12?
On Sun, 2009-06-14 at 18:20 +0200, Jeroen van Meeuwen wrote: If the Fedora Project considers to no longer release split CD media, would the Fedora Project then also consider allowing Fedora Unity (members) to continue servicing those that request or even require split CD media? If that is too much to ask from a anaconda/qa/releng perspective, would the Fedora Project maybe consider finally allowing those from Fedora Unity that do it anyway, to do it *via* the Fedora Project? If there are those that require split media, I'd much prefer that we as a project produce and test the split media as part of our normal development cycle, and not do it as some after thought after it's too late to fix any problems found. However I'd like to see some evidence as to the requirement. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Do we need split media CDs for F12?
Once upon a time, Jesse Keating jkeat...@redhat.com said: If there are those that require split media, I'd much prefer that we as a project produce and test the split media as part of our normal development cycle, and not do it as some after thought after it's too late to fix any problems found. I agree with all of that. I just wanted to ask: have you considered just making split media for 32-bit x86? Is there really any demand for x86_64 and ppc split media? I know that wouldn't remove the anaconda support, but it would reduce some of the QA, time taken to build and distribute, disk space, etc. -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Fedora 11 Retrospective Happens Tuesday June 16, 2009 at 14:00 UTC (10 AM EDT)
Have you ever wanted to give your perspective on how well the Fedora development and release process works, but weren't sure where to do it? Now you have the perfect opportunity! For Fedora 11 we are having a project wide conference all to reflect on the good and not so good parts of the Fedora 11 development cycle. There are two ways to get involved: 1) Contact your team lead to see if you can attend as the additional person from your team -or- 2) Add your name to the list of lottery participants for a chance to be one of the five people randomly selected. But wait, there is more! We are extending the cut-off date for the lottery to Sunday. Here's a little tip between you and me... as of the time of this email your chances of wining are 100% (okay, not exactly, but right now nobody else is signed and if that doesn't change, then you are on easy street! ;-) Sign-up details are here: https://fedoraproject.org/wiki/Fedora_11_Retrospective#Lottery Hope to see you there, John ___ Fedora-devel-announce mailing list fedora-devel-annou...@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-announce -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
One week left for voting
There's approximately one week left to vote in the combined Fedora elections. To cast your vote, visit: https://admin.fedoraproject.org/voting For more information on the specific elections, visit this thread in the archives for the fedora-advisory-board list: https://www.redhat.com/archives/fedora-advisory-board/2009-June/msg00025.html Thanks for participating! -- Paul W. Frieldshttp://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug pgpYHDTpzfkcK.pgp Description: PGP signature ___ Fedora-devel-announce mailing list fedora-devel-annou...@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-announce-- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Breaking API for python-decorator in Fedora 11
I'm planning on updating the python-decorator package from 2.3.x to 3.0.x. This update breaks API in: 1) Some python-2.6 specific functionality 2) Some seldom used idioms. This update is necessary for python-repoze-what-pylons: https://bugzilla.redhat.com/show_bug.cgi?id=499486 a component of TurboGears2. Only three packages currently depend on it: python-fedora-0:0.3.12-1.fc11.noarch bodhi-server-0:0.5.19-1.fc11.noarch python-pylons-0:0.9.7-0.2.rc4.fc11.noarch We plan on checking that these work with the new decorator before pushing the update. If this update will cause a problem for you please reply to this message or comment on the python-repoze-what-pylons review. -Toshio signature.asc Description: OpenPGP digital signature ___ Fedora-devel-announce mailing list fedora-devel-annou...@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-announce-- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
Richard Fearn richardfe...@gmail.com writes: Who says the first created user is root-equivalent? It wouldn't be root-equivalent. You have to explicitly use sudo, and enter your password when you do use it. It's not the same as a root prompt. It is from a security person POV. If an attacker compromises your non-root account, and if you use sudo or whatever to switch to root then root as compromised as well, password or no password. You have to use a secure terminal and a secure path to the root session to be really secure. -- Krzysztof Halasa -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Do we need split media CDs for F12?
On Sun, Jun 14, 2009 at 9:47 AM, Jesse Keating jkeat...@j2solutions.netwrote: On Jun 14, 2009, at 1:30, King InuYasha ngomp...@gmail.com wrote: On Sat, Jun 13, 2009 at 11:38 PM, Bradley Baetz bba...@gmail.com bba...@gmail.com wrote: On 14/06/09 04:53, Robert 'Bob' Jensen wrote: - Frank Murphy frankl...@gmail.comfrankl...@gmail.com wrote: Just curious. But if a user has bandwidth problems, how is\are mutiple CD's going to help, or is it purely on hardware grounds, no dvd-rom. Does no one remember what happened last time the CD ball was dropped? Lets not repeat history just for fun. We have been down this road before, it was ugly and only lasted one release. Torrent tracker numbers BTW do not always tell the truth. In many cases in these less fortunate areas one person will download the ISO images, then make CDs for any one in the surrounding villages. Sneakernet is alive and well. I asked about this topic a few minutes ago in the #fedora-social IRC channel because we seemed to have a pretty diverse mix of people chatting. There was a resounding response that the CDs need to be kept. What about a script that takes the DVD image and produces CD .isos? That saves on mirror space, but still allows people who want/need CDs to make them. Although it would require (temporarily) 2-3 times the disk space for that process, I guess. Bradley A script that takes the DVD image to produce the CD versions would basically require extracting the whole DVD image and then generating new ISOs from that tree. Maybe mirrors could do it if you want to save space on the main server or whatever. Also, maybe we should support PXE/network booting the Live version from mirrors or whatever with the advent of netbooks and other computers without an optical drive. While doing it via USB is preferable, it is not always possible. For example I have a laptop with a completely damaged drive bay where the CD drive is and it does not support booting from USB devices. Being able to boot the Live distro from a network would be a great alternative. Why the live and not the normal install via pxe? -- Jes It's more useful, and its smaller. Being able to use the live version through a network would make it easier for remote or thin client setup, where you don't want the state of the OS to change in any form of permanence. For example, loading the live image without persistence to older machines and when client users are done and shutdown the machine, nothing is saved. No viruses, documents, personal information, etc. Additionally, diagnosing issues with machines using PXE live would be much nicer than using DOS disks or the Windows recovery console, which is practically useless. Or even diagnosing issues with installed versions of Linux or BSD. -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: bind-chroot in F11
Mike Cloaked wrote: In F11 the contents contain /var/named/chroot and within this directory are /dev containing file null, random and zero and /etc containing file localtime and nothing else. This is surely a packing error since the bind-chroot package should install the proper chrooted directory structure and install the correct basic files in them including a basic named.conf under /var/named/chroot/etc/ There appears not even to be a root cert file in the chroot. -- mike -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On Sun, Jun 14, 2009 at 6:45 AM, Simo Sorcesso...@redhat.com wrote: I haven't done a graphical root login in the past 10 years probably and on multiple distribution. Graphical root login is meaningless. Let me ask you a question as an example to better define the expectation on behavior that people have on what it means to administer a computer system. Can you run the thread audience through the steps on how you personally go about changing permissions on a root owned file or directory on a Fedora install to give write access to an admin user.. using nothing but graphical tools as installed by default in the Fedora Desktop? I honestly don't know how to do it. And I wouldn't think to do it that way. I'll reach for the commandline somewhere in the process whether it be to configure sudo or just doing the chmod under su. Nautilus exposes permissions for root owned files but I don't see an obvious hook that allows me to use existing authorization infrastructure to gain access to change those permissions as an admin user under nautilus. But for someone else...someone new who didn't waste time learning how to banner attack their classmates logged into the school's Vax system via a serial connection, someone who is installing a linux system for personal use and learning how to interact with that system and is basically their own admin...,they may instinctively reach for a graphical way to do stuff like file permissions manipulations. root login may realistically be the simplest way they know to gain access to graphical tools to perform simple operations that the user desktop does not allow. Its great that sudo exists and can be configured but how do you discover that tool as a new user doing a self-administered install? Nautilus is the obvious, intuitive for file management tasks, and if the only graphical way to get to a version of nautilus that can manipulate system files is to login as root..then it sort of makes sense that inexperienced users will attempt to do that..because its the logic of behavior the that graphical tool UI suggests. If there is an expectation that users can work with the graphical tools to do simple administrative tasks, I'm not sure enough thought has been put into how to self-consistently expose that functionality. -jef . -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On Sun, 14 Jun 2009, Lennart Poettering wrote: much broken. It's a bit like SELinux: it's one of the first features most people disable. False. Most people leave SELinux enabled, according to the smolt stats which have been collecting since the F8 era. Fedora is the only big distro that enables a firewall by default and thus creates a lot of trouble for many users. I think I mentioned that before, and I can only repeat it here: we should not ship a firewall enabled by default, like we currently do. If an application cannot be trusted then it should not be allowed to listen on a port by default in the first place. A firewall is an extra layer of security that simply hides the actual problem. The problem is that you never really know how trustworthy an application is. All software has bugs, and some of those will be exploitable. A significant purpose of firewalling and tighter security policy (e.g. SELinux MAC) is to help reduce the impact of bugs (and misconfiguration) when they occur. - James -- James Morris jmor...@namei.org -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On Mon, 15.06.09 09:15, James Morris (jmor...@namei.org) wrote: On Sun, 14 Jun 2009, Lennart Poettering wrote: much broken. It's a bit like SELinux: it's one of the first features most people disable. False. Most people leave SELinux enabled, according to the smolt stats which have been collecting since the F8 era. Are you speaking of the same smolt that lists es1371 as most popular sound card? i.e. a sound card that has been out of production since about 10 years now? Somehow I have serious doubts about the validity of the smolt data. Also, isn't the smolt data generated as part of the installation process, i.e. at a time where people haven't yet had the time to disable SELinux? Anyway, please don't think I was anti-SELinux, I am not. Just wanted to state what I observed. Lennart -- Lennart PoetteringRed Hat, Inc. lennart [at] poettering [dot] net http://0pointer.net/lennart/ GnuPG 0x1A015CC4 -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On Mon, 15 Jun 2009, Lennart Poettering wrote: Are you speaking of the same smolt that lists es1371 as most popular sound card? i.e. a sound card that has been out of production since about 10 years now? Somehow I have serious doubts about the validity of the smolt data. I've previously asked for specific sql queries to be run on the data (e.g. correlated with specific Fedora versions) and it seems the data for SELinux at least is reasonably accurate. The actual figure shown on the site is likely to be much lower than the real number of SELinux enabled systems, as it aggregates data from systems where no SELinux stats were being collected, and now from distros with no real SELinux support. Also, isn't the smolt data generated as part of the installation process, i.e. at a time where people haven't yet had the time to disable SELinux? Yes, that's a consideration -- those systems report back each month, so when there's a new release, the figures spike, and then drop off over time. They're still showing a signifcant majority of people leaving SELinux enabled. There's also the question of whether people who are not saying 'yes' to smolt reporting are likely to enable or disable SELinux. It could go either way. Anyway, please don't think I was anti-SELinux, I am not. Just wanted to state what I observed. Keep in mind that what you observe as a highly technical distro developer may be radically different to what happens elsewhere. - James -- James Morris jmor...@namei.org -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On Sun, Jun 14, 2009 at 3:36 PM, Lennart Poetteringmzerq...@0pointer.de wrote: Are you speaking of the same smolt that lists es1371 as most popular sound card? i.e. a sound card that has been out of production since about 10 years now? Somehow I have serious doubts about the validity of the smolt data. You might have found a bug in the tallying there in how cards are self-identifying product strings. You'll notice the same exact entry is listed twice in the Audio device table. Are cards using the ENS1371 driver misreporting their vendor/card version info? There are only 5 listings in the table for the ENS1371 driver. There are dozens listed for the Intel ICH driver. I bet if you totalled up counts by driver, things would look more sensible to you with intel being a reasonably large percentage of the drivers in use. Also, isn't the smolt data generated as part of the installation process, i.e. at a time where people haven't yet had the time to disable SELinux? smolt updates the info associated with a UUID via its service and cronjob configuration on a roughly monthly basis, unless someone disables the smolt service. -jef -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
That said, I agree the wheel group should be enabled with sudo, though I disagree that the initial install user should be automatically added to it. But then again, I hate sudo :P I do most scripting that requires root access via root logins directly with ssh and keys. i completely agree and do mostly the same; it would be a good idea (or at least, imho better than an option to add the user to wheel group) to have a generate dsa keypair and add to root authorized_keys checkbox during firstboot user creation. Then just ssh -X for your daily needed root tasks guido -- Guido Grazioli guido.grazi...@gmail.com Via Parri 11 48011 - Alfonsine (RA) Mobile: +39 347 1017202 (10-18) Key FP = 7040 F398 0DED A737 7337 DAE1 12DC A698 5E81 2278 Linked in: http://www.linkedin.com/in/guidograzioli -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On Sun, 14.06.09 16:11, Jeff Spaleta (jspal...@gmail.com) wrote: On Sun, Jun 14, 2009 at 3:36 PM, Lennart Poetteringmzerq...@0pointer.de wrote: Are you speaking of the same smolt that lists es1371 as most popular sound card? i.e. a sound card that has been out of production since about 10 years now? Somehow I have serious doubts about the validity of the smolt data. You might have found a bug in the tallying there in how cards are self-identifying product strings. ci devices identify them via numeric ids only, the strings come from the hwdata databases. You'll notice the same exact entry is listed twice in the Audio device table. Are cards using the ENS1371 driver misreporting their vendor/card version info? There are only 5 listings in the table for the ENS1371 driver. There are dozens listed for the Intel ICH driver. I bet if you totalled up counts by driver, things would look more sensible to you with intel being a reasonably large percentage of the drivers in use. It's not just that ens1371 is shown as unrealistically popular, it's also that it doesn't know a single HDA device. I mean, seriously... what will smolt claim next? that santa claus exists? To me it appears that the data shown on this smolt web thingy originates from /dev/random. Unrelated to this, it's fun to see what happens when one accesses http://smolt.fedoraproject.org/static/stats or a similar URL... ;-) Lennart -- Lennart PoetteringRed Hat, Inc. lennart [at] poettering [dot] net http://0pointer.net/lennart/ GnuPG 0x1A015CC4 -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On Sun, 2009-06-14 at 15:11 -0400, Chuck Anderson wrote: On Sun, Jun 14, 2009 at 10:45:09AM -0400, Simo Sorce wrote: * Samba (outbound) browsing requires firewall mods I don't know how Samba works, so forgive me if I say obvious stupidity, but shouldn't *client* work even behind closed firewall (like with any other services like ssh, ftp, ...)? Isn't this a samba bug then? Samba as a client needs to listen for Netbios packets replies (UDP) to do browsing, so since F-10 (yes this is not something new in F-11) the firewall has strict rules and there is a samba client specific rule. ...which is broken in that it is too permissive, and in that it isn't enabled by default. We need to fix it so it only uses the conntrack module but doesn't open inbound ports, and also enable it in the default install. Conntrack is useless you need to listen to unsolicited traffic. Also some old MS Oss always reply to port 137 even if the client source port is higher, conntrack would fail here too. https://bugzilla.redhat.com/show_bug.cgi?id=469884 If it were for me I'd close this as NOTABUG/INVALID/WONTFIX. Simo. -- Simo Sorce * Red Hat, Inc * New York -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: GDM Language list...
- Bill Nottingham nott...@redhat.com wrote: https://fedoraproject.org/wiki/Features/YumLangpackPlugin My one concern with this is that the conditional stuff is also used on the compose side when making LiveCDs, etc. We need to make sure that still works somehow. Right. (Though since F11 we have dropped all the lang-support groups from the default spins.) Thanks for bringing it up - I see the potential weakness: so would it be sufficient to ship the plugin by default then or would livecd-tools need to pull it in? Jens -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On Sun, 2009-06-14 at 14:23 -0800, Jeff Spaleta wrote: On Sun, Jun 14, 2009 at 6:45 AM, Simo Sorcesso...@redhat.com wrote: I haven't done a graphical root login in the past 10 years probably and on multiple distribution. Graphical root login is meaningless. Let me ask you a question as an example to better define the expectation on behavior that people have on what it means to administer a computer system. Can you run the thread audience through the steps on how you personally go about changing permissions on a root owned file or directory on a Fedora install to give write access to an admin user.. using nothing but graphical tools as installed by default in the Fedora Desktop? I honestly don't know how to do it. And I wouldn't think to do it that way. I'll reach for the commandline somewhere in the process whether it be to configure sudo or just doing the chmod under su. Nautilus exposes permissions for root owned files but I don't see an obvious hook that allows me to use existing authorization infrastructure to gain access to change those permissions as an admin user under nautilus. But for someone else...someone new who didn't waste time learning how to banner attack their classmates logged into the school's Vax system via a serial connection, someone who is installing a linux system for personal use and learning how to interact with that system and is basically their own admin...,they may instinctively reach for a graphical way to do stuff like file permissions manipulations. root login may realistically be the simplest way they know to gain access to graphical tools to perform simple operations that the user desktop does not allow. Its great that sudo exists and can be configured but how do you discover that tool as a new user doing a self-administered install? Nautilus is the obvious, intuitive for file management tasks, and if the only graphical way to get to a version of nautilus that can manipulate system files is to login as root..then it sort of makes sense that inexperienced users will attempt to do that..because its the logic of behavior the that graphical tool UI suggests. If there is an expectation that users can work with the graphical tools to do simple administrative tasks, I'm not sure enough thought has been put into how to self-consistently expose that functionality. You certainly have a point here Jeff. Simo. -- Simo Sorce * Red Hat, Inc * New York -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Do we need split media CDs for F12?
On Saturday, June 13 2009, Jussi Lehtola said: On Sat, 2009-06-13 at 11:12 -0500, Matt Domsch wrote: On Sat, Jun 13, 2009 at 07:04:12PM +0300, Jussi Lehtola wrote: Hmm, I'd want netboot.img back, since I normally use a USB stick to start the network install (OK, there is the possibility of using livecd-iso-to-disk, but that's a lot more hassle than downloading a minimalistic img and running dd). We have it, it's now called netinst.iso Yes but not netboot.img that could be dd'd straight away to a USB drive or whatnot; the iso needs livecd-iso-to-disk which a) is extra work and b) is only available on Fedora and Windows. [Also, the livecd tools need an own homepage so that users of other distros can get them.] We really need to finish the push in F12 to get liveusb-creator working for all cases (including command line) so that we can kick the silly shell script to the curb as liveusb-creator has its own homepage, etc. Also, I want to look a bit more at isohybrid to see if we can build iso images that can just be dd'd, at least for the case of boot.iso/netinst.iso Jeremy -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Do we need split media CDs for F12?
On Sunday, June 14 2009, King InuYasha said: Also, maybe we should support PXE/network booting the Live version from mirrors or whatever with the advent of netbooks and other computers without an optical drive. While doing it via USB is preferable, it is not always possible. For example I have a laptop with a completely damaged drive bay where the CD drive is and it does not support booting from USB devices. Being able to boot the Live distro from a network would be a great alternative. See the livecd-iso-to-pxeboot script, although it does place some (somewhat) different requirements on things. If we can get dracut in for F12, we might be able to be more clever with netboot + live images Jeremy -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: GDM Language list...
On Sunday, June 14 2009, Jens Petersen said: - Bill Nottingham nott...@redhat.com wrote: https://fedoraproject.org/wiki/Features/YumLangpackPlugin My one concern with this is that the conditional stuff is also used on the compose side when making LiveCDs, etc. We need to make sure that still works somehow. Right. (Though since F11 we have dropped all the lang-support groups from the default spins.) Thanks for bringing it up - I see the potential weakness: so would it be sufficient to ship the plugin by default then or would livecd-tools need to pull it in? livecd-tools doesn't use any plugins at present, so there'd be some work needed to ensure the right thing happened Jeremy -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On Mon, 15 Jun 2009, Lennart Poettering wrote: On Mon, 15.06.09 09:15, James Morris (jmor...@namei.org) wrote: On Sun, 14 Jun 2009, Lennart Poettering wrote: much broken. It's a bit like SELinux: it's one of the first features most people disable. False. Most people leave SELinux enabled, according to the smolt stats which have been collecting since the F8 era. Are you speaking of the same smolt that lists es1371 as most popular sound card? i.e. a sound card that has been out of production since about 10 years now? Somehow I have serious doubts about the validity of the smolt data. Based on actual data research or your gut? Also, isn't the smolt data generated as part of the installation process, i.e. at a time where people haven't yet had the time to disable SELinux? It updates monthly if you chose to send it in at install time. -Mike -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: What I HATE about F11
On Sun, 14 Jun 2009, Mike McGrath wrote: On Mon, 15 Jun 2009, Lennart Poettering wrote: On Mon, 15.06.09 09:15, James Morris (jmor...@namei.org) wrote: On Sun, 14 Jun 2009, Lennart Poettering wrote: much broken. It's a bit like SELinux: it's one of the first features most people disable. False. Most people leave SELinux enabled, according to the smolt stats which have been collecting since the F8 era. Are you speaking of the same smolt that lists es1371 as most popular sound card? i.e. a sound card that has been out of production since about 10 years now? Somehow I have serious doubts about the validity of the smolt data. Based on actual data research or your gut? Sidenote on this specific device, seems vmware emulates it so we should probably continue to support it :) -Mike -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Do we need split media CDs for F12?
Once upon a time, Jeremy Katz ka...@redhat.com said: See the livecd-iso-to-pxeboot script, although it does place some (somewhat) different requirements on things. AFAIK livecd-iso-to-pxeboot is useless for 32 bit, at least for the standard Fedora LiveCD images. I think the kernel will only use an initrd that is less than half the size of lowmem, or 448M. It would be useful to be able to export the root FS from a LiveCD via NFS, or maybe have an alternate initrd for PXE booting that could NFS mount the ISO image (and then the LiveCD root), or fetch the ISO into RAM via HTTP, or something along those lines. -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Why a multilib wrapper for non-multilib architectures?!
Rex Dieter wrote: Tom Lane wrote: Personally I don't use multilib wrappers on arches that don't need it; I think not needing extra cases in the wrapper header outweighs the added complexity in the specfile. But I'm not going to tell the gmp maintainer he's wrong for doing it the other way. +1 -- Rex Heh, so I have it both ways in my packages, xfsprogs does it only for (hand-defined) %{multilib_arches}, e2fsprogs does it for all, inherited via cut and paste. If someone who cared provided some nice rpm macros to work with, perhaps we'd easily have the best of both worlds. :) -Eric -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: ruby-sqlite3 conflicts with rubygem-sqlite3-ruby
Michael Schwendt wrote, at 06/15/2009 03:52 AM +9:00: https://bugzilla.redhat.com/472621 https://bugzilla.redhat.com/472622 Reported in Nov 2008. Is it really that difficult to fix it? Well, actually these two packages are _the same_ (currently versions of rpms on Fedora are different, however) The difference is that ruby-sqlite3 creates non-gem ruby module, while rubygem-sqlite3-ruby creates ruby gem. Curret ruby packaging guideline says that [1] Packaging for Gem and non-Gem use If the same Ruby library is to be packaged for use as a Gem and as a straight Ruby library without Gem support, it must be packaged as a Gem first. And we have the way and allow to create non-gem ruby module (rpm) packages as a subpackage of a package based on rubygem. So for this case ruby-sqlite3 srpm must be obsoleted by rubygem-sqlite3-ruby srpm and ruby-sqlite3 binary rpm should be created as the subpackage of rubygem-sqlite3-ruby. [1] https://fedoraproject.org/wiki/Packaging/Ruby#Packaging_for_Gem_and_non-Gem_use Regards, Mamoru -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Do we need split media CDs for F12?
On Sat, 2009-06-13 at 08:46 -0500, Matt Domsch wrote: (Reposting to f-d-l from my blog post last night. http://domsch.com/blog/?p=85 includes a couple nice graphs to help illustrate.) CDs are Dead. Long live CDs. I was running some stats on the Fedora 11 release, and an interesting thing caught my eye. Very few people are downloading the six (or in the case of PPC, seven) CDs to perform a Fedora install. Very Very few. In fact, at most, six people downloaded split media CDs using the Fedora mirror servers in the first few days. I find that hard to believe, unless you mean via. MirrorManager? I know I downloaded all six CD isos directly from the kernel.org mirror, within a few hours of GA. For previous releases I'd tended to use the torrent, to get them all, as it was somewhat easier (but slower). This in contrast to the over 234,000 direct downloads of DVDs and LiveCDs in the same amount of time. BitTorrent statistics are a little better for CDs: 908 completed downloads of the split media CDs, out of 41,235 total downloads (or ~2.2 %). These are believable, but I'd still put money on the fact that more than 2.2% of users use CDs ... one of my machines here is an x86_64 Dell box, about 2 years old. And only has a CD drive. Now, sure, I normally only burn CD 1 ... and then use an exploded http install for anaconda. So I could probably make DVD only work, but it's much easier to just get the CDs. I'm also pretty sure my current laptop is DVD RO, but CD RW. -- James Antill ja...@fedoraproject.org Fedora -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Do we need split media CDs for F12?
On Mon, Jun 15, 2009 at 01:09:52AM -0400, James Antill wrote: On Sat, 2009-06-13 at 08:46 -0500, Matt Domsch wrote: (Reposting to f-d-l from my blog post last night. http://domsch.com/blog/?p=85 includes a couple nice graphs to help illustrate.) CDs are Dead. Long live CDs. I was running some stats on the Fedora 11 release, and an interesting thing caught my eye. Very few people are downloading the six (or in the case of PPC, seven) CDs to perform a Fedora install. Very Very few. In fact, at most, six people downloaded split media CDs using the Fedora mirror servers in the first few days. I find that hard to believe, unless you mean via. MirrorManager? I know I downloaded all six CD isos directly from the kernel.org mirror, within a few hours of GA. For previous releases I'd tended to use the torrent, to get them all, as it was somewhat easier (but slower). Right, I have no way to get the stats from each individual mirror, public or private. This was just looking at the clicks through mirrors.fp.o/download.fp.o. This in contrast to the over 234,000 direct downloads of DVDs and LiveCDs in the same amount of time. BitTorrent statistics are a little better for CDs: 908 completed downloads of the split media CDs, out of 41,235 total downloads (or ~2.2 %). These are believable, but I'd still put money on the fact that more than 2.2% of users use CDs ... one of my machines here is an x86_64 Dell box, about 2 years old. And only has a CD drive. Now, sure, I normally only burn CD 1 ... and then use an exploded http install for anaconda. So I could probably make DVD only work, but it's much easier to just get the CDs. In this case, the netinst.iso (157MB) would suffice, right? No one is proposing removing that. I'm not saying get rid of all CDs. Clearly the netinst.iso and LiveCDs would remain under any circumstance. -- Matt Domsch Technology Strategist, Dell Office of the CTO linux.dell.com www.dell.com/linux -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Do we need split media CDs for F12?
On Mon, 2009-06-15 at 00:24 -0500, Matt Domsch wrote: On Mon, Jun 15, 2009 at 01:09:52AM -0400, James Antill wrote: On Sat, 2009-06-13 at 08:46 -0500, Matt Domsch wrote: (Reposting to f-d-l from my blog post last night. http://domsch.com/blog/?p=85 includes a couple nice graphs to help illustrate.) These are believable, but I'd still put money on the fact that more than 2.2% of users use CDs ... one of my machines here is an x86_64 Dell box, about 2 years old. And only has a CD drive. Now, sure, I normally only burn CD 1 ... and then use an exploded http install for anaconda. So I could probably make DVD only work, but it's much easier to just get the CDs. In this case, the netinst.iso (157MB) would suffice, right? No one is proposing removing that. Actually, your idea is perfect. For almost all cases I can come up with, the netinst disk is fine (and, incidentally, it's all I use other than the DVD install images anyway - especially within VMs). The only counterpoint I came up with was that of folks in parts of the world who don't have access to modern hardware and don't have broadband. You might argue they could be supplied with CDs, but that presupposes that they actually will be, vs. getting Fedora via a Live CD or something else. I think the latter is far more likely now. I'm not saying get rid of all CDs. Clearly the netinst.iso and LiveCDs would remain under any circumstance. +1 Jon. -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Do we need split media CDs for F12?
On 06/15/2009 11:15 AM, Jon Masters wrote: The only counterpoint I came up with was that of folks in parts of the world who don't have access to modern hardware and don't have broadband. Yes but they prefer Live CD or regular DVD images usually. Magazines tend to distribute DVD image. Conferences - Live CD's. Rahul -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
[Bug 505911] New: Intel 3945abg wireless bandwidth
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. Summary: Intel 3945abg wireless bandwidth https://bugzilla.redhat.com/show_bug.cgi?id=505911 Summary: Intel 3945abg wireless bandwidth Product: Fedora Version: 11 Platform: All OS/Version: Linux Status: NEW Severity: urgent Priority: low Component: artwiz-aleczapka-fonts AssignedTo: tcall...@redhat.com ReportedBy: m...@matt7.info QAContact: extras...@fedoraproject.org CC: tcall...@redhat.com, andreas.bierf...@lowlatency.de, fedora-fonts-bugs-list@redhat.com Classification: Fedora Description of problem: bandwith limited to around 1mb/s on intel wireless 3945abg card in fedora 11. Version-Release number of selected component (if applicable): How reproducible: every time Steps to Reproduce: 1. boot fedora 11 with an intel 3945abc wireless card 2. 3. Actual results: Expected results: Additional info: tested on dell xps m1530 laptop inspiron 9400 laptop. problem not present in fedora 10/xp triboot on same laptops. on intital connection to the wireless network all bandwidth is availble for a few minutes before it gets limited. issue is present in some versions of other distros maybe something kernel/driver related breaking? -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-fonts-bugs-list mailing list Fedora-fonts-bugs-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-fonts-bugs-list
[Bug 505911] Intel 3945abg wireless bandwidth
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=505911 Matt m...@matt7.info changed: What|Removed |Added CC||matth...@rpmforge.net Component|artwiz-aleczapka-fonts |iwl3945-firmware -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-fonts-bugs-list mailing list Fedora-fonts-bugs-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-fonts-bugs-list
[Bug 495399] Review Request: NotCourier-Sans-sfd-fonts - NotCourier Sans is a re-interpretation of Nimbus Mono.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=495399 --- Comment #5 from Ankur Sinha sanjay.an...@gmail.com 2009-06-14 13:45:19 EDT --- hi, redone.. http://ankursinha.fedorapeople.org/ofl-notcouriersans-fonts/ofl-notcouriersans-fonts-1.1-1.fc12.src.rpm http://ankursinha.fedorapeople.org/ofl-notcouriersans-fonts/ofl-notcouriersans-fonts.spec all results from the mock build are at: http://ankursinha.fedorapeople.org/ofl-notcouriersans-fonts/ regards, Ankur -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-fonts-bugs-list mailing list Fedora-fonts-bugs-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-fonts-bugs-list
rpms/lcdf-typetools/F-11 .cvsignore, 1.6, 1.7 lcdf-typetools.spec, 1.7, 1.8 sources, 1.6, 1.7
Author: pnemade Update of /cvs/pkgs/rpms/lcdf-typetools/F-11 In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29286 Added Files: .cvsignore lcdf-typetools.spec sources Log Message: - Initial release for F-11 Index: .cvsignore === RCS file: .cvsignore diff -N .cvsignore --- /dev/null 1 Jan 1970 00:00:00 - +++ .cvsignore 15 Jun 2009 05:10:35 - 1.7 @@ -0,0 +1 @@ +lcdf-typetools-2.78.tar.gz Index: lcdf-typetools.spec === RCS file: lcdf-typetools.spec diff -N lcdf-typetools.spec --- /dev/null 1 Jan 1970 00:00:00 - +++ lcdf-typetools.spec 15 Jun 2009 05:10:35 - 1.8 @@ -0,0 +1,57 @@ +Name: lcdf-typetools +Version: 2.78 +Release: 1%{?dist} +Summary: Tools for manipulating OpenType fonts +Group: User Interface/X +License: GPLv2+ +URL: http://www.lcdf.org +Source0: http://www.lcdf.org/type/%{name}-%{version}.tar.gz +BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XX) + +BuildRequires: kpathsea-devel + +%description +The LCDF Typetools package contains several programs for manipulating +PostScript Type 1, Type 1 multiple master, and PostScript-flavored OpenType +fonts. LCDF Typetools includes the mmafm and mmpfb programs, which were +formerly distributed as part of a different package (mminstance) + +%prep +%setup -q + + +%build +%configure +make CFLAGS=%{optflags} %{?_smp_mflags} + + +%install +rm -rf %{buildroot} +make install DESTDIR=%{buildroot} INSTALL=install -p + +%clean +rm -rf %{buildroot} + + +%files +%defattr(-,root,root,-) +%doc COPYING NEWS ONEWS README +%{_bindir}/cfftot1 +%{_bindir}/mmafm +%{_bindir}/mmpfb +%{_bindir}/otfinfo +%{_bindir}/otftotfm +%{_bindir}/t1dotlessj +%{_bindir}/t1lint +%{_bindir}/t1reencode +%{_bindir}/t1testpage +%{_bindir}/ttftotype42 +%{_bindir}/t1rawafm +%{_mandir}/man*/* +%{_datadir}/lcdf-typetools + +%changelog +* Thu May 21 2009 Parag Nemade pnemade AT redhat.com- 2.78-1 +- Initial specfile for Fedora + + Index: sources === RCS file: sources diff -N sources --- /dev/null 1 Jan 1970 00:00:00 - +++ sources 15 Jun 2009 05:10:35 - 1.7 @@ -0,0 +1 @@ +88418a4aca055f9911f7bb9035491feb lcdf-typetools-2.78.tar.gz ___ Fedora-fonts-bugs-list mailing list Fedora-fonts-bugs-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-fonts-bugs-list
rpms/lcdf-typetools/F-10 .cvsignore, 1.6, 1.7 Makefile, 1.2, 1.3 lcdf-typetools.spec, 1.7, 1.8 sources, 1.6, 1.7 branch, 1.1, 1.2
Author: pnemade Update of /cvs/pkgs/rpms/lcdf-typetools/F-10 In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv468 Modified Files: branch Added Files: .cvsignore Makefile lcdf-typetools.spec sources Log Message: - Initial release for F-10 Index: .cvsignore === RCS file: .cvsignore diff -N .cvsignore --- /dev/null 1 Jan 1970 00:00:00 - +++ .cvsignore 15 Jun 2009 05:21:58 - 1.7 @@ -0,0 +1 @@ +lcdf-typetools-2.78.tar.gz Index: Makefile === RCS file: Makefile diff -N Makefile --- /dev/null 1 Jan 1970 00:00:00 - +++ Makefile15 Jun 2009 05:21:58 - 1.3 @@ -0,0 +1,21 @@ +# Makefile for source rpm: lcdf-typetools +# $Id$ +NAME := lcdf-typetools +SPECFILE = $(firstword $(wildcard *.spec)) + +define find-makefile-common +for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo $$d/Makefile.common ; break ; fi ; done +endef + +MAKEFILE_COMMON := $(shell $(find-makefile-common)) + +ifeq ($(MAKEFILE_COMMON),) +# attept a checkout +define checkout-makefile-common +test -f CVS/Root { cvs -Q -d $$(cat CVS/Root) checkout common echo common/Makefile.common ; } || { echo ERROR: I can't figure out how to checkout the 'common' module. ; exit -1 ; } 2 +endef + +MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) +endif + +include $(MAKEFILE_COMMON) Index: lcdf-typetools.spec === RCS file: lcdf-typetools.spec diff -N lcdf-typetools.spec --- /dev/null 1 Jan 1970 00:00:00 - +++ lcdf-typetools.spec 15 Jun 2009 05:21:59 - 1.8 @@ -0,0 +1,57 @@ +Name: lcdf-typetools +Version: 2.78 +Release: 1%{?dist} +Summary: Tools for manipulating OpenType fonts +Group: User Interface/X +License: GPLv2+ +URL: http://www.lcdf.org +Source0: http://www.lcdf.org/type/%{name}-%{version}.tar.gz +BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XX) + +BuildRequires: kpathsea-devel + +%description +The LCDF Typetools package contains several programs for manipulating +PostScript Type 1, Type 1 multiple master, and PostScript-flavored OpenType +fonts. LCDF Typetools includes the mmafm and mmpfb programs, which were +formerly distributed as part of a different package (mminstance) + +%prep +%setup -q + + +%build +%configure +make CFLAGS=%{optflags} %{?_smp_mflags} + + +%install +rm -rf %{buildroot} +make install DESTDIR=%{buildroot} INSTALL=install -p + +%clean +rm -rf %{buildroot} + + +%files +%defattr(-,root,root,-) +%doc COPYING NEWS ONEWS README +%{_bindir}/cfftot1 +%{_bindir}/mmafm +%{_bindir}/mmpfb +%{_bindir}/otfinfo +%{_bindir}/otftotfm +%{_bindir}/t1dotlessj +%{_bindir}/t1lint +%{_bindir}/t1reencode +%{_bindir}/t1testpage +%{_bindir}/ttftotype42 +%{_bindir}/t1rawafm +%{_mandir}/man*/* +%{_datadir}/lcdf-typetools + +%changelog +* Thu May 21 2009 Parag Nemade pnemade AT redhat.com- 2.78-1 +- Initial specfile for Fedora + + Index: sources === RCS file: sources diff -N sources --- /dev/null 1 Jan 1970 00:00:00 - +++ sources 15 Jun 2009 05:21:59 - 1.7 @@ -0,0 +1 @@ +88418a4aca055f9911f7bb9035491feb lcdf-typetools-2.78.tar.gz Index: branch === RCS file: /cvs/pkgs/rpms/lcdf-typetools/F-10/branch,v retrieving revision 1.1 retrieving revision 1.2 diff -u -p -r1.1 -r1.2 --- branch 11 Jun 2009 07:57:57 - 1.1 +++ branch 15 Jun 2009 05:21:59 - 1.2 @@ -1 +1 @@ -F-10 +F-11 ___ Fedora-fonts-bugs-list mailing list Fedora-fonts-bugs-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-fonts-bugs-list
[Bug 501854] Review Request: lcdf-typetools - The LCDF Typetools for manipulating OpenType fonts
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=501854 --- Comment #6 from Fedora Update System upda...@fedoraproject.org 2009-06-15 01:54:14 EDT --- lcdf-typetools-2.78-1.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/lcdf-typetools-2.78-1.fc10 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-fonts-bugs-list mailing list Fedora-fonts-bugs-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-fonts-bugs-list
[Bug 501854] Review Request: lcdf-typetools - The LCDF Typetools for manipulating OpenType fonts
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=501854 --- Comment #5 from Fedora Update System upda...@fedoraproject.org 2009-06-15 01:53:23 EDT --- lcdf-typetools-2.78-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/lcdf-typetools-2.78-1.fc11 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-fonts-bugs-list mailing list Fedora-fonts-bugs-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-fonts-bugs-list
PackageDB release candidate testing
If anyone would like to test the PackageDB release for Monday, I now have a release candidate running in the staging environment and packages built for cvsadmins to install and test the admin client. The web interface is here: https://admin.stg.fedoraproject.org/pkgdb Client software for Fedora is built in koji: python-fedora-0.3.13.1 for Fedora: https://koji.fedoraproject.org/koji/packageinfo?packageID=5050 EPEL-5 python-fedora: http://buildsys.fedoraproject.org/plague-results/fedora-5-epel/python-fedora/0.3.13.1-1.el5/ Fedora PackageDB Client Packages are being built in koji. When done, you should be able to download the client packages from: F-12 http://koji.fedoraproject.org/koji/taskinfo?taskID=1413140 F-11 http://koji.fedoraproject.org/koji/taskinfo?taskID=1413141 F-10 http://koji.fedoraproject.org/koji/taskinfo?taskID=1413142 F-9 http://koji.fedoraproject.org/koji/taskinfo?taskID=1413143 For EL-5 fedora-packagedb, please get the packages from: http://toshio.fedorapeople.org/pkgdb/ -Toshio signature.asc Description: OpenPGP digital signature ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Sysadmin-hosted
Hey guys, there's a number of sysadmin-hosted requests outstanding, anyone want to take care of those? -Mike ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Sysadmin-hosted
On Sun, Jun 14, 2009 at 12:12 PM, Mike McGrathmmcgr...@redhat.com wrote: Hey guys, there's a number of sysadmin-hosted requests outstanding, anyone want to take care of those? I will be ready by Thursday afternoon to start taking things on. If a couple could be left out.. I will do them then to start getting into the groove. -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. The Merchant of Venice ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Sysadmin-hosted
On Sun, Jun 14, 2009 at 8:12 PM, Mike McGrathmmcgr...@redhat.com wrote: Hey guys, there's a number of sysadmin-hosted requests outstanding, anyone want to take care of those? I can have time for this, but not in this group. Do you guys have enough members to take care of ? -- Xavier.t Lamien -- http://fedoraproject.org/wiki/XavierLamien GPG-Key ID: F3903DEB Fingerprint: 0F2A 7A17 0F1B 82EE FCBF 1F51 76B7 A28D F390 3DEB ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list