On 12/05/2013 03:25 AM, mrnuke wrote:
On 12/04/2013 12:10 PM, Brendan Jones wrote:
This is just a pain. Can someone explain to me why this is good?
Good or not, this is not the right question to ask.
* Is this necessarry, and are the benefits worth the pains? *
This change is Sofa King st
On Fri, 06 Dec, 2013 at 01:21:20 GMT, Kevin Kofler wrote:
> a printf wrapper for logging which adds a timestamp in front of the
> format string.
Use the printf attribute on the function to fix this. See stalonetray's
patch[1]. It can't be done portably with a macro (you need ##
__VA_ARGS__ for tha
On 12/05/2013 11:38 AM, Michael scherer wrote:
> On Wed, Dec 04, 2013 at 08:25:54PM -0600, mrnuke wrote:
>>
>> This change is Sofa King stupid. Why couldn't we have just enabled the
>> warning without turning it into an error, THEN let packagers work with
>> upstream in fixing those warnings? Regul
Jan Lieskovsky wrote:
> I think the point of turning the warning into explicit error is to
> intentionally make the package / source build failing to indicate there's
> an error present somewhere in the code and that it should be fixed.
But in many cases there actually ISN'T any error to begin wit
On 12/05/2013 09:41 AM, Florian Weimer wrote:
> For the current stage (filing bugs for known failures), it does not make
> much of a difference how the data is obtained about future build
> failures. Filing bugs seems reasonable for tracking purposes.
>
The FESCO ticket is about enabling -Werror=
Michael scherer wrote:
> Let's rather ask the contrary, why is this so much a issue to communicate
> with upstream to fix things, and add patches ?
The vast majority of those warnings are actually false positives, not actual
security issues. Putting my upstream hat on, if asked to "fix" such a fa
Let me reproduce here for a wider audience my comments I have just posted in
the FESCo ticket:
IMHO, turning this warning into an error is a horribly flawed idea. It just
has way too many false positives. For example, here's the snippet it
complains about in Qt 3:
QString line;
line.fi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,
Final TC5 images have been uploaded to EC2 and are available at
ami-f9755890 : us-east-1 image for i386
ami-1d7a5774 : us-east-1 image for x86_64
additionally if your looking to the AMI's they have been added to files
in the release tree
ht
Agenda:
- More on package dep/builddep analysis + potential action items/tasks
(see discussion last week)
- Review latest WGs planing and PRD state and impacts on Base
- Open Floor
Please send any other topics as usual to the list and/or bring them up
at the start of the meeting.
See you
On Mon, Nov 4, 2013 at 10:46 AM, Toshio Kuratomi wrote:
> I'd like to drop the
> backwards compatibility Provides (and Obsoletes) from the python-setuptools
> package. However, there are currently 166 packages BuildRequire'ing
> python-setuptools-devel.
there's still 151 packages BuildRequirein
Hi,
there are some packages retired in EPEL 5 that are not yet blocked in
dist-5E-epel:
django-flash
dkim-milter
fpaste-server
linpack
osc
perl-Bio-SamTools
perl-qpid
pypolicyd-spf
python-dateutil
python-qpid
qpid-cpp
rawdog
spacewalk-admin
spacewalk-web
wordpress-mu-plugin-defaults
osc and rawd
NOTE: The 64-bit Desktop Live is over its size limit.
As per the Fedora 20 schedule [1], Fedora 20 Final Test Compose 5 (TC5)
is now available for testing. Content information, including changes,
can be found at https://fedorahosted.org/rel-eng/ticket/5808#comment:13
. Please see the following pag
On Thu, Dec 05, 2013 at 07:11:19PM +0100, Ralf Corsepius wrote:
> Sure, there are some serious cases, but ... there are many more
> further spread issues in C/C++-sources which people have been
> ignoring ever since Fedora and RH Linux distros exist.
>
> IMO, -Wformat-security is almost negibile
On Wed, Dec 04, 2013 at 11:56:23PM +0100, Brendan Jones wrote:
> Patching is not a problem. Unnecessary is the question. Explain to
> me (not you in particular Rahul) how these printf's can possibly be
> exploited?
To expand on my earlier mail: the printf usage in hydrogen is definitely
horribly w
- Original Message -
> On Wed, Dec 04, 2013 at 05:11:16PM -0600, Ian Pilcher wrote:
> > On 12/04/2013 04:56 PM, Brendan Jones wrote:
> > > Patching is not a problem. Unnecessary is the question. Explain to me
> > > (not you in particular Rahul) how these printf's can possibly be
> > > explo
commit 815a4fb975090772b3c74552e3b8d8a93272a3b7
Author: Bill Pemberton
Date: Thu Dec 5 13:59:15 2013 -0500
Update to version 0.809
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-de...@lists.fedoraproject.org
https://admin.fedoraproj
Today at Go/No-Go meeting it was decided to slip Fedora 20 Final release
by one week due to unresolved blocker bugs [1] not being fixed and no RC
available by the time of the meeting . The new GA date is now Dec 17.
You can find more details in meeting minutes [2].
The next Go/No-Go meeting is on
- Original Message -
> From: "Ralf Corsepius"
> To: devel@lists.fedoraproject.org
> Sent: Thursday, December 5, 2013 7:11:19 PM
> Subject: Re: FTBFS if "-Werror=format-security" flag is used
>
> On 12/05/2013 06:38 PM, Michael scherer wrote:
> > On Wed, Dec 04, 2013 at 08:25:54PM -0600, m
On Wed, Dec 04, 2013 at 11:56:23PM +0100, Brendan Jones wrote:
> Patching is not a problem. Unnecessary is the question. Explain to
> me (not you in particular Rahul) how these printf's can possibly be
> exploited?
Uhm, I just took a look at the hydrogen source. The problem with it is
that it's no
On 12/05/2013 06:38 PM, Michael scherer wrote:
On Wed, Dec 04, 2013 at 08:25:54PM -0600, mrnuke wrote:
On 12/04/2013 12:10 PM, Brendan Jones wrote:
This is just a pain. Can someone explain to me why this is good?
Good or not, this is not the right question to ask.
* Is this necessarry, an
On Wed, Dec 04, 2013 at 10:09:43PM +0100, devzero2000 wrote:
> Interesting, for me almost, that many refs are from debian/ubuntu world.
Well, that's the convenience of being late to the party. The majority of
the work was already done by other distros and we can build upon that.
In other cases Fe
On Wed, Dec 04, 2013 at 08:25:54PM -0600, mrnuke wrote:
> On 12/04/2013 12:10 PM, Brendan Jones wrote:
> >
> > This is just a pain. Can someone explain to me why this is good?
> >
> Good or not, this is not the right question to ask.
>
> * Is this necessarry, and are the benefits worth the pain
On Wed, Dec 4, 2013 at 7:29 PM, Daniel P. Berrange wrote:
> On Wed, Dec 04, 2013 at 07:10:39PM +0100, Brendan Jones wrote:
>>
>> This is just a pain. Can someone explain to me why this is good?
>
> If you read the bug description you'll see the link which
> answers your question.
>
> https://fed
Michael Schwendt wrote:
> qt5-qtjsbackend
> obsoleted by: qt5-qtdeclarative
retired, thanks.
-- rex
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
On 12/05/2013 03:25 AM, mrnuke wrote:
On 12/04/2013 12:10 PM, Brendan Jones wrote:
This is just a pain. Can someone explain to me why this is good?
Good or not, this is not the right question to ask.
* Is this necessarry, and are the benefits worth the pains? *
This change is Sofa King st
On Thu, 5 Dec 2013 13:23:02 +, Richard W.M. Jones wrote:
> Now I can see that this shouldn't affect any packages that I own.
The original post said "End of August I've opened tickets ...", so if no
such ticket has been opened for any of your packages, you are not
affected. Simple as that.
>
- Original Message -
> From: "mrnuke"
> To: devel@lists.fedoraproject.org
> Sent: Thursday, December 5, 2013 3:37:14 PM
> Subject: Re: FTBFS if "-Werror=format-security" flag is used
>
> On 12/05/2013 07:38 AM, Ralf Corsepius wrote:
> > As I see it, GCC's -Wformat-security is too unreliab
Hi,
I'll update suitesparse to 4.2.1 in Rawhide[1] soon. Because the new
version breaks ABI in libcholmod (new struct member out smack middle
into the struct :() we'll stay on 4.0.2 up to Fedora 20.
Here's the list of packages depending on suitesparse somehow[2] and
their (co)maintainers:
rathan
On 12/05/2013 07:38 AM, Ralf Corsepius wrote:
> As I see it, GCC's -Wformat-security is too unreliable to be used in
> production. It certainly diagnoses valid security leaks in some cases,
> but all it does in other cases is to enforce stylishness to work outs
> GCC's limitations. I.e. in these ca
On 12/05/2013 02:15 PM, Florian Weimer wrote:
On 12/05/2013 11:00 AM, Ralf Corsepius wrote:
On 12/05/2013 10:26 AM, Björn Persson wrote:
Brendan Jones wrote:
Patching is not a problem. Unnecessary is the question. Explain to me
(not you in particular Rahul) how these printf's can possibly be
e
On Thu, Dec 05, 2013 at 12:46:57PM +0100, Michael Schwendt wrote:
> On Thu, 5 Dec 2013 09:45:27 +, Richard W.M. Jones wrote:
>
> >
> > You could link to a bug and give an example of a packaging problem.
> > Anyway, I give up.
>
> Why so hostile?
It's not hostility, it's that you are not exp
On 12/05/2013 11:00 AM, Ralf Corsepius wrote:
On 12/05/2013 10:26 AM, Björn Persson wrote:
Brendan Jones wrote:
Patching is not a problem. Unnecessary is the question. Explain to me
(not you in particular Rahul) how these printf's can possibly be
exploited?
I believe to be able to prove GCC i
Compose started at Thu Dec 5 07:15:02 UTC 2013
Broken deps for armhfp
--
[avro]
avro-mapred-1.7.5-1.fc20.noarch requires hadoop-mapreduce
avro-mapred-1.7.5-1.fc20.noarch requires hadoop-client
[blueman]
blueman-1.23-7
On Thu, 5 Dec 2013 09:45:27 +, Richard W.M. Jones wrote:
>
> You could link to a bug and give an example of a packaging problem.
> Anyway, I give up.
Why so hostile?
If the entire contents of a -doc subpackage are duplicated in the base
package accidentally, that _is_ a packaging problem. Y
On 12/05/2013 10:26 AM, Björn Persson wrote:
Brendan Jones wrote:
Patching is not a problem. Unnecessary is the question. Explain to me
(not you in particular Rahul) how these printf's can possibly be
exploited?
I believe to be able to prove GCC is producing bogus warnings:
Cf. https://bugzil
You could link to a bug and give an example of a packaging problem.
Anyway, I give up.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://libguestfs.or
Brendan Jones wrote:
>Patching is not a problem. Unnecessary is the question. Explain to me
>(not you in particular Rahul) how these printf's can possibly be
>exploited?
Even if you could prove that a % can never occur in any of these
strings, so that the error can't even cause a crash in any of
On 5 December 2013 00:26, Dan Mashal wrote:
> It seems that this package is no longer needed. Please let me know
> there is a reason that we should keep it. Will retire on all Fedora
> releases next week.
I think it's still used by Wireshark; last time I've build it was to close
some bugs upon
38 matches
Mail list logo
