Compose started at Tue Apr 29 08:15:03 UTC 2014
New package: createrepo_c-0.3.0-1.el7
Creates a common metadata repository
New package: erlang-meck-0.7.2-5.el7
A mocking library for Erlang
New package: galera-25.3.5-5.el7
Synchronous multi-master wsrep
Hi guys,
Orion has submitted a python34 package for EPEL and I'm going to review them
soon if no one beats me to it. In parallel with getting that approved I'd
like to ask about the general strategy we'd like to take with maintaining
python3 in EPEL.
Python3 is an evolving language. New 3.N
On Tue, 29 Apr 2014 16:54:31 -0700
Toshio Kuratomi a.bad...@gmail.com wrote:
...snip...
What do people think? Is this something we can do within the
policies of EPEL? Does it make sense to go forward with this? Is it
better to go with one of the alternatives?
...snip...
I like the plan.
The RC for el7 specifically omits packages that have drawn interest in
the past. A few examples of such packages would be kmail and pidgin.
kmail is ordinarily part of the kde-pim suite, but is stripped from the
final build via some 'rm' handiwork in the spec. Pidgin is omitted from
the build via
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/29/2014 05:54 PM, Toshio Kuratomi wrote:
Hi guys,
Orion has submitted a python34 package for EPEL and I'm going to
review them soon if no one beats me to it. In parallel with
getting that approved I'd like to ask about the general
On 2014-04-30 06:57, Jim Perrin wrote:
The RC for el7 specifically omits packages that have drawn interest
in
the past. A few examples of such packages would be kmail and pidgin.
kmail is ordinarily part of the kde-pim suite, but is stripped from
the
final build via some 'rm' handiwork in the
Hi all,
My name is Tetsumune KISO.
I have been a network engineer at telecom carrier.
Recently I have submitted a review request:
https://bugzilla.redhat.com/show_bug.cgi?id=1089110
This is my first package and I need a sponsor.
I'm very happy if you accept this package.
Best Regards,
Hi All,
During the last few days I've been preparing a rebase of Xorg to 1.15.99.902
all packages have been build into the f21-xorg tag now, and I've just
request rel-eng to move them to rawhide proper.
So the next rawhide compose, or maybe the one after that will have an all
new Xorg stack.
Hi everybody,
I'm writing today because I have submitted my first package for review :
https://bugzilla.redhat.com/show_bug.cgi?id=1092431https://bugzilla.redhat.com/show_bug.cgi?id=1090933
Hello, my name is Florian Tani. I am Computer Engineering student , second
year at Metropolitan Univeristy
On Mon, 28.04.14 15:11, Toshio Kuratomi (a.bad...@gmail.com) wrote:
On Apr 28, 2014 5:01 PM, Daniel J Walsh dwa...@redhat.com wrote:
The problem is lots of services require systemd because they ship a
unit file and want systemctl reload to happen.
Would removing the requires on systemd
On Mon, 28.04.14 17:01, Daniel J Walsh (dwa...@redhat.com) wrote:
The problem is lots of services require systemd because they ship a
unit file and want systemctl reload to happen. Systemd then triggers a
require for udev and kmod, which docker containers do not need.
If you discount the
On 04/28/2014 08:09 PM, Florian Weimer wrote:
On 04/28/2014 12:42 PM, David Woodhouse wrote:
Actually, I think the best way to fix this is with SELinux, rather than
iptables. Why go for an overly complex solution where authorised
processes have to prod a firewall dæmon to change the iptables
On 04/28/2014 03:49 PM, Adam Jackson wrote:
On Mon, 2014-04-28 at 09:58 -0400, Casey Dahlin wrote:
On Mon, Apr 28, 2014 at 08:57:27AM -0400, Adam Jackson wrote:
On Sun, 2014-04-27 at 23:02 +0100, Andrew Price wrote:
On 24/04/14 15:13, Lennart Poettering wrote:
We probably should make
= Proposed System Wide Change: Application Installer Continued =
https://fedoraproject.org/wiki/Changes/AppInstallerContinued
Change owner(s): Richard Hughes for the implementation, Ryan Lerch and Allan
Day for the design rhug...@redhat.com
Fully integrate the new application installer with
= Proposed System Wide Change: Wayland =
https://fedoraproject.org/wiki/Changes/Wayland
Change owner(s): Matthias Clasen and the desktop team mcla...@redhat.com,
desk...@lists.fedoraproject.org
Port the GNOME desktop to Wayland.
== Detailed Description ==
GNOME is being ported to Wayland.
= Proposed System Wide Change: Default Local DNS Resolver =
https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver
Change owner(s): P J P p...@fedoraproject.org, Pavel Šimerda
pav...@pavlix.net, Tomas Hozza tho...@redhat.com
To install a local DNS resolver trusted for the
= Proposed Self Contained Change: Docker Cloud Image =
https://fedoraproject.org/wiki/Changes/Docker_Cloud_Image
Change owner(s): Cloud SIG / Sandro Mathys r...@fedoraproject.org
New Fedora product: Fedora Docker Cloud Image - Docker host ready to go.
== Detailed Description ==
Fedora Cloud
= Proposed Self Contained Change: LVM Cache Logical Volumes =
https://fedoraproject.org/wiki/Changes/Cache_Logical_Volumes
Change owner(s): Alasdair G. Kergon a...@redhat.com, David Cantrell
dcant...@redhat.com, Dave Lehman dleh...@fedoraproject.org
LVM can now use fast block devices (e.g.
commit 379d5b68f385e8845f3aa108485c3a655e00b5da
Author: Petr Písař ppi...@redhat.com
Date: Tue Apr 29 14:47:28 2014 +0200
0.7.2 bump
.gitignore |1 +
perl-WWW-OrangeHRM-Client.spec |5 -
sources|2 +-
3 files changed, 6
2014-04-29 13:57 GMT+02:00 Jaroslav Reznik jrez...@redhat.com:
= Proposed System Wide Change: Application Installer Continued =
https://fedoraproject.org/wiki/Changes/AppInstallerContinued
== Release Notes ==
The application installer, gnome-software is now more fully integrated and
#fedora-meeting: Env and Stacks (2014-04-29)
Meeting started by mmaslano at 12:04:50 UTC. The full logs are available
at
Hello,
2014-04-29 14:15 GMT+02:00 Jaroslav Reznik jrez...@redhat.com:
= Proposed System Wide Change: Default Local DNS Resolver =
https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver
== Upgrade/compatibility impact ==
So what *exactly* happens on upgrade? Before the
Hello,
2014-04-29 14:35 GMT+02:00 Jaroslav Reznik jrez...@redhat.com:
= Proposed Self Contained Change: Docker Cloud Image =
https://fedoraproject.org/wiki/Changes/Docker_Cloud_Image
== Scope ==
snip
* Release engineering: N/A (not a System Wide Change)
Is anything needed for the
Hello,
2014-04-29 14:48 GMT+02:00 Jaroslav Reznik jrez...@redhat.com:
= Proposed Self Contained Change: LVM Cache Logical Volumes =
https://fedoraproject.org/wiki/Changes/Cache_Logical_Volumes
* Other developers: N/A (not a System Wide Change)
non-empty content ... so this might be a
Hello,
On Tuesday, 29 April 2014 7:22 PM, Miloslav Trmač wrote:
So what exactly happens on upgrade? Before the upgrade,
most resolv.conf files will not point to 127.0.0.1.
What will they point to after the upgrade, and if they will point to 127.0.0.1,
which package will actually do that, and
To install a local DNS resolver trusted for the DNSSEC validation running
on 127.0.0.1:53. This must be the only name server entry in
/etc/resolv.conf.
Can the proposal owners clarify for me how this is intended to impact the
cloud products? There's general resistance to having more services
On 04/29/2014 06:31 AM, Lennart Poettering wrote:
On Mon, 28.04.14 15:11, Toshio Kuratomi (a.bad...@gmail.com) wrote:
On Apr 28, 2014 5:01 PM, Daniel J Walsh dwa...@redhat.com wrote:
The problem is lots of services require systemd because they ship a
unit file and want systemctl reload to
On 04/28/2014 06:44 PM, Adam Jackson wrote:
On Mon, 2014-04-28 at 17:01 -0400, Daniel J Walsh wrote:
The problem is lots of services require systemd because they ship a
unit file and want systemctl reload to happen. Systemd then triggers a
require for udev and kmod, which docker containers
On 04/29/2014 06:33 AM, Lennart Poettering wrote:
On Mon, 28.04.14 17:01, Daniel J Walsh (dwa...@redhat.com) wrote:
The problem is lots of services require systemd because they ship a
unit file and want systemctl reload to happen. Systemd then triggers a
require for udev and kmod, which
On Tuesday, 29 April 2014 7:56 PM, Matthew Miller wrote:
Can the proposal owners clarify for me how this is intended to impact the
cloud products?
Cloud products is somewhat of a hazy area(at-least for me). It's unclear how
things operate there. Any information about how we could/should
2014-04-27 19:02 GMT-03:00 Andrew Price anpr...@redhat.com:
On 24/04/14 15:13, Lennart Poettering wrote:
We probably should make setjmp()-freeness a requirement for
all code included in Fedora.
Would it be worth the effort, and how feasible is it anyway?
- Do we have any usage statistics?
On tis, 2014-04-29 at 14:15 +0200, Jaroslav Reznik wrote:
= Proposed System Wide Change: Default Local DNS Resolver =
https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver
Change owner(s): P J P p...@fedoraproject.org, Pavel Šimerda
pav...@pavlix.net, Tomas Hozza
On Tue, Apr 29, 2014 at 05:15:57PM +0200, Alexander Larsson wrote:
On tis, 2014-04-29 at 14:15 +0200, Jaroslav Reznik wrote:
= Proposed System Wide Change: Default Local DNS Resolver =
https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver
Change owner(s): P J P
On Tue, Apr 29, 2014 at 10:58 AM, Alexander Larsson al...@redhat.com wrote:
On tis, 2014-04-29 at 12:33 +0200, Lennart Poettering wrote:
On Mon, 28.04.14 17:01, Daniel J Walsh (dwa...@redhat.com) wrote:
The problem is lots of services require systemd because they ship a
unit file and want
On Tue, 2014-04-29 at 17:15 +0200, Alexander Larsson wrote:
On tis, 2014-04-29 at 14:15 +0200, Jaroslav Reznik wrote:
= Proposed System Wide Change: Default Local DNS Resolver =
https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver
Change owner(s): P J P
On Fri, Apr 25, 2014 at 03:58:44PM -0700, Andrew Lutomirski wrote:
https://sourceware.org/ml/libc-alpha/2012-12/msg00416.html
I've never understood why something like nscd is even worth trying to
support. There's a simple, well specified protocol that program can
use to talk to a DNS
On tis, 2014-04-29 at 11:21 -0400, Josh Boyer wrote:
On Tue, Apr 29, 2014 at 10:58 AM, Alexander Larsson al...@redhat.com wrote:
On tis, 2014-04-29 at 12:33 +0200, Lennart Poettering wrote:
On Mon, 28.04.14 17:01, Daniel J Walsh (dwa...@redhat.com) wrote:
The problem is lots of services
On Tue, 29.04.14 10:37, Daniel J Walsh (dwa...@redhat.com) wrote:
On 04/29/2014 06:33 AM, Lennart Poettering wrote:
On Mon, 28.04.14 17:01, Daniel J Walsh (dwa...@redhat.com) wrote:
The problem is lots of services require systemd because they ship a
unit file and want systemctl reload
On Tue, 2014-04-29 at 22:10 +0800, P J P wrote:
Hello,
On Tuesday, 29 April 2014 7:22 PM, Miloslav Trmač wrote:
So what exactly happens on upgrade? Before the upgrade,
most resolv.conf files will not point to 127.0.0.1.
What will they point to after the upgrade, and if they will point
[ Dropping devel-announce ]
On Tue, Apr 29, 2014 at 11:15 AM, Alexander Larsson al...@redhat.com
wrote:
Not sure how to fix something like that though...
I think in both cases (host and container) it would be best if the
local resolver offered a local-only API (e.g. unix domain sockets,
2014-04-29 17:15 GMT+02:00 Alexander Larsson al...@redhat.com:
On tis, 2014-04-29 at 14:15 +0200, Jaroslav Reznik wrote:
= Proposed System Wide Change: Default Local DNS Resolver =
https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver
To install a local DNS resolver trusted
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 29 Apr 2014 14:35:55 +0200
Jaroslav Reznik jrez...@redhat.com wrote:
= Proposed Self Contained Change: Docker Cloud Image =
https://fedoraproject.org/wiki/Changes/Docker_Cloud_Image
Change owner(s): Cloud SIG / Sandro Mathys
On 29.4.2014 17:27, Colin Walters wrote:
[ Dropping devel-announce ]
On Tue, Apr 29, 2014 at 11:15 AM, Alexander Larsson al...@redhat.com wrote:
Not sure how to fix something like that though...
I think in both cases (host and container) it would be best if the local
resolver offered a
On Tue, 29.04.14 16:58, Alexander Larsson (al...@redhat.com) wrote:
On tis, 2014-04-29 at 12:33 +0200, Lennart Poettering wrote:
On Mon, 28.04.14 17:01, Daniel J Walsh (dwa...@redhat.com) wrote:
The problem is lots of services require systemd because they ship a
unit file and want
On Thu, Apr 24, 2014 at 04:38:07PM +0200, Lukáš Nykrýn wrote:
Network initscript. This will be probably the most controversial part.
In fedora 21 we will have three different tools for networking
(initscripts, NetworkManager and systemd-networkd) and all of them
will be installed by default.
On Tue, Apr 29, 2014 at 04:01:05PM +0200, Miloslav Trmač wrote:
* Release engineering: N/A (not a System Wide Change)
Is anything needed for the potential os-tree -based updates system?
Possibly. It depends on the exact implementation.
== Upgrade/compatibility impact ==
Do the cloud-init
On Mon, Apr 28, 2014 at 01:45:52PM -0400, Aaron Knister wrote:
I think it's a little unrealistic to expect the vendor to namespace their
packages although it would be nice and probably the right thing to do.
If you buy from Red Hat, you should complain to them. That might have more
effect than
On Tue, Apr 29, 2014 at 10:35:46AM -0500, Dennis Gilmore wrote:
* Release engineering: N/A (not a System Wide Change)
Releng will be needed to make the docker images, and upload them where
they need to go, so this is not true
Of course that is absolutely true. We should fix that in the
2014-04-29 17:40 GMT+02:00 Lennart Poettering mzerq...@0pointer.de:
On Tue, 29.04.14 16:58, Alexander Larsson (al...@redhat.com) wrote:
Its around 15 megs or so, although on rhel7 its 20 megs larger because
of a dependency that kmod has on /usr/bin/nm (binutils) that doesn't
seem to be
On Tue, Apr 29, 2014 at 10:01 AM, Miloslav Trmač m...@volny.cz wrote:
Is anything needed for the potential os-tree -based updates system?
Definitely! There's a short term and long term plan.
Short term:
* Run a separate set of server(s) to do treecompose. Would require
some basic level of
On Tue, Apr 29, 2014 at 11:47 AM, Miloslav Trmač m...@volny.cz wrote:
2014-04-29 17:40 GMT+02:00 Lennart Poettering mzerq...@0pointer.de:
On Tue, 29.04.14 16:58, Alexander Larsson (al...@redhat.com) wrote:
Its around 15 megs or so, although on rhel7 its 20 megs larger because
of a
On Tue, 29 Apr 2014, P J P wrote:
Similarly, what do we tell users who used to edit /etc/resolv.conf to do in the
new system?
We tell users to never edit the '/etc/resolv.conf' file and ensure that the
local resolver is listening at 127.0.0.1:53.
We should leave a comment in resolv.conf
On Sat, Apr 26, 2014 at 09:13:12PM -0600, Orion Poplawski wrote:
On 04/26/2014 06:55 PM, Toshio Kuratomi wrote:
On Apr 26, 2014 11:37 AM, Orion Poplawski or...@cora.nwra.com
mailto:or...@cora.nwra.com wrote:
One interesting change from RHEL7 beta-rc is the dropping of libdb4
which
On tis, 2014-04-29 at 17:40 +0200, Lennart Poettering wrote:
On Tue, 29.04.14 16:58, Alexander Larsson (al...@redhat.com) wrote:
On tis, 2014-04-29 at 12:33 +0200, Lennart Poettering wrote:
On Mon, 28.04.14 17:01, Daniel J Walsh (dwa...@redhat.com) wrote:
The problem is lots of
On Tue, 2014-04-29 at 17:39 +0200, Petr Spacek wrote:
On 29.4.2014 17:27, Colin Walters wrote:
[ Dropping devel-announce ]
On Tue, Apr 29, 2014 at 11:15 AM, Alexander Larsson al...@redhat.com
wrote:
Not sure how to fix something like that though...
I think in both cases (host and
On Tue, 29.04.14 18:03, Alexander Larsson (al...@redhat.com) wrote:
On tis, 2014-04-29 at 17:40 +0200, Lennart Poettering wrote:
On Tue, 29.04.14 16:58, Alexander Larsson (al...@redhat.com) wrote:
On tis, 2014-04-29 at 12:33 +0200, Lennart Poettering wrote:
On Mon, 28.04.14 17:01,
Looks like we will be able to flush the negative cache between networks
in the next version of unbound.
Paul
ps. this is why I love unbound. Request a useful feature, get it :)
-- Forwarded message --
Date: Tue, 29 Apr 2014 04:50:05
From: W.C.A. Wijngaards wou...@nlnetlabs.nl
On Tue, Apr 29, 2014 at 8:18 AM, Chuck Anderson c...@wpi.edu wrote:
On Tue, Apr 29, 2014 at 05:15:57PM +0200, Alexander Larsson wrote:
On tis, 2014-04-29 at 14:15 +0200, Jaroslav Reznik wrote:
= Proposed System Wide Change: Default Local DNS Resolver =
On Tue, Apr 29, 2014 at 02:48:51PM +0200, Jaroslav Reznik wrote:
= Proposed Self Contained Change: LVM Cache Logical Volumes =
https://fedoraproject.org/wiki/Changes/Cache_Logical_Volumes
Anaconda team signed as co-owners of this Change.
The dracut team must provide boot support. If
On Tue, 2014-04-29 at 18:14 +0200, Lennart Poettering wrote:
On Tue, 29.04.14 18:03, Alexander Larsson (al...@redhat.com) wrote:
systemd = cryptsetup-libs = device-mapper-libs = device-mapper
Don't have time to look up the details atm, but iptable was reached via
initscripts somehow.
Em 29-04-2014 12:27, Lennart Poettering escreveu:
On Tue, 29.04.14 10:37, Daniel J Walsh (dwa...@redhat.com) wrote:
On 04/29/2014 06:33 AM, Lennart Poettering wrote:
On Mon, 28.04.14 17:01, Daniel J Walsh (dwa...@redhat.com) wrote:
The problem is lots of services require systemd because
Once upon a time, Marcelo Ricardo Leitner marcelo.leit...@gmail.com said:
You're considering only the escalation way to do it, but there are
other ways to exploit code laying around, like when some web pages
don't sanitize the URL enough and end up allowing executing
something in the system,
Am 29.04.2014 20:51, schrieb Chris Adams:
Once upon a time, Marcelo Ricardo Leitner marcelo.leit...@gmail.com said:
You're considering only the escalation way to do it, but there are
other ways to exploit code laying around, like when some web pages
don't sanitize the URL enough and end up
Hi,
On Tuesday, 29 April 2014 8:59 PM, Dan Williams d...@redhat.com wrote:
If NetworkManager is being used, users already don't touch resolv.conf,
they edit /etc/sysconfig/network-scripts/ifcfg-* files and use
DNS1/DNS2/DNS3 and SEARCHES to set DNS information.
Yes, true!
If
On Tuesday, 29 April 2014 9:29 PM, Paul Wouters p...@nohats.ca wrote:
Note that FreeBSD also picked unbound recently for the exact same task.
True! -
http://www.freebsdnews.net/2013/09/20/freebsd-10s-new-technologies-and-features/
---
Regards
-Prasad
http://feedmug.com
--
devel mailing
On Tue, Apr 29, 2014 at 02:04:56PM +0200, Jaroslav Reznik wrote:
This change is targeted at F21. For F20, we aim for having an experimental
GNOME shell Wayland compositor available, without necessarily having all the
surrounding desktop infrastructure ported. To avoid destabilizing the X
Once upon a time, Reindl Harald h.rei...@thelounge.net said:
wrong question - is /bin/sh used?
if the answer is yes then the anser to your question is no
the point is remove anything *unneeded* from production systems
that are best practices for many years and for good reasons
No, the point
Hi,
On Tuesday, 29 April 2014 10:08 PM, Andrew Lutomirski l...@mit.edu wrote:
but the container itself runs in a network namespace, so it gets its own
loopback device. This will mean 127.0.0.1:53 points to the container itself,
not the host, so dns resolving in the container will not work.
On Tue, Apr 29, 2014 at 12:17 PM, P J P pj.pan...@yahoo.co.in wrote:
Hi,
On Tuesday, 29 April 2014 10:08 PM, Andrew Lutomirski l...@mit.edu wrote:
but the container itself runs in a network namespace, so it gets its own
loopback device. This will mean 127.0.0.1:53 points to the container
On 04/29/2014 03:17 PM, Chris Adams wrote:
Once upon a time, Reindl Harald h.rei...@thelounge.net said:
wrong question - is /bin/sh used?
if the answer is yes then the anser to your question is no
the point is remove anything *unneeded* from production systems
that are best practices for
Am 29.04.2014 21:17, schrieb Chris Adams:
Once upon a time, Reindl Harald h.rei...@thelounge.net said:
wrong question - is /bin/sh used?
if the answer is yes then the anser to your question is no
the point is remove anything *unneeded* from production systems
that are best practices for
On Tue, Apr 29, 2014 at 12:33 PM, Reindl Harald h.rei...@thelounge.net wrote:
simple example:
* binary XYZ is vulerable for privilege escalation
This makes no sense...
* we talk about a *local* exploit until now
...I don't even know what you're trying to say here...
* a bad configured
Kẏra kxra at riseup.net writes:
Martin Stransky stransky at redhat.com writes:
How do you enable it? Can you file a BZ# for that at bugzilla.redhat.com?
In about:config, set the browser.tabs.remote preference to 'true'
More info here: https://wiki.mozilla.org/Electrolysis
did you
On Tue, Apr 29, 2014 at 09:29:00AM -0700, Andrew Lutomirski wrote:
OTOH, it would be straightforward to write a tiny stub that forwards
127.0.0.1:53 to something outside the container.
Is this tiny stub a process running inside the container? What starts that
process? What about in the single
Am 29.04.2014 21:36, schrieb Andrew Lutomirski:
On Tue, Apr 29, 2014 at 12:33 PM, Reindl Harald h.rei...@thelounge.net
wrote:
simple example:
* binary XYZ is vulerable for privilege escalation
This makes no sense...
for you
* we talk about a *local* exploit until now
...I don't
The following Fedora EPEL 5 Security updates need testing:
Age URL
737
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5
192
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.20.12-1.el5
72
The following Fedora EPEL 6 Security updates need testing:
Age URL
737
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
84
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0440/fwsnort-1.6.4-1.el6
79
On Tue, Apr 29, 2014 at 03:31:45PM -0400, Daniel J Walsh wrote:
On 04/29/2014 03:17 PM, Chris Adams wrote:
Once upon a time, Reindl Harald h.rei...@thelounge.net said:
wrong question - is /bin/sh used?
if the answer is yes then the anser to your question is no
the point is remove
Am 29.04.2014 21:31, schrieb Daniel J Walsh:
On 04/29/2014 03:17 PM, Chris Adams wrote:
Once upon a time, Reindl Harald h.rei...@thelounge.net said:
wrong question - is /bin/sh used?
if the answer is yes then the anser to your question is no
the point is remove anything *unneeded* from
Once upon a time, Reindl Harald h.rei...@thelounge.net said:
simple example:
* binary XYZ is vulerable for privilege escalation
A local, non-privileged binary cannot be vulerable for privilege
escalation. If I can run a non-privileged binary to escalate, then
there is a problem with some
On Tue, Apr 29, 2014 at 12:48 PM, Reindl Harald h.rei...@thelounge.net wrote:
Am 29.04.2014 21:36, schrieb Andrew Lutomirski:
On Tue, Apr 29, 2014 at 12:33 PM, Reindl Harald h.rei...@thelounge.net
wrote:
simple example:
* binary XYZ is vulerable for privilege escalation
This makes no
- Original Message -
= Proposed System Wide Change: Default Local DNS Resolver =
https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver
Change owner(s): P J P p...@fedoraproject.org, Pavel Šimerda
pav...@pavlix.net, Tomas Hozza tho...@redhat.com
Ops, I was just pinged
https://fedorahosted.org/389/ticket/4
https://fedorahosted.org/389/attachment/ticket/4/0001-Ticket-4-attribute-uniqueness-plugin-fails-when-.patch
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel
Am 29.04.2014 21:59, schrieb Chris Adams:
Once upon a time, Reindl Harald h.rei...@thelounge.net said:
simple example:
* binary XYZ is vulerable for privilege escalation
A local, non-privileged binary cannot be vulerable for privilege
escalation. If I can run a non-privileged binary to
Once upon a time, Reindl Harald h.rei...@thelounge.net said:
don't get me wrong but you are talking bullshit
Put up or shut up.
you can't download whatever you like to do in any random situation
and excutue it like in a sehll - if you have only *one command* through
a web application you
Am 29.04.2014 22:22, schrieb Chris Adams:
Once upon a time, Reindl Harald h.rei...@thelounge.net said:
don't get me wrong but you are talking bullshit
Put up or shut up
i shut when i say - not when you say
https://www.google.com/search?q=local+root+exploit+CVE
google as example for
On Tue, Apr 29, 2014 at 4:16 PM, Reindl Harald h.rei...@thelounge.netwrote:
don't get me wrong but you are talking bullshit
Reindl, your SNR is way way high. Maybe try sending /less/ emails,
concentrating in being clear and helpful?
Don't worry, there is _always_ someone who's wrong on the
That’s spectrum1 which has been long dead upstream, and there is
no further development in upstream (for spectrum2 which would be
a replacement), so I don't want to drag it further. I’ll keep it
in EPEL 5,6 and if any bug happens, I’ll patch it.
Any takers?
Yeah, I thought so
Matěj
--
Em 29-04-2014 17:04, Andrew Lutomirski escreveu:
On Tue, Apr 29, 2014 at 12:48 PM, Reindl Harald h.rei...@thelounge.net wrote:
Am 29.04.2014 21:36, schrieb Andrew Lutomirski:
On Tue, Apr 29, 2014 at 12:33 PM, Reindl Harald h.rei...@thelounge.net wrote:
simple example:
* binary XYZ is
Once upon a time, Reindl Harald h.rei...@thelounge.net said:
google as example for CVE-2014-0038 and as i already explained
you: a attacker has no shell, you have two ways to force a existing
local exploit by a web-application:
A: try to get a complete script on the machine and execute it
On Tue, Apr 29, 2014 at 12:41 PM, Matthew Miller
mat...@fedoraproject.org wrote:
On Tue, Apr 29, 2014 at 09:29:00AM -0700, Andrew Lutomirski wrote:
OTOH, it would be straightforward to write a tiny stub that forwards
127.0.0.1:53 to something outside the container.
Is this tiny stub a process
Am 29.04.2014 23:00, schrieb Chris Adams:
Once upon a time, Reindl Harald h.rei...@thelounge.net said:
google as example for CVE-2014-0038 and as i already explained
you: a attacker has no shell, you have two ways to force a existing
local exploit by a web-application:
A: try to get a
On Tue, Apr 29, 2014 at 1:57 PM, Marcelo Ricardo Leitner
marcelo.leit...@gmail.com wrote:
Em 29-04-2014 17:04, Andrew Lutomirski escreveu:
On Tue, Apr 29, 2014 at 12:48 PM, Reindl Harald h.rei...@thelounge.net
wrote:
Am 29.04.2014 21:36, schrieb Andrew Lutomirski:
On Tue, Apr 29, 2014 at
Am 29.04.2014 23:09, schrieb Andrew Lutomirski:
If you want to go down that path, set up selinux to prevent execing
things that oughtn't to be execed. But trying to prevent exploits
from working by removing every possible helper from the path is a
losing proposition and is just not worth
Once upon a time, Reindl Harald h.rei...@thelounge.net said:
defense in depth means limit the attack surface as much as you can
No, because as much as you can is turn the system off and bury it in
concrete (with an armed guard).
The goal is as much as practical. Trying to remove things that
Am 29.04.2014 23:20, schrieb Chris Adams:
Once upon a time, Reindl Harald h.rei...@thelounge.net said:
defense in depth means limit the attack surface as much as you can
No, because as much as you can is turn the system off and bury it in
concrete (with an armed guard).
The goal is as
On Tue, Apr 29, 2014 at 5:12 PM, Reindl Harald h.rei...@thelounge.netwrote:
defense in depth means limit the attack surface as much as you can
As folks are trying to point out to you, these principles are well
understood in this group.
However, _any minimally usable environment will have a
Once upon a time, Reindl Harald h.rei...@thelounge.net said:
however, thank you to show me that any discussion with you is worthless
Right back at you.
--
Chris Adams li...@cmadams.net
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
On Tue, Apr 29, 2014 at 5:28 PM, Chris Adams li...@cmadams.net wrote:
Once upon a time, Reindl Harald h.rei...@thelounge.net said:
however, thank you to show me that any discussion with you is worthless
Right back at you.
The CoC does say a few things on this topic.
I am finding Reindl's
Hi All,
As part of the F21 Modular Kernel Packaging for Cloud Feature[1],
I've committed and pushed the kernel packaging split up into
kernel-core and kernel-drivers subpackages. For those of you running
rawhide, this really shouldn't be a major impact at all. When you do
a yum update, you will
1 - 100 of 159 matches
Mail list logo