On 8.1.2015 14:56, Jan Staněk wrote:
> Hi guys,
> as the new BerkeleyDB 6.x has a more restrictive license than the
> previous versions (AGPLv3 vs. LGPLv2), and due to that many projects
> cannot use it, perhaps it is time to get rid of it from Fedora for good
> - or at least trim down the list of
Jan Staněk writes:
> Hi guys,
> as the new BerkeleyDB 6.x has a more restrictive license than the
> previous versions (AGPLv3 vs. LGPLv2), and due to that many projects
> cannot use it, perhaps it is time to get rid of it from Fedora for good
> - or at least trim down the list of packages dependen
Hello,
I'm writing a common reply for consolidation and brevity. I'll try to cover all
the concerns raised so far.
- Idea behind this feature is to keep malicious users from gaining 'root'
access to remote systems. Restricting remote root login increases the
difficulty level in that, which
On 01/08/2015 11:17 PM, Felix Miata wrote:
KDE in F22 works fine via KDM, but after 2nd icon paints starting from
startx, either plain without KDM running, or after logging in via KDM then
from a vty startx -- :1, the machine hard locks, no input from mouse or
keyboard is possible, and remote log
On Wednesday 29 of October 2014 15:20:31 Pavel Raiskup wrote:
> Libtool upstream was able to cut the new release!
>
> I'll rebase the Rawhide package probably by the end of the next week or
> so, if there are no objections.
>
> Upstream maintainer calls this update fearless :) and that it needs a
Hi, perhaps this happens due to some oddity in my system, but I have
noticed meesages like this while doing updates via yum (this has happened
today)
Downloading packages:
updates/21/x86_64/prestodelta | 621 kB
00:00
Delta RPMs reduced 21 M of updates to 1.4 M (93% sa
On Fri, 09 Jan 2015 09:40:17 +0200, Yanko Kaneti wrote:
> > Policy does require you to contact the maintainer
> > http://fedoraproject.org/wiki/Getting_a_Fedora_package_in_EPEL It is
> > quite inappropriate to not have the courtesy to contact the fedora
> > maintainer first.
>
> I have't seen t
On 09/01/15 08:40, Yanko Kaneti wrote:
>
> - "I beleive this package is not suitable for an LTS release, so I'll
> block it" - is just hubris.
There are some fast moving packages out there, which are not suitable
for long running releases.
Of course, you're welcome to continue to support them
Hi,
I'd like to unretire novnc in EPEL6, it was retired on 2014-12-20
because of broken deps:
unresolved dependencies for openstack-nova-novncproxy-0.4-2.el6.noarch:
openstack-nova
This will be fixed by importing latest Fedora build which removed
openstack-nova dependency in 0.4-7
I also
On Thu, Jan 08, 2015 at 01:45:20PM -0500, Miloslav Trmač wrote:
> Hello,
> > = Proposed System Wide Change: Harden all packages with position-independent
> > code =
> >
> > Harden all packages with position-independent code to limit the damage from
> > certain security vulnerabilities.
>
> So this
Compose started at Fri Jan 9 05:15:03 UTC 2015
Broken deps for i386
--
[InsightToolkit]
InsightToolkit-4.7.0-2.fc22.i686 requires libhdf5_cpp.so.8
InsightToolkit-4.7.0-2.fc22.i686 requires libhdf5.so.8
[Sprog]
Sprog-0.
Am 09.01.2015 um 12:54 schrieb Jakub Jelinek:
On i?86 it isn't around 10%, but more like 10%-30%.
i doubt that it's always 30% - real workloads matter not worst cases and
what are the 100% - if 100% is below a second 30% don't matter - there
are millions of tasks where even 50% would not mat
On Fri, 2015-01-09 at 11:22 +0100, Michael Schwendt wrote:
> On Fri, 09 Jan 2015 09:40:17 +0200, Yanko Kaneti wrote:
>
> > > Policy does require you to contact the maintainer
> > > http://fedoraproject.org/wiki/Getting_a_Fedora_package_in_EPEL
> > > It is quite inappropriate to not have the cou
On Sex, 2015-01-09 at 06:45 +0100, Johannes Lips wrote:
> Sorry to say, but this is like the hundredth time this topic came up.
> https://lists.fedoraproject.org/pipermail/devel/2014-July/200860.html
https://lists.fedoraproject.org/pipermail/devel/2014-July/201125.html
I Google it, kanarip is Je
On Fri, 9 Jan 2015, DJ Delorie wrote:
So if we truly want to address this feature, we should also disallow
non-root user password based ssh logins.
Do I get this right? You want to disallow any remote logins (which
nowadays means using ssh)?
No, he means that ssh connections should require a
On 01/09/2015 02:59 PM, Sérgio Basto wrote:
On Sex, 2015-01-09 at 06:45 +0100, Johannes Lips wrote:
Sorry to say, but this is like the hundredth time this topic came up.
https://lists.fedoraproject.org/pipermail/devel/2014-July/200860.html
https://lists.fedoraproject.org/pipermail/devel/2014-J
Am 09.01.2015 um 15:14 schrieb Paul Wouters:
If your public key authentication fails, it still prompts you for a
password but even if you have set a password it will reject it. This is
to prevent leaking configuration information (eg to avoid telling
attackers whether or not password based login
On Fri, Jan 9, 2015 at 4:14 PM, Paul Wouters wrote:
> My systems are set up that way, you can't just ssh in from anywhere, you
>> can only ssh in from machines that have your private key. If you try
>> to log in without a pre-shared key, it won't prompt you for your unix
>> password, it will ju
Am 09.01.2015 um 15:32 schrieb Alexander Ploumistos:
On Fri, Jan 9, 2015 at 4:14 PM, Paul Wouters wrote:
My systems are set up that way, you can't just ssh in from
anywhere, you
can only ssh in from machines that have your private key. If
you try
to log
On Fri, Jan 9, 2015 at 4:51 PM, Reindl Harald
wrote:
> you achieve nothing than cluttered logs from continued dictionary attacks
> with such a setup even if it would be possible and that has the security
> implication burry interesting lines in noise
>
Oh, I agree with you, but it would be quite
Am 09.01.2015 um 15:59 schrieb Alexander Ploumistos:
On Fri, Jan 9, 2015 at 4:51 PM, Reindl Harald wrote:
you achieve nothing than cluttered logs from continued dictionary
attacks with such a setup even if it would be possible and that has
the security implication burry interesting
On Fri, Jan 9, 2015 at 5:07 PM, Reindl Harald
wrote:
> for that i would seek a dedicated honeypot-service listening on port 22
> with it's own logging and have the real sshd with key-only auth on a
> non-default port
>
> https://code.google.com/p/kippo/
> https://github.com/desaster/kippo
>
> tha
On 01/09/2015 04:05 AM, Reindl Harald wrote:
*but* since *mobile phones* and other operating systems in the meantime are
full PIE and it improves security how can someone justify the reason
performance on a desktop/server distribution with much more powerful hardware?
Often the usage statist
On 9 January 2015 at 00:17, Felix Miata wrote:
> P4 2.8G, no hyperthreading, with i865G video.
>
> F20 and F21 work normally.
>
> Kernel 3.19.0-0.rc3.git1.2.fc22.i686+PAE on an i686
> xorg-x11-drv-intel-2.99.917-2.fc22.i686
> xorg-x11-server-Xorg-1.16.2.901-1.fc22.i686
>
> Installing libinput did
On Fedora 21, OpenSSL doesn't appear to support NIST p224r1, but *does*
support other NIST curves. I presume this was intentional, but I'm not
sure why. Can someone enlighten me?
$ openssl ecparam -list_curves
secp384r1 : NIST/SECG curve over a 384 bit prime field
secp521r1 : NIST/SECG curve o
Am 09.01.2015 um 16:56 schrieb John Reiser:
On 01/09/2015 04:05 AM, Reindl Harald wrote:
*but* since *mobile phones* and other operating systems in the
meantime are full PIE and it improves security how can someone justify
the reason performance on a desktop/server distribution with much more
On Fri, Jan 09, 2015 at 06:01:14PM +0100, Reindl Harald wrote:
> I don't want to go the road where press articles say a specific bug
> in software XYZ available for Linux, BSD and OSX would have only on
> Fedora not been mitigated because we still discuss over performance
> impacts while others alr
On 01/09/2015 09:57 AM, Nathaniel McCallum wrote:
> On Fedora 21, OpenSSL doesn't appear to support NIST p224r1, but *does*
> support other NIST curves. I presume this was intentional, but I'm not
> sure why. Can someone enlighten me?
>
> $ openssl ecparam -list_curves
> secp384r1 : NIST/SECG cu
On Fri, Jan 9, 2015 at 6:18 PM, Orion Poplawski wrote:
> On 01/09/2015 09:57 AM, Nathaniel McCallum wrote:
>> On Fedora 21, OpenSSL doesn't appear to support NIST p224r1, but *does*
>> support other NIST curves. I presume this was intentional, but I'm not
>> sure why. Can someone enlighten me?
>>
On Fri, 9 Jan 2015, Zbigniew Jędrzejewski-Szmek wrote:
> ...
> Microbenchmarks get us only so far, we need to know the impact the
> change makes for the whole system. We won't know that until enough
> packages have been rebuilt.
https://www.alpinelinux.org/about/
"The kernel is patched with grse
On 01/08/2015 06:09 PM, Reindl Harald wrote:
in my "serious" environments which are all virtualized it is simple:
* a central VMware vCenter Server for the HA cluster
* that thing is sadly a windows machine, don't matter
because it's only purpose is to run a RDP session
and all day long
Once upon a time, Przemek Klosowski said:
> Actually, even with vCenter (which we also have) getting a console
> is not a foregone conclusion. It is a browser plugin which actually
> right now does not work for me on my linux desktop.
Hmm, the Fedora Project isn't using RHEV/oVirt, which supports
On 8 Jan 2015, at 13:52, Miloslav Trmač wrote:
The only other approach I could see for the headless
servers would be mandating the enrollment in an identity domain at
installation time (such as to FreeIPA or Active Directory).
And in this scenario we should absolutely disable PermitRootLogin.
Hi,
I will be taking ownership of html2text on EPEL6.
I am already the maintainer for EPEL7, but I missed the notification
that the EPEL6 version was being orphaned because of filters.
Troy Dawson
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/
On Fri, Jan 09, 2015 at 06:45:47PM +0100, Dhiru Kholia wrote:
> On Fri, 9 Jan 2015, Zbigniew Jędrzejewski-Szmek wrote:
>
> > ...
> > Microbenchmarks get us only so far, we need to know the impact the
> > change makes for the whole system. We won't know that until enough
> > packages have been rebu
On Fri, Jan 09, 2015 at 18:25:09 +0100,
drago01 wrote:
On Fri, Jan 9, 2015 at 6:18 PM, Orion Poplawski wrote:
Individual curves must be considered by Fedora Legal on a case by case basis
Is this a joke?
No, some people were given patents on using elliptic curves for encryption.
Even if t
Hello,
I recently noticed Debian/Ubuntu has had support for "aclexec" in tcp_wrappers
via a custom patch since 2006,
so you can do this in /etc/hosts.allow or hosts.deny:
sshd: ALL: aclexec /usr/local/bin/sshfilter.sh %a
if sshfilter.sh returns true the access is allowed, if sshfilter.sh return
Felix Miata wrote:
> KDE in F22 works fine via KDM, but after 2nd icon paints starting from
> startx, either plain without KDM running, or after logging in via KDM then
> from a vty startx -- :1, the machine hard locks, no input from mouse or
> keyboard is possible, and remote login dies.
FYI, it'
On 09.01.2015 23:16, Pasi Kärkkäinen wrote:
> Hello,
>
> I recently noticed Debian/Ubuntu has had support for "aclexec" in
> tcp_wrappers via a custom patch since 2006,
> so you can do this in /etc/hosts.allow or hosts.deny:
>
> sshd: ALL: aclexec /usr/local/bin/sshfilter.sh %a
>
> if sshfilter
On Fri, Jan 09, 2015 at 11:47:52PM +0100, Michael Stahl wrote:
> On 09.01.2015 23:16, Pasi Kärkkäinen wrote:
> > Hello,
> >
> > I recently noticed Debian/Ubuntu has had support for "aclexec" in
> > tcp_wrappers via a custom patch since 2006,
> > so you can do this in /etc/hosts.allow or hosts.den
On Sat, Jan 10, 2015 at 12:57:22AM +0200, Pasi Kärkkäinen wrote:
> On Fri, Jan 09, 2015 at 11:47:52PM +0100, Michael Stahl wrote:
> > On 09.01.2015 23:16, Pasi Kärkkäinen wrote:
> > > Hello,
> > >
> > > I recently noticed Debian/Ubuntu has had support for "aclexec" in
> > > tcp_wrappers via a cus
On 09.01.2015 23:46, Kevin Kofler wrote:
FYI, it's kinda pointless to test the KDE Plasma currently in Rawhide/F22,
as the Plasma 5 import is coming very soon.
I regularly see Qt5 applications crashing when changing resolution /
changing monitor setup (in particular when docking the laptop and
# F22 Blocker Review meeting
# Date: 2015-01-12
# Time: 1700 UTC
# Location: #fedora-blocker-review on irc.freenode.net
It's that time of week again, time for some Blocker Review! While it
might seem like I've lost track of what day it is again (which happens,
I admit), we discussed it this week a
While working on a spec file to cause build failure if new fonts showed
up in a package, I noticed two oddities with the checking for unpackaged
files.
An unpackaged empty directory will not trigger a build failure.
If a file is covered by %exclude in the main package, but is not included
in
44 matches
Mail list logo
