-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
We wanted to send out a heads-up to let folks know that once Infrastructure
Freeze is lifted this week, we will be enabling modular builds for Fedora ELN.
Once this happens, `platform:eln` will become available as a target for module
builds. For
On Mon, Sep 28, 2020 at 4:32 pm, Marius Schwarz
wrote:
as one who had split horizone dns setups, it's not the client who
splits, it's the server.
It's really the client... or the server running on the client:
nss-dns (traditional): split DNS impossible. No way to ever split DNS.
dnsmasq,
On Mon, Sep 28, 2020 at 4:39 pm, Florian Weimer
wrote:
My understanding is that the DNS request routing in systemd-resolved
effectively disables any security mechanisms on the VPN side, and
instructs most current browsers to route DNS requests to centralized
DNS
servers for all requests
On 28/09/2020 15:57, Marius Schwarz wrote:
Am 28.09.20 um 13:47 schrieb Zbigniew Jędrzejewski-Szmek:
DNSSEC support in resolved can be enabled through resolved.conf.
Why isn't that the default, if this resolver can do it?
Because DNSSEC is a disaster area and if you try and use it
on random
Am 28.09.20 um 13:47 schrieb Zbigniew Jędrzejewski-Szmek:
> DNSSEC support in resolved can be enabled through resolved.conf.
Why isn't that the default, if this resolver can do it?
Best regards,
Marius
___
devel mailing list --
On Mon, Sep 28, 2020 at 10:29 am, Matthew Miller
wrote:
On Mon, Sep 28, 2020 at 09:23:47AM -0500, Michael Catanzaro wrote:
*cannot* enable DNSSEC, where VPN users often expect split DNS, and
where we cannot expect users to configure anything manually,
systemd-resolved is solving a real
On Mon, 28 Sep 2020 12:31:59 +0200, Mark Wielaard wrote:
> If you want to make -fdebug-types-sections the default you really
> should work with the upstream GCC developers to figure out why they
> don't want that.
I haven't seen that, according to Richard Biener from GCC
-fdebug-types-section is
On Mon, Sep 28, 2020 at 10:28 am, Paul Wouters wrote:
This is better thant it was five years ago. I'm glad some things were
at least successfully conveyed in the Brno meeting. However, this
still
leaks queries meant for the LAN or VPN onto the wide internet and is
still a privacy and security
* Michael Catanzaro:
> If you're running mail servers or VPN servers, you can probably
> configure the DNS to your liking, right? Either enable DNSSEC support
> in systemd-resolved, or disable systemd-resolved. I'm not too
> concerned about this
What about end users who just enable a VPN
On Mon, 28 Sep 2020, Michael Catanzaro wrote:
If you're running mail servers or VPN servers, you can probably configure the
DNS to your liking, right? Either enable DNSSEC support in systemd-resolved,
or disable systemd-resolved. I'm not too concerned about this
You should be concerned
Hi,
Am 28.09.20 um 13:47 schrieb Zbigniew Jędrzejewski-Szmek:
> I'm not sure what you mean by that. It is true that /etc/resolv.conf
> is not able to express split DNS. But it is still in place, with contents
> that try to express the actual DNS configuration to the extent possible.
as one who
On Mon, Sep 28, 2020 at 09:23:47AM -0500, Michael Catanzaro wrote:
> *cannot* enable DNSSEC, where VPN users often expect split DNS, and
> where we cannot expect users to configure anything manually,
> systemd-resolved is solving a real problem that nss-dns will never
> be able to handle.
Can we
On Mon, Sep 28, 2020 at 03:07:39PM +0200, Daniel Pocock wrote:
> 5. you can now use
>
> rsync --dry-run /mnt/sda1_non_raid /mnt/btrfs_new
>
> to see if every file on the sda1 side of the mirror matches what was
> copied to Btrfs
Add --checksum to the rsync invocation. Otherwise, rsync
On Mon, 28 Sep 2020, Zbigniew Jędrzejewski-Szmek wrote:
This change is harmful to network security, impacts existing installations
depending on DNSSEC security, and leaks private queries for VPN/internal
domains to the open internet, and prefers faster non-dnssec answers
over dnssec validated
On Mon, 28 Sep 2020 at 14:44, Richard Shaw wrote:
>
> I haven't seen anything obvious in the mailing list lately so maybe it's just
> me?
>
> $ rpkg
> 'Namespace' object has no attribute 'command'
Hello,
What are versions of rpkg and python3-rpkg in your system? By the way,
do you use that
On Mon, Sep 28, 2020 at 12:44 am, Paul Wouters wrote:
My fedora
mail server uses DNSSEC based TLSA records to prevent MITM attacks
on the STARTTLS layer, which is now completely broken. My IPsec VPN
server uses dnssec validation using the specified nameserves in
/etc/resolve.conf that now point
On 28/09/2020 14:30, Zbigniew Jędrzejewski-Szmek wrote:
What was the setup you were using? If this is something that we can
reliably detect, I think it it would make sense to adjust the scriptlet
that enables systemd-resolved to print a hint about needing to set DNSSEC=yes.
(Or maybe even set
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
at an init 3 stance, which has NetworkManager active, i start an init 5.
when all is said and done, NetworkManager has been deactivated, IE not
restarted bec of the settings in NetworkManager.service .
So I have to manually restart NetworkManager.
Why is this so?
On Mon, Sep 28, 2020 at 07:57:13AM -0500, Ian Pilcher wrote:
> On 9/28/20 6:47 AM, Zbigniew Jędrzejewski-Szmek wrote:
> > Instructions were already posted by Vitaly, so I won't repeat that here.
> > I'll just note that the scriptlet in systemd.rpm looks for
> > 'Generated by NetworkManager' in
https://bugzilla.redhat.com/show_bug.cgi?id=1835451
--- Comment #2 from Emmanuel Seyman ---
In practice, bugzilla-submit hasn't worked against bugzilla 4.4.3+ regardless
of the version of python used since the Bugzilla devs added CSRF protection
when logging in to Bugzilla via CGI (see bmo
On Monday, 28 September 2020 at 15:30, Zbigniew Jędrzejewski-Szmek wrote:
[...]
> What was the setup you were using? If this is something that we can
> reliably detect, I think it it would make sense to adjust the scriptlet
> that enables systemd-resolved to print a hint about needing to set
No missing expected images.
Soft failed openQA tests: 1/16 (x86_64)
(Tests completed, but using a workaround for a known bug)
Old soft failures (same test soft failed in Fedora-IoT-33-20200925.0):
ID: 679562 Test: x86_64 IoT-dvd_ostree-iso iot_clevis
URL:
Hey,
Fedora 33 IoT test day is on 2020-09-30. As Fedora IoT becomes the
part of Fedora Editions, to ensure we test the bits properly, we are
going to have a test day [0] where we will be focusing on testing the
IoT builds and reporting bugs.
[0]
No missing expected images.
Failed openQA tests: 2/181 (x86_64)
Old failures (same test failed in Fedora-33-20200927.n.0):
ID: 679355 Test: x86_64 KDE-live-iso apps_startstop
URL: https://openqa.fedoraproject.org/tests/679355
ID: 679366 Test: x86_64 KDE-live-iso
On Mon, Sep 28, 2020 at 07:57:13AM -0500, Ian Pilcher wrote:
> On 9/28/20 6:47 AM, Zbigniew Jędrzejewski-Szmek wrote:
> >Instructions were already posted by Vitaly, so I won't repeat that here.
> >I'll just note that the scriptlet in systemd.rpm looks for
> >'Generated by NetworkManager' in
On Mon, Sep 28, 2020 at 01:45:02PM +0100, Tom Hughes wrote:
> On 28/09/2020 12:47, Zbigniew Jędrzejewski-Szmek wrote:
>
> >You're mixing a few different things here. We decided to not enable
> >DNSSEC in resolved with this change, at least initially. For most
> >users, DNSSEC is problematic
On 28/09/2020 09:31, Dominique Martinet wrote:
> Roberto Ragusa wrote on Mon, Sep 28, 2020:
>>> I could imagine using kpartx to script a solution to (1) above, skipping
>>> over the md headers. Some kind of shim may be needed to fool the kernel
>>> to see a different UUID for each source volume
On Mon, 28 Sep 2020 14:08:48 +0200, Mark Wielaard wrote:
> It is certainly a clever setup and makes sense if your build bottleneck
> is sending files around between different machines. But I don't think
> this is the generic Fedora packager or developer use case.
I agree and I do not propose
On 9/28/20 6:47 AM, Zbigniew Jędrzejewski-Szmek wrote:
Instructions were already posted by Vitaly, so I won't repeat that here.
I'll just note that the scriptlet in systemd.rpm looks for
'Generated by NetworkManager' in /etc/resolv.conf as an indicator that
the file is autogenerated.
Which is
OLD: Fedora-33-20200927.n.0
NEW: Fedora-33-20200928.n.0
= SUMMARY =
Added images:1
Dropped images: 1
Added packages: 2
Dropped packages:0
Upgraded packages: 33
Downgraded packages: 0
Size of added packages: 6.54 MiB
Size of dropped packages:0 B
Size
On 28/09/2020 12:47, Zbigniew Jędrzejewski-Szmek wrote:
You're mixing a few different things here. We decided to not enable
DNSSEC in resolved with this change, at least initially. For most
users, DNSSEC is problematic because various intermediary DNS servers
found in hotspots and routers don't
I haven't seen anything obvious in the mailing list lately so maybe it's
just me?
$ rpkg
'Namespace' object has no attribute 'command'
Thanks,
Richard
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to
Hi,
when looking at a recent issue when a change to lorax templates broke
composes for ppc64le and s390x I have found that there are packages
that explicitly require the ncurses package and I wonder if all of these
Requires are correct. Because quite some time ago there was a split so
"ncurses"
Hi,
On Fri, 2020-09-25 at 17:18 +0200, Florian Weimer wrote:
> * Robbie Harwood:
> > Jan Kratochvil writes:
> > > So why is Google using it for everything?
> >
> > If I could eliminate one bad thought pattern in software design it would
> > probably be this one.
> >
> > In brief: you are not
On Mon, Sep 28, 2020 at 12:44:13AM -0400, Paul Wouters wrote:
>
> >Subject: Re: Fedora 33 System-Wide Change proposal: systemd-resolved
>
> I was just hit by the first bug in systemd-resolved 4 days after I
> upgraded to fedora33. I will file a bug report for that, but I wanted
> to discuss
No missing expected images.
Soft failed openQA tests: 1/16 (x86_64)
(Tests completed, but using a workaround for a known bug)
Old soft failures (same test soft failed in Fedora-IoT-34-20200921.0):
ID: 679170 Test: x86_64 IoT-dvd_ostree-iso iot_clevis
URL:
Missing expected images:
Xfce raw-xz armhfp
Failed openQA tests: 11/181 (x86_64)
New failures (same test not failed in Fedora-Rawhide-20200927.n.0):
ID: 679030 Test: x86_64 Workstation-live-iso desktop_update_graphical
URL: https://openqa.fedoraproject.org/tests/679030
Old failures (same
OLD: Fedora-Rawhide-20200927.n.0
NEW: Fedora-Rawhide-20200928.n.0
= SUMMARY =
Added images:2
Dropped images: 1
Added packages: 0
Dropped packages:0
Upgraded packages: 41
Downgraded packages: 0
Size of added packages: 0 B
Size of dropped packages:0 B
Size
No missing expected images.
Passed openQA tests: 7/7 (x86_64)
--
Mail generated by check-compose:
https://pagure.io/fedora-qa/check-compose
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to
On Mon, Sep 28, 2020 at 12:31:59PM +0200, Mark Wielaard wrote:
> Finally I am interested in your proposal to implement a different way
> to reduce the size of DIE trees by eliminating "unused" DIEs. It is
> hard to predict what effect that would have without seeing an
> implementation (in theory
Hi Jan,
On Fri, 2020-09-25 at 11:43 +0200, Jan Kratochvil wrote:
> On Fri, 25 Sep 2020 01:35:43 +0200, Mark Wielaard wrote:
> > Replying since I am mentioned by name in this proposal and it seems to
> > argue for removing a feature I am currently working on to make sure it
> > works correctly
No missing expected images.
Soft failed openQA tests: 1/7 (x86_64)
(Tests completed, but using a workaround for a known bug)
Old soft failures (same test soft failed in Fedora-Cloud-32-20200927.0):
ID: 678981 Test: x86_64 Cloud_Base-qcow2-qcow2 cloud_autocloud
URL:
On 28.09.2020 06:44, Paul Wouters wrote:
> Unfortunately, with my upgrade to fedora 33 I was unwittingly upgraded
> to systemd-resolved. I want to remove it from my system, but I cannot
> because it is not even a sub-package of systemd, it is part of the
> core systemd package.
You can always
Hi Fernando,
I'm a packager sponsor. I'm happy to take over qjackctl and sponsor
Christoph as a co-maintainer to help look after it.
Could you please give me ownership of the package? My FAS is:
ankursinha.
--
Thanks,
Regards,
Ankur Sinha "FranciscoD" (He / Him / His) |
Roberto Ragusa wrote on Mon, Sep 28, 2020:
> >I could imagine using kpartx to script a solution to (1) above, skipping
> >over the md headers. Some kind of shim may be needed to fool the kernel
> >to see a different UUID for each source volume so they can be mounted
> >simultaneously without md.
On 2020-09-26 23:31, Daniel Pocock wrote:
1) check for differences between source file sectors on each source drive
[...]
I could imagine using kpartx to script a solution to (1) above, skipping
over the md headers. Some kind of shim may be needed to fool the kernel
to see a different UUID
101 - 148 of 148 matches
Mail list logo
