Hi everyone. I will update rust-palette and rust-palette_derive to version
0.6.0 in a sidetag. If there is no objection i will push it in a week. The only
dependency that somebody else will have to update is
system76-keyboard-configurator.
Here the sidetag.
f36-build-side-48706
f35-build-side-4
Hi,
heads-up: systemd 250-rc1 has been built in rawhide.
It's a fairly big release (140 paragraphs in the NEWS file entry) [1],
but there are also some packaging changes that are relevant for Fedora.
There's a bunch of new configuration settings
(RestrictNetworkInterfaces=, StartupAllowedCPUs=,
A few months ago, i have open RHBZ#1983762 to include rust-find-crate in fedora
because i need it for rust-palette_derive. But now it seem to have been
integrate by another person without mentioning me that my bug was been
superseded. It would have been "fun" to have been informed so i could com
I am forwarding this to devel@, because I am reviewing this package and would
also like a response.
Thanks,
Maxwell
-- Forwarded Message --
Subject: debug_package when using go_generate_buildrequires
Date: Monday, December 6, 2021, 5:42:08 AM CST
From: Mikel Olasagasti
To: go
On 12/9/21 1:05 PM, Sandro Mani wrote:
>
> On 09.12.21 17:31, Vitaly Zaitsev via devel wrote:
>> On 09/12/2021 16:56, Sandro Mani wrote:
>>> This does not appear to be accurate for nodejs packages - take i.e.
>>> node-svgo, which compliant with the guidelines bundles node_modules
>>> dir in svgo
Greetings, all!
The elections for the Fedora Linux 35 cycle have completed.
## Fedora Council
Tom Callaway is re-elected to the Fedora Council
## Fedora Engineering Steering Committee (FESCo)
The following candidates are elected to FESCo:
* Miro Hrončok
* Kevin Fenzi
* Zbigniew Jędrzejewski-S
> On Do, 02.12.21 14:36, Ben Cotton (bcotton(a)redhat.com) wrote:
>
> Hmm, so what I am really missing on the feature page: what's the
> attack scenario here? Usually security features come with an attack
> scenario they are supposed to address. But there's no discussion about
> that.
>
Good poin
On Sat, 2021-12-04 at 23:46 +0100, Kevin Kofler via devel wrote:
> Davide Cavalca via devel wrote:
> > To clarify: RPM does support files validation, but fs-verity is
> > more
> > than just that. With RPM, the validation only happens on install
> > time,
> > and when one runs rpm -V manually. With
> If I enable FS-verity and later find that I need to patch a file to fix
> some problem, how do I as the sysadmin tell Linux that this change is
> authorized? Do I disable FS-verity for that specific file? Disable
> FS-verity globally? Add my own key to the kernel's keyring? Build and
> sign my ow
On Sat, 2021-12-04 at 09:37 -0500, Stephen John Smoogen wrote:
>
> Or just pad /usr/bin/rpm with some null characters at the end to break
> its signature and also stop updates from happening. [Or the fs-verity
> daemon which will report that these problems are occuring. ]
If the attacker has file
On Fri, 2021-12-03 at 22:08 +, Richard W.M. Jones wrote:
> I'm unclear about the threat model - this is an attacker who is
> someone able to overwrite single files (eg. /bin/ls) but cannot turn
> off the fs-verity system as a whole?
>
> Also if RPM can update /bin/ls then surely an attacker wh
You could reinstall the rpm, the fs will reclaim the verity metadata along with
the rest of the old file.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
Michel Alexandre Salim wrote:
> - do we want to allow any /local/ %wheel users to log in?
This seems fine to me.
> - or do we want to use a recovery passphrase of some sort?
I'm not sure what you mean here. When a passphrase is called a recovery
passphrase, it's usually because authentication is
> A more user-friendly setup is to allow the password to be bypassed in
> case it's not set.
>
> This does not pose an increased security risk:
> - you can already boot with `init=/sysroot/bin/bash` anyway
> - anyone with physical access to a machine can probably compromise it
> - you can enforce
I honestly don't understand what the problem is. Why not simply notify
whenever there is a new upstream tarball, regardless of what the
version looks like? Trying to compare versions is pointless because we
have as many as four different Fedora releases to maintain at any given
time and they co
On 09. 12. 21 18:34, Fabio Valentini wrote:
On Thu, Dec 9, 2021 at 2:57 PM Miro Hrončok wrote:
On 09. 12. 21 13:54, Michal Konecny wrote:
Hello everyone,
The New Hotness 1.0.0 is now live in Fedora infra production environment. For
those who don't know what this app does, it basically notify
On Thursday, December 9, 2021 1:02:34 PM CST Salman via devel wrote:
> Hi All
> I have been professionaly working with Linux Systems since the past 5+ years
> and after attending some of the Dojo's and other events realized that our
> internal procedure for managing packages is very close/similar t
I've now also filed a bug report
https://bugzilla.redhat.com/show_bug.cgi?id=2030824 for amluto. Please see the
output of the fedora-active-user script in the following comment of the
original bug
https://bugzilla.redhat.com/show_bug.cgi?id=1685216#c10
Would this be sufficient or do I need to s
Hi All
I have been professionaly working with Linux Systems since the past 5+ years
and after attending some of the Dojo's and other events realized that our
internal procedure for managing packages is very close/similar to what is used
by the open source community.
My coworkers was recently add
On 12/9/21 10:15, Vitaly Zaitsev via devel wrote:
On 09/12/2021 15:32, Lennart Poettering wrote:
TPM2 chip you'll get much weaker security guarantees
https://arstechnica.com/gadgets/2021/08/how-to-go-from-stolen-pc-to-network-intrusion-in-30-minutes/
The Lenovo TPM implementation exploited
On 09.12.21 17:31, Vitaly Zaitsev via devel wrote:
On 09/12/2021 16:56, Sandro Mani wrote:
This does not appear to be accurate for nodejs packages - take i.e.
node-svgo, which compliant with the guidelines bundles node_modules
dir in svgo-2.8.0-nm-dev.tgz resp svgo-2.8.0-nm-prod.tgz.
You can
I haven’t looked at pgAdmin4, but I’m the current maintainer of
nodejs-svgo and several other Fedora packages that use the new NodeJS
packaging guidelines. I’m not the original packager for nodejs-svgo, and
I wasn’t the first to convert it to the new NodeJS guidelines. I welcome
further communi
Il 09/12/21 14:50, Fabio Valentini ha scritto:
> On Wed, Dec 8, 2021 at 8:03 PM Miro Hrončok wrote:
>> Hello, in this update:
>>
>> https://bodhi.fedoraproject.org/updates/FEDORA-2021-4a21ac4839
>>
>> I would have expected the update description to contain the changelog entry:
>>
>> * Tue Dec 07 2
On Thu, Dec 9, 2021 at 2:57 PM Miro Hrončok wrote:
>
> On 09. 12. 21 13:54, Michal Konecny wrote:
> > Hello everyone,
> >
> > The New Hotness 1.0.0 is now live in Fedora infra production environment.
> > For
> > those who don't know what this app does, it basically notifying packagers
> > about
On 09/12/2021 16:56, Sandro Mani wrote:
This does not appear to be accurate for nodejs packages - take i.e. node-svgo,
which compliant with the guidelines bundles node_modules dir in
svgo-2.8.0-nm-dev.tgz resp svgo-2.8.0-nm-prod.tgz.
You can vendor only sources. No prebuilt assets are allowed
No missing expected images.
Compose PASSES proposed Rawhide gating check!
All required tests passed
Failed openQA tests: 6/208 (x86_64), 10/142 (aarch64)
New failures (same test not failed in Fedora-Rawhide-20211208.n.0):
ID: 1081908 Test: x86_64 Server-dvd-iso install_standard_partition_ex
> On 09. 12. 21 8:07, Johannes Lips wrote:
>
> May I suggest to follow
> https://docs.fedoraproject.org/en-US/fesco/Policy_for_nonresponsive_packa...
> ?
@Johannes Lips:
Do you take care of that as promised in the bug comment? In fact it also
affects the package(s) you are maintaining as I told
On Sun, Dec 5, 2021 at 3:09 AM Otto Urpelainen wrote:
> That is a great site, with lots of great material that could well be in
> the Package Maintainer Docs. My comments here:
Thank you for the great comments, Otto. I have fixed the broken link
and will work my way through your other comments o
On 09.12.21 16:12, Vitaly Zaitsev via devel wrote:
On 09/12/2021 14:17, Sandro Mani wrote:
Is this in any way acceptable?
All packages must be built completely from sources.
This does not appear to be accurate for nodejs packages - take i.e.
node-svgo, which compliant with the guidelines bun
On Thu, Dec 9 2021 at 03:59:39 PM +0100, Michal Konecny
wrote:
The New Hotness uses RPM version comparison for this and if this
fails,
there isn't much we can do about it. See
https://github.com/fedora-infra/the-new-hotness/blob/2b3f7d7c2af847a48d190cab952125e7ccb97690/hotness/common/rpm.py#L32
On Thu, Dec 9, 2021 at 8:32 AM Michal Konecny wrote:
> The New Hotness uses RPM version comparison for this and if this fails,
> there isn't much we can do about it. See
> https://github.com/fedora-infra/the-new-hotness/blob/2b3f7d7c2af847a48d190cab952125e7ccb97690/hotness/common/rpm.py#L32
> if y
Those packages ship either Apache+Wsgi as a server application or NwJs
für the desktop app, latter which I believe is even worse to package due
to bundling chromium.
Thanks
Sandro
On 09.12.21 14:54, graham_al...@hotmail.com wrote:
I set this up recently using the packages from here ->
https:/
On 09/12/2021 15:32, Lennart Poettering wrote:
TPM2 chip
you'll get much weaker security guarantees
https://arstechnica.com/gadgets/2021/08/how-to-go-from-stolen-pc-to-network-intrusion-in-30-minutes/
--
Sincerely,
Vitaly Zaitsev (vit...@easycoding.org)
__
https://bugzilla.redhat.com/show_bug.cgi?id=2030723
Bug ID: 2030723
Summary: perl-UNIVERSAL-isa for EPEL 9
Product: Fedora EPEL
Version: epel9
Status: NEW
Component: perl-UNIVERSAL-isa
Assignee: spo...@gmail.com
On 09/12/2021 14:17, Sandro Mani wrote:
Is this in any way acceptable?
All packages must be built completely from sources.
Is this compatible with
You must remove all pre-built artifacts and minified sources before
creating a vendored tarball.
NW.js must be built from sources.
--
Sincer
On 09. 12. 21 15:20, Michael Catanzaro wrote:
On Thu, Dec 9 2021 at 02:25:11 PM +0100, Miro Hrončok
wrote:
Let me use this as an opportunity to ask:
How can I disable reporting of pre-releases?
I have the opposite question. Previously, once a pre-release tarball
was available, the new hotn
On 09. 12. 21 14:25, Miro Hrončok wrote:
On 09. 12. 21 13:54, Michal Konecny wrote:
Hello everyone,
The New Hotness 1.0.0 is now live in Fedora infra production
environment. For those who don't know what this app does, it
basically notifying packagers about new versions of packages by
crea
On Mi, 08.12.21 18:10, Colin Walters (walt...@verbum.org) wrote:
> Right. I am in favor of having tight integration with the TPM of
> course, but it can't be used exclusively.
>
> In particular, I think about half the posters in this thread are
> thinking of the desktop case, but the problem can
On Mi, 08.12.21 13:28, Chris Murphy (li...@colorremedies.com) wrote:
> On Wed, Dec 8, 2021 at 7:52 AM Lennart Poettering
> wrote:
> >
> > On Di, 07.12.21 15:39, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl)
> > wrote:
> >
> > > Latest systemd versions have been getting some support for the lo
On Thu, Dec 9 2021 at 02:25:11 PM +0100, Miro Hrončok
wrote:
Let me use this as an opportunity to ask:
How can I disable reporting of pre-releases?
I have the opposite question. Previously, once a pre-release tarball
was available, the new hotness would stop reporting when a new stable
tarba
st 8. 12. 2021 v 20:07 odesílatel Kevin Fenzi napsal:
>
> On Tue, Dec 07, 2021 at 02:13:46PM +0100, Ondřej Holý wrote:
> > Hi all,
> >
> > do you have any idea why CVE bugs are being filed for Fedora EPEL
> > product in the case of the freerdp component
> > (https://src.fedoraproject.org/rpms/free
I set this up recently using the packages from here -
> https://www.pgadmin.org/download/pgadmin-4-rpm/
No idea if you've looked at those but thought I'd point them out in
case they have any good practise you can "borrow" :-)
Graham
-Original Message-
From: Sandro Mani
Reply-To: Develop
On Wed, Dec 8, 2021 at 8:03 PM Miro Hrončok wrote:
>
> Hello, in this update:
>
> https://bodhi.fedoraproject.org/updates/FEDORA-2021-4a21ac4839
>
> I would have expected the update description to contain the changelog entry:
>
> * Tue Dec 07 2021 Miro Hrončok - 206-1
> - brp-mangle-shebangs: als
On 09. 12. 21 13:54, Michal Konecny wrote:
Hello everyone,
The New Hotness 1.0.0 is now live in Fedora infra production environment. For
those who don't know what this app does, it basically notifying packagers about
new versions of packages by creating bugzilla issues.
And what is new:
* Th
Hi
I gave it a go at packaging pgadmin4 [1], to replace the current
obsolete and abandoned (and crashy) pgadmin3.
pgadmin4 is a mix of Python/Flask for serverside and HTML/JS for client
side, for which I wrote a minimal Qt5WebEngineView wrapper to make it
appear like a desktop application. T
Hello everyone,
The New Hotness 1.0.0 is now live in Fedora infra production
environment. For those who don't know what this app does, it basically
notifying packagers about new versions of packages by creating bugzilla
issues.
And what is new:
* The New Hotness was rewritten from scratch us
On 09. 12. 21 8:07, Johannes Lips wrote:
Hi all,
the package python-musicbrainzngs [1] has a long-standing bug [2] and is not
upgraded to the latest version, which creates all sorts of issues for dependent
packages. Therefore, I would like to ask if a proven-package could initiate an
update.
On Thu, Dec 9, 2021 at 7:00 AM wrote:
>
> Dear all,
>
> You are kindly invited to the meeting:
>ELN SIG on 2021-12-10 from 12:00:00 to 13:00:00 US/Eastern
>At fedora-meet...@irc.libera.chat
>
> The meeting will be about:
General status update on ELN
Planning for ELN-extras
Anything else?
Dear all,
You are kindly invited to the meeting:
ELN SIG on 2021-12-10 from 12:00:00 to 13:00:00 US/Eastern
At fedora-meet...@irc.libera.chat
The meeting will be about:
Source: https://calendar.fedoraproject.org//meeting/10108/
___
devel maili
Signed up to the mailinglist as i do some Swedish translations for Anaconda
On Fri, Dec 3, 2021 at 1:19 PM Jiri Konecny wrote:
>
>
> Dne 02. 12. 21 v 17:04 Ben Cotton napsal(a):
> > On Thu, Dec 2, 2021 at 11:02 AM Jiri Konecny
> wrote:
> >> we (Anaconda team) have decided to migrate our old
> >
Hi everyone,
This is a weekly report from the CPE (Community Platform Engineering)
Team. If you have any questions or feedback, please respond to this
report or contact us on #redhat-cpe channel on libera.chat
(https://libera.chat/).
If you wish to read this in form of a blog post, check the pos
No missing expected images.
Soft failed openQA tests: 1/8 (x86_64), 1/8 (aarch64)
(Tests completed, but using a workaround for a known bug)
Old soft failures (same test soft failed in Fedora-Cloud-34-20211208.0):
ID: 1081497 Test: x86_64 Cloud_Base-qcow2-qcow2 cloud_autocloud
URL: https://op
No missing expected images.
Soft failed openQA tests: 1/8 (x86_64), 1/8 (aarch64)
(Tests completed, but using a workaround for a known bug)
Old soft failures (same test soft failed in Fedora-Cloud-35-20211208.0):
ID: 1081481 Test: x86_64 Cloud_Base-qcow2-qcow2 cloud_autocloud
URL: https://op
On Wed, Dec 08, 2021 at 12:12:33PM -0500, Chris Murphy wrote:
> On Tue, Dec 7, 2021 at 6:28 AM Zbigniew Jędrzejewski-Szmek
> wrote:
> >
> > On Mon, Dec 06, 2021 at 12:33:21PM -0500, Ben Cotton wrote:
> > > Fedora defaults to locking the root account, which is needed by
> > > single-user mode. This
54 matches
Mail list logo
