Schedule for today's FESCo Meeting (2012-03-12) Note the time change in US!

Following is the list of topics that will be discussed in the FESCo meeting today at 18:00UTC (1:00pm EST, 2:00pm EDT) in #fedora-meeting on irc.freenode.net. Links to all tickets below can be found at: https://fedorahosted.org/fesco/report/9 = Followups = #topic #699 Proposal to remove the pa

Summary & minutes for today's FESCo meeting (2012-03-12)

=== #fedora-meeting: FESCO (2012-03-12) === Meeting started by t8m at 18:02:05 UTC. The full logs are available at http://meetbot.fedoraproject.org/fedora-meeting/2012-03-12/fesco.2012-03-12-18.02.log.html . Meeting summary --

Adjustment to deprecated package policy approved by FESCo

On the FESCo meeting today the deprecated package policy was adjusted. We agreed on the following proposal: Packages may be unretired without review up to 2 weeks after retirement providing that the package has ever previously been reviewed. -- Tomas Mraz No matter how far down the wrong road

Re: does /etc/sysctl.d/ really obeyed and does really override /etc/sysctl.conf

n imagine situation when sysadmin wants his own package to do it. I have to second the request to be the default /etc/sysctl.conf empty and moving the Fedora defaults to sysctl.d/00-systemdefault.conf. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back.

Re: Summary & minutes for today's FESCo meeting (2012-03-19)

to start the ball rolling and collect feedback from > everyone. No need to feel bad about not being there to give feedback at > this first meeting. +1, I do not see any harm in starting the discussion on the yesterday meeting as well. -- Tomas Mraz No matter how far down t

Re: RFC: Primary architecture promotion requirements

the general requirement that builds on the architecture to be promoted must not take much longer time than builds on the current primary architectures still stays. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turki

Re: RFC: Primary architecture promotion requirements

port. I can see automatic spawning of secondary builds for ARM in the main koji instance, use of main bodhi, etc., etc. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb -- devel mailing list devel@lis

Re: RFC: Primary architecture promotion requirements

ogether are growing much much faster than desktops and notebooks and are already much bigger market but they are not replacement for the desktops and notebooks. Which also supports the idea of having Fedora support both of these groups of computing devices well. -- Tomas Mraz No matter

Re: ARM as a primary architecture

ntries are actually > developing (surprise!), and that they transition from nothing to cheapest > solution possible. That does not mean they'll stick to this stage forever. And even if they sticked to this stage it still would not mean that the market for full featured computers would som

Re: Symbol `SSL_ImplementedCiphers' has different size in shared object, consider re-linking

e public API so it is not really an ABI break in practice. However ld.so of course cannot know that. Is there any way to make the message disappear other than rebuild of the dependent package? I am afraid that unfortunately not. -- Tomas Mraz No matter how far down the wrong road you've gone,

Re: Proposal to reduce anti-bundling requirements

and yes, we will probably have to make number of exceptions when necessary, but the fight against entropy should never stop and we should strife to make The Right Things™ against all odds. And I am giving Matěj a big +1 for what he wrote here. I completely agree with that. Regards, Tomas Mr

Re: Proposal to reduce anti-bundling requirements

ical flow in "now that i don't need to ask FPC i don't declare it" > > the opposite is more likely: people trying to avoid the FPC burden now > can declare it without fearing somebody takes notice and points out a > violation I think that's exactly what was

Re: Proposal to reduce anti-bundling requirements

osal. On the other hand the evaluation should be quick and the current rules seem to me to be slightly too strict. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road i

Re: Summary/Minutes from today's FESCo Meeting (2015-10-07)

! Yes, it seems the quantity over quality view won. :( Also the haste with which it was pushed is seriously disappointing. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never kn

Orphaning openct and ctapi-common on Rawhide

rship also for the branched releases. Regards, -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) -- devel mailing list devel@lists.fedorapr

Re: Dealing with the "my packages" problem

be > applied automatically after some time (24-48 hours ? could be > configurable). > > I think this workflow would lessen the burden for both parties > involved: > * less work for proven packagers when "doing it right" > (automatic asking, staging & auto apply

Schedule for Wednesday's (today's) FESCo Meeting (2014-07-16)

he following meeting. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproj

Summary/Minutes for today's FESCo meeting (2014-07-16)

=== #fedora-meeting: FESCO (2014-07-16) === Meeting started by t8m at 17:02:00 UTC. The full logs are available at http://meetbot.fedoraproject.org/fedora-meeting/2014-07-16/fesco.2014-07-16-17.02.log.html . Meeting summary ---

Schedule for Wednesday's FESCo Meeting (2014-11-19)

t at https://fedorahosted.org/fesco, e-mail me directly, or bring it up at the end of the meeting, during the open floor topic. Note that added topics may be deferred until the following meeting. -- Tomas Mraz No matter how far down the wrong road you've

Summary/Minutes from today's FESCo Meeting (2014-11-19)

=== #fedora-meeting: FESCO (2014-11-19) === Meeting started by t8m at 18:08:14 UTC. The full logs are available at http://meetbot.fedoraproject.org/fedora-meeting/2014-11-19/fesco.2014-11-19-18.08.log.html . Meeting summary -

Heads up - openssl-1.0.2a coming to rawhide near you

find any regressions do not hesitate and report bugs. Regards, -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) -- devel mai

Re: F23 Self Contained Change: Standardized Passphrase Policy

uality and not a request to drop it altogether and use instead ... what? Note also that libpwquality is highly configurable and for things that can not be configured currently a configuration can be easily added. That means that libpwquality can be used for variou

Re: F23 Self Contained Change: Standardized Passphrase Policy

1/workstation.2015-04-01-15.00.log.html If you can open FutureFeature bugzillas against Rawhide libpwquality for each of the changes needed, it would be really helpful. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back.

Re: Proposed F19 Feature: GLIBC 2.17

secure_getenv renaming need to be reflected in a > few packages (as of Fedora 18): > openssl-1.0.1c-7.fc18.src.rpm Fixed already in rawhide. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turk

Re: Proposed F19 Feature: systemd features

d to shipping the data separate - it's > cleaner, allows for just updating the data when necessary, and it forces > people to keep their API & ABI for accessing it stable. :) +1 million - another data point - ca-certificates package - it was much cleaner to split it out of

libtasn1 soname bump in rawhide

I'm rebasing libtasn1 in rawhide to libtasn1-3.2. As there is some obsolete API dropped it is accompanied with SONAME bump from libtasn1.so.3 to libtasn1.so.6. I will try to rebuild the dependencies. Regards, -- Tomas Mraz No matter how far down the wrong road you've gone,

Re: Proposed F19 Feature: Virtio RNG

ranoid it should definitely be controllable by sysctl (even maybe off by default although in initial seeding of the kernel entropy pool it would be very nice to have it on). -- Tomas Mraz No matter how far down the wrong road you've gone, turn back.

GnuTLS soname bump in rawhide

epend on it are libguestfs and python-gnutls. I will look at them why do they need it. Dependencies will be rebuilt during the mass rebuild as I do not expect much breakage from the change. Regards, -- Tomas Mraz No matter how far down the wrong road you've gone,

Re: Package shipping their own CA and security

te them out of the file and I suppose the bundle should be directly usable instead of the /etc/pki/tls/certs/ca-bundle.crt. I did not inspect what individual CA certificates it contains but I am almost 100% sure that this should not be shipped and the package patched so the default system CA certi

Re: Maintainers wanted for packages from 2013-02-27 FESCo Meeting

On Wed, 2013-02-27 at 14:05 -0800, Toshio Kuratomi wrote: > Greetings, > > At today's FESCo meeting there were two tickets which had the end result > of needing to have new maintainers and comaintainers for some packages: > * libtasn1 Taken. -- Tomas Mraz No matter how far

Re: fedora release name problem

; > >> It's not the name that was originally voted for. > > Schrodinger is not the man's name, and is the wrong solution. Schroedinger > > is as acceptable as Schrödinger. > > Yes, definitely Schroedinger if Schrödinger does not work. Cou

Schedule for Wednesday's FESCo Meeting (2013-03-27)

that added topics may be deferred until the following meeting. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/ma

nufw unresponsive maintainer & deprecation

absent maintainer process so I am asking whether anyone knows how to contact the maintainer. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb -- devel mailing list devel@lists.fedoraproject.org

Summary/Minutes from today's FESCo Meeting (2013-03-27)

orahosted.org/fpc/ticket/93 19:27:03 mitr, actually if I understand your comment correctly there is actually nothing to vote on this ticket as the current guidelines already ask for packages that are covered in the ticket proposal to be PIE? 19:27:14 nirik: So FPC asked for "long running

Re: package, package2, package3 naming-with-version exploit

tall Name-Branch package with highest Branch. The Fedora packaging infrastructure on the other hand would work with Branch rather as part of the version except it would allow having multiple packages of the same name but different branch in the repositories. The infrastructure would have to also allow

Re: Why does _hardened_build use "-z, relro" and not "-z, relro, -z, now" ?

> > Huh? As far as I can see _hardened_build adds -z now, not relro. > > -Wl,-z,relro is supposed to be included in LDFLAGS. Or has this changed > > recently? > > Let me rephrase... Why is _hardened_build not using "-z,relro,-z,now" ? Because -Wl,-z,relro is supposed

Re: F19 DVD over size - what to drop?

authentication methods with a GUI. Should it be added to comps somewhere? > -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb -- devel mailing list devel@lists.fedoraproject.org https://admin.fed

Re: Concern about FedoraCryptoConsolidation

l need to ensure your > package has no home grown crypto, and uses either nss, openssl or libgcrypt. Or gnutls (but not nettle directly!). -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Do you think this is a security risk and if not is it a bad UI decision?

But they have different behaviours for the same operation. For e.g., > > initial-setup and g-i-s have different behaviours for setting the > > password for the first user account. > > True. > > It's on my list of things to do to make AccountsService be abl

Re: when startup delays become bugs

ssure. As it appears not having any pressure to stabilize btrfs > > certainly doesn't work at all for the project... > > Playing dangerous games with users data isn't how you effect change. > All that switching default right now will achieve is a lot more pissed

Re: su starts behaving oddly sometimes on F19

;s only _normally_ slow, the > same slowness that has always been the case when you fail the password). > > So I'm kinda stuck, really. Has anyone else seen this? Any bright ideas > for debugging it? Thanks! Try attaching the strace (as root) to the su process when it waits for t

Heads up: OpenSSL-1.1.1e coming to Rawhide

The new openssl-1.1.1e is coming to Rawhide. It reports premature EOF/improper shutdown on TLS connections more properly. However this might make some dependencies broken in build tests (such as Ruby). As I would like to eventually update the openssl also on stable branches because it brings many

Re: Heads up: OpenSSL-1.1.1e coming to Rawhide

On Sun, 2020-03-22 at 17:29 +0100, Miro Hrončok wrote: > On 19. 03. 20 17:31, Tomas Mraz wrote: > > The new openssl-1.1.1e is coming to Rawhide. > > > > It reports premature EOF/improper shutdown on TLS connections more > > properly. However this might make some d

Re: Heads up: OpenSSL-1.1.1e coming to Rawhide

On Tue, 2020-03-24 at 09:52 -0400, Charalampos Stratakis wrote: > > - Original Message - > > From: "Tomas Mraz" > > To: "Miro Hrončok" , "Development discussions > > related to Fedora" > > Cc: "python-maint"

Re: Heads up: OpenSSL-1.1.1e coming to Rawhide

On Wed, 2020-03-25 at 09:34 +0100, Miro Hrončok wrote: > On 24. 03. 20 13:22, Tomas Mraz wrote: > > Most probably we will revert this > > change in upstream 1.1.1 branch and I will update the rawhide build > > with the revert patch as well. > > Can this please happ

Re: Heads up: OpenSSL-1.1.1e coming to Rawhide

On Thu, 2020-03-26 at 17:11 +0100, Miro Hrončok wrote: > On 26. 03. 20 17:07, Tomas Mraz wrote: > > On Wed, 2020-03-25 at 09:34 +0100, Miro Hrončok wrote: > > > On 24. 03. 20 13:22, Tomas Mraz wrote: > > > > Most probably we will revert this > > > >

Re: Fedora 33 System-Wide Change proposal: OpenSSL 3.0

On Wed, 2020-04-08 at 10:38 +0200, Miro Hrončok wrote: > On 07. 04. 20 23:31, Ben Cotton wrote: > > * Proposal owners: Provide a compat-openssl11 package, identify > > dependent packages, provide the rebased openssl package, work with > > dependent package owners on rebuilds. > > Thanks for doing

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

On Wed, 2020-04-15 at 10:02 -0500, Michael Catanzaro wrote: > On Wed, Apr 15, 2020 at 1:38 pm, Florian Weimer > wrote: > > Not sure if that's compatible with the new split DNS model because > > VPN1 > > could simply start pushing longer names in the scope of VPN2, thus > > hijacking internal tra

Schedule for Wednesday's FESCo Meeting (2013-05-29)

il, file a new ticket at https://fedorahosted.org/fesco, e-mail me directly, or bring it up at the end of the meeting, during the open floor topic. Note that added topics may be deferred until the following meeting. -- Tomas Mraz No matter how far down the wrong road you've

Summary/Minutes from today's FESCo Meeting (2013-05-29)

=== #fedora-meeting: FESCO (2013-05-29) === Meeting started by t8m at 18:01:09 UTC. The full logs are available at http://meetbot.fedoraproject.org/fedora-meeting/2013-05-29/fesco.2013-05-29-18.01.log.html . Meeting summary

Re: Fedora Hosted Usability and Developer Experience

tware) as they are not cheap. > [Looking at doing this in the Cloud was coming in around $100.00/day for > all the different needs.] -1000 - I don't really know whether we should invest much more than to keep the current state of fedorahosted sustained, but dropping it? Please, pretty ple

Heads up - drop unnecessary calls to libgcrypt when gnutls is used

use gnutls crypto calls as per /usr/include/gnutls/crypto.h. This way you can avoid having two crypto implementation backends used in your application simultaneously. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Tu

Re: Packages MUST NOT place files or directories in the /bin, /sbin, /lib or /lib64 directories

ut any proposals that would include this nonsense? :) -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Multirelease effort: Moving to Python 3

on2 beyond the date at which its > current maintainer ceases work. Of course such maintainence work would > likely be important bug fixes & security updates only, not feature work. > > So while I encourage a Fedora effort to get onto Python3 by default, > well before 20

Re: Multirelease effort: Moving to Python 3

On Fri, 2013-07-19 at 11:24 -0400, john.flor...@dart.biz wrote: > > From: nicolas.mail...@laposte.net > > > > > > Le Ven 19 juillet 2013 17:04, Tomas Mraz a écrit : > > > On Fri, 2013-07-19 at 10:17 +0100, Daniel P. Berrange wrote: > > > > >&g

Re: Default libkrb5 ccache location

tials from a stolen hard drive. Users can always > modify the location they want to use by using the KRB5CCNAME > environment variable and various configuration options (such as > krb5_ccname_template in SSSD) to select a persistent location if they > choose to. > > > For the r

Re: Default libkrb5 ccache location

imilar issues? > I have no doubt they exist, but they're not on my radar right now and > I'd like to keep track of them. See the lengthy related discussion here https://bugzilla.redhat.com/show_bug.cgi?id=753882 -- Tomas Mraz No matter how far down the wrong road you've gone,

Re: Obsoletes, Obsoletes, Obsoletes

kage according to the https://fedoraproject.org/wiki/Packaging:Guidelines#Renaming.2FReplacing_Existing_Packages But once you install the new split openssl package it should not be obsoleted by openssl-libs so I think the obsoletes are correct. -- Tomas Mraz No matter how far down the wrong

Re: Schedule for Wednesday's FESCo meeting (2013-09-04)

the situation. Please open a FESCo ticket. Ideally with some proposal that can be discussed and approved. Thanks, -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the

Re: Schedule for Wednesday's FESCo meeting (2014-11-26 at 18UTC)

gt; > > > Unfortunately, I won't be available today for FESCo meeting. Let me know > > in the ticket. > > I am also unable to attend. And me too. Regards, Tomas Mraz -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Abotu setting 'PermitRootLogin=no' in sshd_config

e the more I am having an opinion that we should reject it altogether. In fact this change does not really bring any real security improvement because for the Workstation the sshd is already disabled completely by default and for the other products the people who are installing them can be expected to know what they are doing. Also disabling root access does not improve security against targeted attacks because in such cases the user name can be quite easily inferred. So basically this feature is just a 'marketing' improvement and not worth the hassle. Tomas Mraz -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: echoping - Re: Hundreds of bugzilla mails on one day

dated since F14. I would just open a FESCo ticket to get the package removed from Fedora. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though

Re: DNF as default package manager

re forced into Fedora even though they weren't by any means finished. I can name UsrMove, TMPonTMPFS, etc. Even the systemd replacement of sysvinit change but that was not that bad. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back.

Re: Headsup: Xorg is broken in F-22 when used with fips or /etc/system-fips

d side-effect of running the FIPS selftest in the libgcrypt constructor, we need to fix that. Please open a new bug against libgcrypt so the bug fix is tracked. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (

Re: OpenSSL MD5 verification disabled?

gi?id=1202157 I don't like the workaround specified in the BZ but I don't see an alternative so I would like to get some input from others who are better versed in how OpenSSL works. Hi, there is no other workaround. And they should not use MD5 signed certificates - they are insecure.

Re: Harden_all_packages_with_position-independent_code + guile modules

On 19.3.2015 08:16, Nikos Mavrogiannopoulos wrote: On Wed, 2015-03-18 at 11:37 -0700, Moez Roy wrote: FULL RELRO http://tk-blog.blogspot.co.at/2009/02/relro-not-so-well-known-memory.html If that's all we got I suggest to remove this flag or (better) provide a way for applications that use modul

Re: Python 2 exodus is happening now

On Fri, 2019-11-15 at 02:02 +0100, Miro Hrončok wrote: > system-config-rootpassword Fixed to use python3 in system-config-rootpassword-1.99.6-21.fc32, please do not retire. -- Tomáš Mráz No matter how far down the wrong road you've gone, turn back. T

OpenSSL-1.1.0 COPR for Rawhide

e any suggestions for improvements, please mail me directly. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) -- devel mai

Re: OpenSSL-1.1.0 COPR for Rawhide

On Pá, 2016-07-22 at 10:24 -0400, Simo Sorce wrote: > On Fri, 2016-07-22 at 10:21 -0400, Simo Sorce wrote: > > > > On Fri, 2016-07-22 at 17:17 +0300, Antti Järvinen wrote: > > > > > > Tomas Mraz writes: > > >  > for anybody insterested in tes

Re: How to submit Root CA to ship with Fedora

On Wed, 2019-04-24 at 09:15 +0200, Dominik 'Rathann' Mierzejewski wrote: > Hi, > > On Wednesday, 24 April 2019 at 08:05, Danishka Navin wrote: > > Sri Lanka Cert is gonna implement local Root CA. > > How we can submit this Root CA with Fedora? > > > > I could not find enough information on this.

Re: Can we maybe reduce the set of packages we install by default a bit?

On Wed, 2019-04-24 at 14:16 +0200, Lennart Poettering wrote: > On Mi, 24.04.19 12:37, Nikos Mavrogiannopoulos (n...@redhat.com) > wrote: > > > > As mentioned before: systemd itself already needs entropy itself > > > (it > > > assigns a random 128bit id to each service invocation, dubbed the > > >

Re: Removal of krb5-devel from "stable" F29 buidroot broke my package

On Thu, 2019-05-16 at 07:50 +0200, Vít Ondruch wrote: > Dne 15. 05. 19 v 17:29 Dominique Martinet napsal(a): > > Michal Schorm wrote on Wed, May 15, 2019 at 05:14:23PM +0200: > > > Another possible cause came up my mind. > > > > > > Another package in the buildroot could have brought it as a > > >

Re: rpmlint warning: crypto-policy-non-compliance-gnutls-1

Anderson, FYI. Could you please answer the question below? On Fri, 2019-05-24 at 17:58 +0100, Richard W.M. Jones wrote: > > libnbd.x86_64: W: crypto-policy-non-compliance-gnutls-1 > > /usr/lib64/libnbd.so.0.0.0 gnutls_priority_set_direct > > This application package calls a function to explicitly

Re: switching libcurl back to OpenSSL and providing the libcurl-minimal subpackage

ompatible licence. Grr :) GPLv2-only incompatible licence. It is compatible with GPLv3 or GPLv2+. So the situation is better and given the objectives for the licence change they had I am afraid there was no better choice. -- Tomas Mraz No matter how far down the wrong road you've gone,

Wild changes in nsswitch.conf

modifications of fairly critical systemwide configuration file? * From which time systemd started to manage user accounts of the machine, again where is the Fedora Change page for such change? Regards, -- Tomas Mraz No matter how far down the wrong road you've gone, turn

Re: Wild changes in nsswitch.conf

On Mon, 2017-05-15 at 17:15 +0200, Jakub Hrozek wrote: > On Mon, May 15, 2017 at 04:35:56PM +0200, Tomas Mraz wrote: > > My current Fedora 26 default nsswitch.conf contains these lines: > > > > passwd:  sss files systemd > > shadow: files sss > &g

Re: Locale setup for non-shells

use pam_env to read /etc/default/locale. Similar thing is possible > > to do in > > Fedora too. E.g. just put this into /etc/pam.d/system-auth: > > > > session required  pam_env.so envfile=/etc/locale.conf > >

Re: [systemd-devel] Locale setup for non-shells

1]. > > A better question is what exactly pam_env.so expects... Last time I > couldn't quite figure out when it wants a key=value file and when it > wants > its own special "foo DEFAULT=bar" format, and in fact the manual > doesn't > seem to match the actual b

How to make a package multilib

Hi all, the package p11-kit-trust needs to be multilib because it contains PKCS#11 .so object used for access to trusted CA certificate store. However because this package is a PKCS#11 module and not a regular shared library there is no p11-kit-trust-devel package which would mark it automatically

Re: Koji: builds fails with "error retrieving sources"

On Fri, 2018-09-21 at 10:33 -0400, Scott Talbert wrote: > On Fri, 21 Sep 2018, Scott Talbert wrote: > > > > https://koji.fedoraproject.org/koji/taskinfo?taskID=29796611 > > > > > > It's not very clear what the actual error is, but I am fairly > > > sure > > > that I have uploaded the correct sour

Re: Fedora 30 System-Wide Change Proposal: GnuPG2 as default GPG implementation

On Mon, 2018-11-26 at 09:59 -0500, Ben Cotton wrote: > https://fedoraproject.org/wiki/Changes/GnuPG2_as_default_GPG_implemen > tation > > == Summary == > The /usr/bin/gpg path representing the main GPG implementation will > now use GnuPG 2 instead of GnuPG 1. I, as the primary maintainer of the g

Re: Fedora 31 System-Wide Change proposal: Switch RPMs to zstd compression

On Thu, 2019-05-30 at 16:18 -0400, Neal Gompa wrote: > > That said, I'm less happy about the thought that inspecting Fedora > RPMs on RHEL 8 or openSUSE is going to be a royal pain. > Ecosystem-wise, no one really prepared for a distribution to switch > to > zstd so quickly. Thankfully, it's easie

Re: wpa supplicant using /dev/random

On Wed, 2019-06-05 at 16:38 -0600, Chris Murphy wrote: > Jun 05 15:53:25 fmac.local kernel: random: crng init done > Jun 05 15:53:25 fmac.local kernel: random: 7 urandom warning(s) > missed > due to ratelimiting > Jun 05 15:53:25 fmac.local wpa_supplicant[1000]: random: Cannot read > from /dev/rand

Re: F31 Self-Contained Change proposal: Custom Crypto Policies

On Wed, 2019-06-19 at 10:19 +0200, Vít Ondruch wrote: > Dne 18. 06. 19 v 21:50 Ben Cotton napsal(a): > > https://fedoraproject.org/wiki/Changes/CustomCryptoPolicies > > > > == Summary == > > This new feature of crypto-policies allows system administrators > > and > > third party providers to modif

Re: F31 Self-Contained Change proposal: Custom Crypto Policies

On Wed, 2019-06-19 at 12:49 +0200, Vít Ondruch wrote: > Dne 19. 06. 19 v 12:00 Tomas Mraz napsal(a): > > On Wed, 2019-06-19 at 10:19 +0200, Vít Ondruch wrote: > > > Dne 18. 06. 19 v 21:50 Ben Cotton napsal(a): > > > > https://fedoraproject.org/wik

Re: F31 Self-Contained Change proposal: Custom Crypto Policies

On Wed, 2019-06-19 at 12:38 +0200, Vít Ondruch wrote: > Dne 18. 06. 19 v 21:50 Ben Cotton napsal(a): > > == How To Test == > > > > This will be tested as part of the upstream crypto-policies > > testsuite. > > I think this section should describe, how I, as a Fedora user, am > supposed to test th

Re: Fedora 31 System-Wide Change proposal: Switch RPMs to zstd compression

On Tue, 2019-06-25 at 07:16 -0400, Nico Kadel-Garcia wrote: > On Wed, Jun 19, 2019 at 9:31 AM Panu Matilainen > wrote: > > On 6/19/19 1:51 PM, Aleš Matěj wrote: > > > > At this point, the drpm library is the only blocker for zstd > > > > payloads, > > > > since createrepo_c needs to be able to han

Re: Fedora 31 Self-Contained Change proposal: Limit Scriptlet Usage of core packages

On Mon, 2019-07-01 at 17:18 -0400, James Antill wrote: > On Mon, 2019-07-01 at 17:03 -0400, Robbie Harwood wrote: > > Ben Cotton writes: > > > > > == Detailed Description == > > > > > > Currently we know how to make an installable OS with packages > > > that > > > doesn't require the use of scri

Re: Fedora 31 Self-Contained Change proposal: Limit Scriptlet Usage of core packages

On Thu, 2019-07-04 at 09:03 -0700, Adam Williamson wrote: > On Thu, 2019-07-04 at 11:38 +0200, Tomas Mraz wrote: > > OK, let's talk about concrete package: crypto-policies needs to run > > update-crypto-policies --no-check >/dev/null > > > > It currently does i

compat-openssl10 is now orphaned

This is just an announcement that the compat-openssl10 package is now orphaned. -- Tomáš Mráz No matter how far down the wrong road you've gone, turn back. Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscien

Re: F27 Self Contained Change: Authselect: new tool to replace authconfig

On Tue, 2017-07-18 at 20:30 +0100, Tom Hughes wrote: > On 18/07/17 15:26, Stephen Gallagher wrote: > > > On Tue, Jul 18, 2017 at 10:17 AM Tom Hughes > > wrote: > > > > Well none of my newly upgraded F26 machines appear to be > > running it ;-) > > > > I said "default

Re: tcp_wrappers deprecation

On 08/16/2017 11:37 AM, Michal Sekletar wrote: > On Tue, Aug 15, 2017 at 1:58 PM, Jakub Jelen wrote: > >> >> So can we discuss it now once more without the affiliation to systemd? >> The fact is that we still do not have any other replacement except >> firewalls. But do we need one? >> > > IIRC,

Re: GnuPG 2.2.0 and replacement of GnuPG1

On Sun, 2017-09-03 at 13:45 +0200, Igor Gnatenko wrote: > GnuPG 2.2.0 has --enable-gpg-is-gpg2 which would install compat > symlink >  from /usr/bin/gpg to /usr/bin/gpg2.. > > Is it time to retire gnupg (v1) ? I really do not care. If the gpg v1 is still maintained upstream and there is somebody

Re: How should we handle gnupg v1.4.X as gpg1?

On Wed, 2017-10-11 at 05:33 +, Christopher wrote: > On Tue, Oct 10, 2017 at 5:44 PM Dominik 'Rathann' Mierzejewski < > domi...@greysector.net> wrote: > > > On Tuesday, 10 October 2017 at 20:57, Christopher wrote: > > > On Tue, Oct 10, 2017 at 1:04 PM Brian C. Lane > > > wrote: > > > > > > >

Heads Up - openssl makefile and scripts for creating self signed certificates

that depend on openssl whether they currently use the makefile or the scripts to create self signed certificate for the service. Tomas Mraz ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to dev

Re: Heads Up - openssl makefile and scripts for creating self signed certificates

On 10/24/2017 04:23 PM, Tomas Mraz wrote: > I was asked here to merge pull request that moves the openssl makefile > and scripts for creating self signed certificates to /usr/share/doc. > > I am not sure this is the right thing to do as these are definitely > still used currently

Re: how to replace ssl with ssh2 in kqoauth

On Thu, 2017-11-30 at 13:49 +, Martin Gansser wrote: > Is it possible to compile kQOAuth [1] with ssh2 by using openssl, as > it always comes to conflict between compat-openssl10 and openssl.  > I have already searched in the sources of kqoauth for the places > where ssl is referenced. > > $ g

Re: how to replace ssl with ssh2 in kqoauth

On Fri, 2017-12-01 at 06:40 -0600, Rex Dieter wrote: > Tomas Mraz wrote: > > > Compat-openssl10-devel will be removed at the latest by Fedora 29 > > and > > anything that requires it will be no longer buildable. > > That's the first I've seen or heard

compat-openssl11 vs openssl1.1

Hi Fedora developers, we need to introduce temporarily a compat package for OpenSSL as it is going to be rebased to the 3.0 version in Rawhide once the 3.0 release is stable. The 3.0 version should not break API from the 1.1.1, it just breaks the ABI, so rebuilds should be quite easy. Of course t

Re: compat-openssl11 vs openssl1.1

On Tue, 2020-09-15 at 19:33 +0200, Miro Hrončok wrote: > On 15. 09. 20 19:26, Tomas Mraz wrote: > > What is more important? Consistency between those two compat > > packages > > or strictly following the naming rules for the new package? > > Why not both? I.e. r

<    1   2   3   4   >