On 06/06/14 00:25, David Sommerseth wrote:
On 20/03/14 20:05, Lennart Poettering wrote:
On Thu, 20.03.14 12:20, Stephen John Smoogen (smo...@gmail.com) wrote:
I doubt there are many people even using them anymore, firewalls are
more comprehensive and a lot more powerful, and while every admin
On Wed, 2014-06-04 at 21:15 -0400, Sam Varshavchik wrote:
Adam Williamson writes:
Sam, this was clearly a half-baked thought Lennart threw out in passing.
It wasn't a formal proposal.
I don't think there was any danger of anyone possibly considering that.
It's bad enough that
On 20/03/14 20:05, Lennart Poettering wrote:
On Thu, 20.03.14 12:20, Stephen John Smoogen (smo...@gmail.com) wrote:
I doubt there are many people even using them anymore, firewalls are
more comprehensive and a lot more powerful, and while every admin knows
firewalls, I figure only very few
On Sun, 2014-04-27 at 19:12 -0400, Sam Varshavchik wrote:
Can't wait for this latest howler from the great minds of Fedora to hit
Slashdot.
NECRO ALERT
Still catching up on devel@ archives. This was an interesting thread to
read in retrospect (and much of it over my head), but I was
Adam Williamson writes:
Sam, this was clearly a half-baked thought Lennart threw out in passing.
It wasn't a formal proposal.
I don't think there was any danger of anyone possibly considering that.
It's bad enough that Slashdot et al pick this stuff up and then badly
misrepresent it; having
On 04/28/2014 03:49 PM, Adam Jackson wrote:
On Mon, 2014-04-28 at 09:58 -0400, Casey Dahlin wrote:
On Mon, Apr 28, 2014 at 08:57:27AM -0400, Adam Jackson wrote:
On Sun, 2014-04-27 at 23:02 +0100, Andrew Price wrote:
On 24/04/14 15:13, Lennart Poettering wrote:
We probably should make
2014-04-27 19:02 GMT-03:00 Andrew Price anpr...@redhat.com:
On 24/04/14 15:13, Lennart Poettering wrote:
We probably should make setjmp()-freeness a requirement for
all code included in Fedora.
Would it be worth the effort, and how feasible is it anyway?
- Do we have any usage statistics?
2014-04-28 00:02 keltezéssel, Andrew Price írta:
On 24/04/14 15:13, Lennart Poettering wrote:
We probably should make setjmp()-freeness a requirement for
all code included in Fedora.
Would it be worth the effort, and how feasible is it anyway?
- Do we have any usage statistics?
- How often do
2014-04-28 09:52 keltezéssel, Nikos Mavrogiannopoulos írta:
On Sun, 2014-04-27 at 23:02 +0100, Andrew Price wrote:
On 24/04/14 15:13, Lennart Poettering wrote:
We probably should make setjmp()-freeness a requirement for
all code included in Fedora.
Would it be worth the effort, and how
Dne 28.4.2014 09:52, Nikos Mavrogiannopoulos napsal(a):
On Sun, 2014-04-27 at 23:02 +0100, Andrew Price wrote:
On 24/04/14 15:13, Lennart Poettering wrote:
We probably should make setjmp()-freeness a requirement for
all code included in Fedora.
I love the idea, but ...
Would it be worth
On 04/28/2014 09:52 AM, Nikos Mavrogiannopoulos wrote:
setjmp and longjmp are tools, that one may use in a good or bad way.
Along the same lines one could argue for dropping programs that use goto
in Fedora (because everyone knows that goto is bad).
All compliant uses of setjmp/longjmp can be
On Mon, Apr 28, 2014 at 09:52:36AM +0200, Nikos Mavrogiannopoulos wrote:
On Sun, 2014-04-27 at 23:02 +0100, Andrew Price wrote:
On 24/04/14 15:13, Lennart Poettering wrote:
We probably should make setjmp()-freeness a requirement for
all code included in Fedora.
Would it be worth the
On Mon, 2014-04-28 at 10:10 +0100, Daniel P. Berrange wrote:
To the point, if a program uses setjmp and longjmp it is often that
there was no other way to do it. You cannot for example have a
co-routine/fiber implementation in C without setjmp() and longjmp().
That's not correct - you can
Hi
On Mon, Apr 28, 2014 at 3:47 AM, Zoltan Boszormenyi wrote:
Just one datapoint: have fun rewriting PostgreSQL's error handling
while still keeping it portable and acceptable upstream. Not to mention
Cerberus (a.k.a. Tom Lane) who guards that entrance, reads this list and
IIRC is a Red
On Sun, 2014-04-27 at 23:02 +0100, Andrew Price wrote:
On 24/04/14 15:13, Lennart Poettering wrote:
We probably should make setjmp()-freeness a requirement for
all code included in Fedora.
Would it be worth the effort, and how feasible is it anyway?
I don't think it'd be worth the effort,
On Mon, Apr 28, 2014 at 09:47:53 +0200,
Zoltan Boszormenyi zbos...@freemail.hu wrote:
Just one datapoint: have fun rewriting PostgreSQL's error handling
while still keeping it portable and acceptable upstream. Not to mention
Cerberus (a.k.a. Tom Lane) who guards that entrance, reads this list
On Mon, Apr 28, 2014 at 08:57:27AM -0400, Adam Jackson wrote:
On Sun, 2014-04-27 at 23:02 +0100, Andrew Price wrote:
On 24/04/14 15:13, Lennart Poettering wrote:
We probably should make setjmp()-freeness a requirement for
all code included in Fedora.
Would it be worth the effort, and
On Mon, 28 Apr 2014, Adam Jackson wrote:
A completely arbitrary datapoint:
dmt:~% file /lib64/* | grep ELF.*shared | cut -f 1 -d : | xargs nm -aDu | grep
-c setjmp
79
At a minimum you'd have to rewrite freetype, have fun with that.
I'm happy for libreswan/openswan to not use it, if someone
On 04/28/2014 02:57 PM, Adam Jackson wrote:
A completely arbitrary datapoint:
dmt:~% file /lib64/* | grep ELF.*shared | cut -f 1 -d : | xargs nm -aDu | grep
-c setjmp
79
Less arbitrary data point: 761 source packages in Fedora rawhide
reference any of the setjmp, _setjmp, or __sigsetjmp
On Mon, 2014-04-28 at 09:58 -0400, Casey Dahlin wrote:
On Mon, Apr 28, 2014 at 08:57:27AM -0400, Adam Jackson wrote:
On Sun, 2014-04-27 at 23:02 +0100, Andrew Price wrote:
On 24/04/14 15:13, Lennart Poettering wrote:
We probably should make setjmp()-freeness a requirement for
all
2014-04-28 0:02 GMT+02:00 Andrew Price anpr...@redhat.com:
On 24/04/14 15:13, Lennart Poettering wrote:
We probably should make setjmp()-freeness a requirement for
all code included in Fedora.
Would it be worth the effort, and how feasible is it anyway?
Generally no. Been there, done
On 24/04/14 15:13, Lennart Poettering wrote:
We probably should make setjmp()-freeness a requirement for
all code included in Fedora.
Would it be worth the effort, and how feasible is it anyway?
- Do we have any usage statistics?
- How often do we see bugs caused by bad uses of setjmp/longjmp?
Andrew Price writes:
On 24/04/14 15:13, Lennart Poettering wrote:
We probably should make setjmp()-freeness a requirement for
all code included in Fedora.
Would it be worth the effort, and how feasible is it anyway?
- Do we have any usage statistics?
- How often do we see bugs caused by bad
Hi
On Sun, Apr 27, 2014 at 7:12 PM, Sam Varshavchik wrote:
According to its manpage, setjmp and longjmp conform to C89, C99, and
POSIX. I'm afraid I just can't wrap my brain around a concept of something
that's good enough for POSIX, but not good enough for Fedora.
Just because a API is
Rahul Sundaram writes:
Hi
On Sun, Apr 27, 2014 at 7:12 PM, Sam Varshavchik wrote:
According to its manpage, setjmp and longjmp conform to C89, C99, and
POSIX. I'm afraid I just can't wrap my brain around a concept of something
that's good enough for POSIX, but not good enough
On Thu, 20.03.14 18:34, Lennart Poettering (mzerq...@0pointer.de) wrote:
Heya!
I wonder whether it wouldn't be time to say goodbye to tcpwrappers in
Fedora. There has been a request in systemd upstream to disable support
for it by default, but I am not sure I want to do that unless we can
On 03/28/2014 12:49 PM, Pete Zaitcev wrote:
On Thu, 20 Mar 2014 18:34:22 +0100
Lennart Poettering mzerq...@0pointer.de wrote:
I doubt there are many people even using them anymore, firewalls are
more comprehensive and a lot more powerful, and while every admin knows
firewalls, I figure only
Am 29.03.2014 15:54, schrieb Orion Poplawski:
What gives you the impression that fail2ban is crusty? It's being
actively developed upstream and integrates with firewalld now. Are
those particularly onerous dependencies?
and that is the problem / difference to tcpwrapper
it integrates in
On Sat, Mar 29, 2014 at 10:54 AM, Orion Poplawski or...@cora.nwra.com wrote:
What gives you the impression that fail2ban is crusty? It's being
actively developed upstream and integrates with firewalld now. Are
those particularly onerous dependencies?
and with journal integration,
On 03/20/2014 08:05 PM, Lennart Poettering wrote:
On Thu, 20.03.14 12:20, Stephen John Smoogen (smo...@gmail.com) wrote:
I doubt there are many people even using them anymore, firewalls are
more comprehensive and a lot more powerful, and while every admin knows
firewalls, I figure only very
Am 28.03.2014 14:39, schrieb Petr Lautrbach:
On 03/20/2014 08:05 PM, Lennart Poettering wrote:
On Thu, 20.03.14 12:20, Stephen John Smoogen (smo...@gmail.com) wrote:
I doubt there are many people even using them anymore, firewalls are
more comprehensive and a lot more powerful, and while
Am 28.03.2014 14:48, schrieb Petr Lautrbach:
On 03/28/2014 02:44 PM, Reindl Harald wrote:
- every change in sshd_config has to be confirmed by sshd restart, while
changing hosts.deny doesn't need
any other action
no - try it out!
make a fatal syntax error in sshd_config and in case of a
On 03/28/2014 02:44 PM, Reindl Harald wrote:
- every change in sshd_config has to be confirmed by sshd restart, while
changing hosts.deny doesn't need
any other action
no - try it out!
make a fatal syntax error in sshd_config and in case of a
remote machine make sure you don't close the
On Thu, 20 Mar 2014 20:05:21 +0100
Lennart Poettering mzerq...@0pointer.de wrote:
Well, all mails servers as well as sshd have much better ways to do
such filtering. sshd has Match,
The sshd's Match does not have any historic criteria (e.g. sshd does
not keep a database of previous login
On Thu, 20 Mar 2014 18:34:22 +0100
Lennart Poettering mzerq...@0pointer.de wrote:
I doubt there are many people even using them anymore, firewalls are
more comprehensive and a lot more powerful, and while every admin knows
firewalls, I figure only very few know tcpd/tcpwrap, and even fewer
On Mon, Mar 24, 2014 at 09:17:20PM +0100, Reindl Harald wrote:
For the record Fedora is not a bleeding edge distro anymore or first in
anything
maybe some people should consider the difference between leading and
bleeding
smart: leading if things are ready
dumb: bleeding for any price
On Mon, Mar 24, 2014 at 3:07 PM, Matthew Miller
mat...@fedoraproject.org wrote:
On Mon, Mar 24, 2014 at 07:18:58PM +0100, Lennart Poettering wrote:
It's a pity though that nobody in Fedora is actively working on getting
rid of legacy cruft. I really wished we had some people who oversee
On Tue, 2014-03-25 at 09:24 -0400, Matthew Miller wrote:
I agree with Harald here. I think some people have always wanted it to be,
but Fedora never really has been chartered to be bleeding. To quote the
first foundation more fully:
First represents our commitment to innovation. We are not
Am 25.03.2014 15:22, schrieb Jóhann B. Guðmundsson:
On 03/25/2014 01:24 PM, Matthew Miller wrote:
On Mon, Mar 24, 2014 at 09:17:20PM +0100, Reindl Harald wrote:
For the record Fedora is not a bleeding edge distro anymore or first in
anything
maybe some people should consider the difference
Everyone in this thread:
Please re-read our code of conduct (in the footer of every single
message).
Stop attacking people.
Please stick to constructive comments about ideas instead.
kevin
signature.asc
Description: PGP signature
--
devel mailing list
devel@lists.fedoraproject.org
Am 25.03.2014 15:54, schrieb Jóhann B. Guðmundsson:
On 03/25/2014 02:41 PM, Reindl Harald wrote:
stop your destructive FUD, without users developers and contributors are
*meaningless*
and with throwing alpha-state software to the users and make them bleed all
the
time you will end in no
On 03/25/2014 02:41 PM, Reindl Harald wrote:
stop your destructive FUD, without users developers and contributors
are*meaningless*
and with throwing alpha-state software to the users and make them bleed all the
time you will end in no users at all
if you don't understand that, don't care for
On 03/25/2014 01:24 PM, Matthew Miller wrote:
On Mon, Mar 24, 2014 at 09:17:20PM +0100, Reindl Harald wrote:
For the record Fedora is not a bleeding edge distro anymore or first in anything
maybe some people should consider the difference between leading and
bleeding
smart: leading if things
Le Jeu 20 mars 2014 20:44, Stephen John Smoogen a écrit :
I am giving you a standard enterprise problem.
I can confirm that thanks to the stability of the config file, tcpwrappers
is widely used here.
IPtables has just started getting some adoption (after years of turf wars
between firewall
Le Sam 22 mars 2014 01:20, Miloslav Trmač a écrit :
The RHEL documentation, apart from fully describing the abilities,
specifically describes two uses: a ftpd banner
Surprisingly, ftp is still widely used entreprise-side, because ssh is
giving too much access, and no one released an easy to
Am 24.03.2014 12:57, schrieb Nicolas Mailhot:
Le Sam 22 mars 2014 01:20, Miloslav Trmač a écrit :
The RHEL documentation, apart from fully describing the abilities,
specifically describes two uses: a ftpd banner
Surprisingly, ftp is still widely used entreprise-side, because ssh is
On 03/24/2014 01:06 PM, Reindl Harald wrote:
Am 24.03.2014 12:57, schrieb Nicolas Mailhot:
Le Sam 22 mars 2014 01:20, Miloslav Trmač a écrit :
The RHEL documentation, apart from fully describing the abilities,
specifically describes two uses: a ftpd banner
Surprisingly, ftp is still widely
Am 24.03.2014 13:21, schrieb Florian Weimer:
On 03/24/2014 01:06 PM, Reindl Harald wrote:
Am 24.03.2014 12:57, schrieb Nicolas Mailhot:
Le Sam 22 mars 2014 01:20, Miloslav Trmač a écrit :
The RHEL documentation, apart from fully describing the abilities,
specifically describes two uses: a
On 03/24/2014 01:23 PM, Reindl Harald wrote:
It's still very difficult to securely process uploaded files under a different
user account. Some SFTP clients set
restrictive permissions on upload, and the OpenSSH implementation does not
allow to bypass that.
man umask
[root@rh:/downloads]$
Am 24.03.2014 13:26, schrieb Florian Weimer:
On 03/24/2014 01:23 PM, Reindl Harald wrote:
It's still very difficult to securely process uploaded files under a
different user account. Some SFTP clients set
restrictive permissions on upload, and the OpenSSH implementation does not
allow
Le Sam 22 mars 2014 03:21, Lennart Poettering a écrit :
And you honestly believe that people who are capable enough of setting
up DNS locally and across the company in a secure way to do something
To set up DNS securely you need a handful of people to manage a master dns
and its slave on the
this is the proverbal security vs. convenience issue safety unfortunately
isn't convenient
Corey W Sheldon
Owner, 1st Class Mobile Shine
310.909.7672
www.facebook.com/1stclassmobileshine
On Mon, Mar 24, 2014 at 8:21 AM, Florian Weimer fwei...@redhat.com wrote:
On 03/24/2014 01:06 PM, Reindl
On Thu, 20.03.14 18:34, Lennart Poettering (mzerq...@0pointer.de) wrote:
Heya!
I wonder whether it wouldn't be time to say goodbye to tcpwrappers in
Fedora. There has been a request in systemd upstream to disable support
for it by default, but I am not sure I want to do that unless we can
On 24 March 2014 12:18, Lennart Poettering mzerq...@0pointer.de wrote:
It's a pity though that nobody in Fedora is actively working on getting
rid of legacy cruft. I really wished we had some people who oversee
deprecating things more proactively, figure out how to deprecate things,
write
On Mon, Mar 24, 2014 at 07:18:58PM +0100, Lennart Poettering wrote:
I am not going to file a feature for Fedora, to remove support for it
entirely across the whole distro. I still think dropping it is the right
thing to do, but I don't think it's a good use of my own time, to fight
this
On 03/24/2014 06:50 PM, Stephen John Smoogen wrote:
On 24 March 2014 12:18, Lennart Poettering mzerq...@0pointer.de
mailto:mzerq...@0pointer.de wrote:
It's a pity though that nobody in Fedora is actively working on
getting
rid of legacy cruft. I really wished we had some
On 03/24/2014 06:18 PM, Lennart Poettering wrote:
It's a pity though that nobody in Fedora is actively working on getting
rid of legacy cruft. I really wished we had some people who oversee
deprecating things more proactively, figure out how to deprecate things,
write stub code to provide
Am 24.03.2014 20:27, schrieb Jóhann B. Guðmundsson:
But certain people seem to rather want to drown Fedora in bureaucracy and
vague future proposals
and working groups instead of doing what needs to be done.
no, certain people want to do something *useful* with their sytems and precious
Am 24.03.2014 20:30, schrieb Jóhann B. Guðmundsson:
Being at the bleeding edge of things also means deciding that
some things really should go, from time to time... Besides deprecating
old cruft like libwrap, this would also mean removing all the old crap
from comps standard that we still
On Mon, 24.03.14 20:59, Reindl Harald (h.rei...@thelounge.net) wrote:
Am 24.03.2014 20:27, schrieb Jóhann B. Guðmundsson:
But certain people seem to rather want to drown Fedora in bureaucracy and
vague future proposals
and working groups instead of doing what needs to be done.
no,
Am 24.03.2014 21:32, schrieb Lennart Poettering:
On Mon, 24.03.14 20:59, Reindl Harald (h.rei...@thelounge.net) wrote:
Am 24.03.2014 20:27, schrieb Jóhann B. Guðmundsson:
But certain people seem to rather want to drown Fedora in bureaucracy and
vague future proposals
and working groups
Lennart Poettering (mzerq...@0pointer.de) said:
this through... I'd be happy though if somebody else would pick this
up. Looking at the current FESCO members I am not entirely sure though
whether a proposal to disable libwrap would have a chance in the current
cycle though. (also, M. Miller
On Mon, 24.03.14 21:45, Reindl Harald (h.rei...@thelounge.net) wrote:
and that is the problem with you attitude
Okeydokey, as you wish, you are now in my killfile.
Lennart
--
Lennart Poettering, Red Hat
--
devel mailing list
devel@lists.fedoraproject.org
Am 24.03.2014 21:51, schrieb Lennart Poettering:
On Mon, 24.03.14 21:45, Reindl Harald (h.rei...@thelounge.net) wrote:
and that is the problem with you attitude
Okeydokey, as you wish, you are now in my killfile
so what - why should i case about beeing in the killfile
of people which
I wonder whether it wouldn't be time to say goodbye to tcpwrappers in
Fedora. There has been a request in systemd upstream to disable support
for it by default, but I am not sure I want to do that unless we can
maybe say goodbye to it for the big picture too.
I have decided now to drop all
Am 24.03.2014 22:22, schrieb Peter Robinson:
Interesting! You sent the email starting this thread a mere 4 days
ago, two of those a weekend. You've not given it a chance to even go
to FESCo meeting for discussion. Did you send it in the same way to
the rest of the distros that depend, or are
On Mon, 24.03.14 21:22, Peter Robinson (pbrobin...@gmail.com) wrote:
Interesting! You sent the email starting this thread a mere 4 days
ago, two of those a weekend. You've not given it a chance to even go
to FESCo meeting for discussion. Did you send it in the same way to
the rest of the
On Mon, 2014-03-24 at 21:22 +, Peter Robinson wrote:
I wonder whether it wouldn't be time to say goodbye to tcpwrappers in
Fedora. There has been a request in systemd upstream to disable support
for it by default, but I am not sure I want to do that unless we can
maybe say goodbye to
On 03/24/2014 09:22 PM, Peter Robinson wrote:
I wonder whether it wouldn't be time to say goodbye to tcpwrappers in
Fedora. There has been a request in systemd upstream to disable support
for it by default, but I am not sure I want to do that unless we can
maybe say goodbye to it for the big
Am 24.03.2014 22:53, schrieb Jóhann B. Guðmundsson:
By the way the kernel does not have a proper deprecation process which is
accurately reflected in all the code that
is bit-rotting there so it's not the holy grail of code maintenance as you
let it out to be
the kernel at least has the
2014-03-24 22:53 GMT+01:00 Jóhann B. Guðmundsson johan...@gmail.com:
systemd is now, or soon will be, a core component of pretty much all
major and minor distributions out there and it's no longer just about
you Lennart and your thoughts of whether it's Yuck! or not, you are
now similar to
On 03/24/2014 10:23 PM, Miloslav Trmač wrote:
That doesn't work.
On the contrary if it did not the business module Red Hat is build upon
would not exist since Red Hat is making money out of stability promises
to it's customers which upstream is not providing right.
Unfortunately a
Am 22.03.2014 03:07, schrieb Lennart Poettering:
On Fri, 21.03.14 23:46, Reindl Harald (h.rei...@thelounge.net) wrote:
if you believe it or not: there exists code which don't neeed
updates and reweites all te time because it just works and given
You do realize that if software
Am 22.03.2014 03:05, schrieb Lennart Poettering:
On Fri, 21.03.14 23:35, Reindl Harald (h.rei...@thelounge.net) wrote:
In other words you are telling us that now to get something implemented or
removed in Fedora we have to not only
deal with our usual politics and bureaucracy but also all
Am 22.03.2014 03:21, schrieb Lennart Poettering:
On Sat, 22.03.14 01:20, Miloslav Trmač (m...@volny.cz) wrote:
DNS queries can't really be done within the firewall (and due to the
circular dependency between having the firewall up before allowing access
to the network and needing access to
On 03/22/2014 04:20 AM, Miloslav Trmač wrote:
I'm not in this thread to discuss technical merits of the existing
implementation. It may be 100% crappy code. /All/ of what you say
above may be true, but that being true about a widely-used feature
/doesn't automatically mean that eliminating
On Sat, Mar 22, 2014 at 02:59:20AM +0100, Lennart Poettering wrote:
No, firewalls don't do DNS-based filtering, since it's a security nightmare.
Lennart, this isn't true as a general statement. Both Juniper and Cisco
firewalls support FQDN-based access rules. Looks like Palo Alto Networks too
On Sat, Mar 22, 2014 at 10:04:51AM +, Jóhann B. Guðmundsson wrote:
So here's the thing daemons and applications are inconsistent in
their support for libwrap like for example sshd supports it while
smbd does not which leads to incorrect configuration and
administrative expectation which in
Am 22.03.2014 07:15, schrieb Reindl Harald:
Am 22.03.2014 03:21, schrieb Lennart Poettering:
On Sat, 22.03.14 01:20, Miloslav Trmač (m...@volny.cz) wrote:
DNS queries can't really be done within the firewall (and due to the
circular dependency between having the firewall up before allowing
Jóhann B. Guðmundsson wrote:
So here's the thing daemons and applications are inconsistent in their
support for libwrap like for example sshd supports it while smbd does
not which leads to incorrect configuration and administrative
expectation which in itself poses a security risk.
I don't
Hi,
So maybe a solution would be to write a libwrap2 instead ?
Don't think this is the solution. Part of the problem is that some of
the functionality is just obsolete in todays world. Trusting IDENT and
DNS for access control maybe made sense in the 90ies. It certainly
doesn't today, and
On Fri, 21.03.14 00:27, Paul Wouters (p...@nohats.ca) wrote:
On Fri, 21 Mar 2014, Lennart Poettering wrote:
I mean, in this day and age we should not consider an ACL language well
designed if it basically pushes users to use IDENT and DNS for
authentication. (And no, don't say the words
On Thu, Mar 20, 2014 at 06:34:22PM +0100, Lennart Poettering wrote:
I wonder whether it wouldn't be time to say goodbye to tcpwrappers in
Fedora. There has been a request in systemd upstream to disable support
I talked to some of the RHEL planning people, and they're okay
with marking it
On Thu, 2014-03-20 at 20:55 +0100, Hans de Goede wrote:
So offer something with equivalent functionality (and config file
syntax compatibility), with a nice modern clean API and then systemd
and others can be moved over to that 1 by 1, and once we've no more
users left we can kill of the old
On Fri, 21 Mar 2014, Lennart Poettering wrote:
we kinda do have dnssec per default. All DNS servers installed per
default do DNSSEC. Installing dnssec-trigger makes that even more
pervasive.
Well, but glibc can't do the DNSSEC client side, can it?
Applications that want to do DNSSEC
On Fri, 21.03.14 12:37, Paul Wouters (p...@nohats.ca) wrote:
On Fri, 21 Mar 2014, Lennart Poettering wrote:
we kinda do have dnssec per default. All DNS servers installed per
default do DNSSEC. Installing dnssec-trigger makes that even more
pervasive.
Well, but glibc can't do the DNSSEC
On Fri, 21 Mar 2014, Lennart Poettering wrote:
As long as -lresolve (i.e. glibc and getaddrinfo()) can't do DNSSEC it's
just not there...
You are proposing changing the api of getaddrinfo()? Could luck with
that?
Yes, applications that want to see DNSSEC results will have to do a little bit
On Fri, 21.03.14 13:05, Paul Wouters (p...@nohats.ca) wrote:
On Fri, 21 Mar 2014, Lennart Poettering wrote:
As long as -lresolve (i.e. glibc and getaddrinfo()) can't do DNSSEC it's
just not there...
You are proposing changing the api of getaddrinfo()? Could luck with
that?
Dunno, it
* Lennart Poettering:
So offer something with equivalent functionality (and config file
syntax compatibility), with a nice modern clean API and then systemd
and others can be moved over to that 1 by 1, and once we've no more
users left we can kill of the old beast ?
Nope. In systemd we
Am 21.03.2014 20:02, schrieb Florian Weimer:
* Lennart Poettering:
So offer something with equivalent functionality (and config file
syntax compatibility), with a nice modern clean API and then systemd
and others can be moved over to that 1 by 1, and once we've no more
users left we can
On 03/21/2014 02:05 PM, Matthew Miller wrote:
On Thu, Mar 20, 2014 at 06:34:22PM +0100, Lennart Poettering wrote:
I wonder whether it wouldn't be time to say goodbye to tcpwrappers in
Fedora. There has been a request in systemd upstream to disable support
I talked to some of the RHEL planning
On Fri, Mar 21, 2014 at 6:16 PM, Jóhann B. Guðmundsson johan...@gmail.com
wrote:
In other words you are telling us that now to get something implemented or
removed in Fedora we have to not only deal with our usual politics and
bureaucracy but also all the downstream distribution to us as
On 03/21/2014 10:30 PM, Martin Langhoff wrote:
On Fri, Mar 21, 2014 at 6:16 PM, Jóhann B. Guðmundsson
johan...@gmail.com mailto:johan...@gmail.com wrote:
In other words you are telling us that now to get something
implemented or removed in Fedora we have to not only deal with our
Am 21.03.2014 23:16, schrieb Jóhann B. Guðmundsson:
On 03/21/2014 02:05 PM, Matthew Miller wrote:
On Thu, Mar 20, 2014 at 06:34:22PM +0100, Lennart Poettering wrote:
I wonder whether it wouldn't be time to say goodbye to tcpwrappers in
Fedora. There has been a request in systemd upstream to
Am 21.03.2014 23:31, schrieb Jóhann B. Guðmundsson:
On 03/21/2014 10:30 PM, Martin Langhoff wrote:
On Fri, Mar 21, 2014 at 6:16 PM, Jóhann B. Guðmundsson johan...@gmail.com
mailto:johan...@gmail.com wrote:
In other words you are telling us that now to get something implemented
or
On 03/21/2014 10:35 PM, Reindl Harald wrote:
the author of tcpwrapper is Wietse Venema,
You do realize when he wrote this and what he was trying to overcome at
that time so I have to ask have you spoken to him about how useful he
thinks his creation is today and why he stopped maintaining
Am 21.03.2014 23:37, schrieb Jóhann B. Guðmundsson:
On 03/21/2014 10:35 PM, Reindl Harald wrote:
the author of tcpwrapper is Wietse Venema,
You do realize when he wrote this and what he was trying to overcome at that
time so I have to ask have you spoken
to him about how useful he
2014-03-21 1:00 GMT+01:00 Lennart Poettering mzerq...@0pointer.de:
On Thu, 20.03.14 13:44, Stephen John Smoogen (smo...@gmail.com) wrote:
And now I need to have X number applications special syntax to
whitelist/blacklist a site. I need to change X files to make that change.
Each of those
On Fri, 21.03.14 20:02, Florian Weimer (f...@deneb.enyo.de) wrote:
* Lennart Poettering:
So offer something with equivalent functionality (and config file
syntax compatibility), with a nice modern clean API and then systemd
and others can be moved over to that 1 by 1, and once we've no
On Fri, 21.03.14 23:35, Reindl Harald (h.rei...@thelounge.net) wrote:
In other words you are telling us that now to get something implemented or
removed in Fedora we have to not only
deal with our usual politics and bureaucracy but also all the downstream
distribution to us as well...
1 - 100 of 137 matches
Mail list logo