Tim wrote:
Ignore security warnings - the client can carry on and log in even if
the client determines that security is lacking (e.g. if the server's
certificate has expired, or not quite correct, or doesn't have one at
all, like the pop-up said), or it can abort when security is considered
lax.
This happens on new account creation. Which one is correct? :-)
STF
===
http://eisenbits.homelinux.net/~stf/
OpenPGP: DFD9 0146 3794 9CF6 17EA D63F DBF5 8AA8 3B31 FE8A
===
I just wanted to share my opinion about the new KDE in Fedora 10 (KDE
4.2 or so).
KDE has been my favourite desktop environment for *years* (8-10 or so).
The old one in Fedora 8 (KDE 3.5 or so) was great.
Unfortunately, the new one (4.2 or so) is *so heavy*, *so buggy* and so
*unusable at al
Todd Zullinger wrote:
And, of course, on top of compiler options and firewalls, SELinux is
one more layer that is added to protect against problems in upstream
code. If upstream code has some hole that tries to mail off
/etc/passwd somewhere, this is very likely to be denied by SELinux.
And when
Rahul Sundaram wrote:
While the review guidelines do make sure that the source code matches
upstream¹, that doesn't ensure that upstream doesn't have backdoors,
holes, malicious content, etc.
That's a totally different question IMO. We at the distribution level
can only check whether there is a
Rahul Sundaram wrote:
You missed that the review guidelines has a source check as well. Read
it in detail.
Where's that, sorry?
STF
===
http://eisenbits.homelinux.net/~stf/
OpenPGP: 9D25 3D89 75F1 DF1D F434 25D7 E87F A1B9 B8
Rahul Sundaram wrote:
Probably there are lots of packages reviewed by their authors only?
Review and signing are two different processes. Every single new package
has to go through a review process as outlined in
http://fedoraproject.org/wiki/Packaging/ReviewGuidelines
Signing a package is do
Todd Zullinger wrote:
By policy, there are things that rpm scriptlets should not do. But if
you created an rpm which had a %post section containing rm -rf /, rpm
would run it AFAIK.
Oh! 8-O
I wonder how easy it is to create a rootkit/trojan horse/whatever
and get it loaded on Fedora users' c
What does the process of installing new RPM package look like? There are
some commands that such package is allowed to execute, right?
What are RPMs allowed to do, and what is forbidden? Is there any control
layer at all in the package manager, or is the control (e.g., during
package install)
What is this kdenetwork-7:4.2.1-1.fc10.i386 ? I guess it's the first
time I see an RPM package with ":" in its name. More amazing is,
however, that it both exists and does not exist on my system at the same
time.
$ rpm --erase --test libgadu-1.8.2-1.fc10.i386
error: Failed dependencies:
Todd Zullinger wrote:
$ gpg --list-options 'show-policy-urls' --list-sigs silfreed
pub 1024D/ED00D312 2000-06-21
uid Douglas E. Warner
sig 3ED00D312 2005-11-02 Douglas E. Warner
sig 2 PBEAF0CE3 2006-08-07 Todd M. Zullinger
Signature policy: http://www.pobo
m wrote:
Difficult at best, who wants to trust a faceless corporation? Not to be
cynical but you might trust the receptionist but what about the IT dept?
Are they competent? Money is no guarantee of anything, in fact the
larger the company the more likely they will let something slip through
t
Mikkel L. Ellertson wrote:
Let me see - The Gnupg package is included with Fedora. RPMs are
signed with a GPG key - each version has its own key. The extra
repositories have their own keys. When their was a possibility that
the keys had been compromised, new keys were issued. It is not like
Fedor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Friends,
Inspired by the recent problems with checksums for various installation
files of Fedora 10, may I be allowed to say, that I think that broader
adoption of OpenPGP standard (gpg) among Fedora (and Free Software)
developers and users could be
Tom Horsley wrote:
I doubt it. They are normally just part of the DVD image, and so
are checked as part of the whole DVD. Probably no one has ever
thought to provide individual checksums for those files.
It's worse. Even boot.iso lacks its (signed) checksum as far as I can
see. So if you want
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Pardon me if I am blind, but I am trying to install Fedora 10 without
media:
http://docs.fedoraproject.org/install-guide/f10/en_US/ap-medialess-install.html
and can't find the checksums for vmlinuz and initrd.img.
They are available somewhere, aren't
Is there any problem about using RPMs from newer Fedora releases in
older releases? For instance I want Berkeley DB XML from Fedora 10 but I
have Fedora 8 and don't feel like upgrading right now.
Thanks!
STF
===
http://eisenb
Why doesn't Fedora have MPEG-1 support (playing)?
Here: http://en.wikipedia.org/wiki/MPEG-1#Patents they say: "MPEG-1
video and Layer I/II audio may be able to be implemented without payment
of license fees.". And it looks that there are various GPL
programs/codecs ready.
So what's the probl
How can I know which RPM in Fedora release contains which Perl modules?
In particular I want to install Test::More, but don't know where to look
for that. :-/
Thanks,
STF
===
http://eisenbits.homelinux.net/~stf/ . My PGP key f
Why doesn't Fedora use vanilla Linux kernel?
STF
===
http://eisenbits.homelinux.net/~stf/ . My PGP key fingerprint is:
9D25 3D89 75F1 DF1D F434 25D7 E87F A1B9 B80F 8062
==
Hello there
Why doesn't Fedora ship any RPMs with PHP bindings for Oracle Berkeley
DB XML database?
STF
===
http://eisenbits.homelinux.net/~stf/ . My PGP key fingerprint is:
9D25 3D89 75F1 DF1D F434 25D7 E87F A1B9 B80F 8062
21 matches
Mail list logo