Re: Infrastructure status, 2008-08-19 UTC 0200

On Sat, Aug 23, 2008 at 09:39:46AM -0800, Jeff Spaleta wrote: > On Sat, Aug 23, 2008 at 6:16 AM, Roger Grosswiler <[EMAIL PROTECTED]> wrote: > > ok, but is it also on fedora, with openssh-issue? Or how could we now > > find out, if our systems are compromised too? > > > I think you misread the in

Re: Infrastructure status, 2008-08-19 UTC 0200

On Sat, Aug 23, 2008 at 6:16 AM, Roger Grosswiler <[EMAIL PROTECTED]> wrote: > ok, but is it also on fedora, with openssh-issue? Or how could we now > find out, if our systems are compromised too? I think you misread the information. The impact with regard to RHEL and Fedora are different. -jef

Re: Infrastructure status, 2008-08-19 UTC 0200

On Sat, Aug 23, 2008 at 10:50:05AM -0600, Kevin Fenzi wrote: > On Sat, 23 Aug 2008 12:28:53 -0400 > [EMAIL PROTECTED] (John Aldrich) wrote: > > > On Saturday 23 August 2008, Roger Grosswiler wrote: > > > > > > ah yes, and do we also expect, that packages to new install do have > > > that problem t

Re: Infrastructure status, 2008-08-19 UTC 0200

On Sat, 23 Aug 2008 12:28:53 -0400 [EMAIL PROTECTED] (John Aldrich) wrote: > On Saturday 23 August 2008, Roger Grosswiler wrote: > > > > ah yes, and do we also expect, that packages to new install do have > > that problem too? > > > > I mean, i would like to try kde, but am not sure to get comprom

Re: Infrastructure status, 2008-08-19 UTC 0200

On Saturday 23 August 2008, Roger Grosswiler wrote: > > ah yes, and do we also expect, that packages to new install do have > that problem too? > > I mean, i would like to try kde, but am not sure to get compromised > packages there... > My 2 Cents' worth: I was thinking of upgrading from Fedora 6

Re: Infrastructure status, 2008-08-19 UTC 0200

Am Sat, 23 Aug 2008 16:16:55 +0200 schrieb Roger Grosswiler <[EMAIL PROTECTED]>: > Am Sat, 23 Aug 2008 00:38:15 +0200 > schrieb Björn Persson <[EMAIL PROTECTED]>: > > > Anne Wilson wrote: > > > On Friday 22 August 2008 17:48:22 Tom Killian wrote: > > > > >One of the compromised Fedora servers was

Re: Infrastructure status, 2008-08-19 UTC 0200

Am Sat, 23 Aug 2008 00:38:15 +0200 schrieb Björn Persson <[EMAIL PROTECTED]>: > Anne Wilson wrote: > > On Friday 22 August 2008 17:48:22 Tom Killian wrote: > > > >One of the compromised Fedora servers was a system used for > > > >signing Fedora packages. However, based on our efforts, we have > >

Re: Infrastructure status, 2008-08-19 UTC 0200

Am Fri, 22 Aug 2008 11:43:56 -0700 schrieb "Wolfgang S. Rupprecht" <[EMAIL PROTECTED]>: > > > I do find this attitude strange. There are maybe 15 messages per > > week from announce, and I can skin through and this 'I need that > > update' or 'those don't affect me', which saves me a good bit of

Re: Infrastructure status, 2008-08-19 UTC 0200

Anne Wilson wrote: > On Friday 22 August 2008 17:48:22 Tom Killian wrote: > > >One of the compromised Fedora servers was a system used for signing > > >Fedora packages. However, based on our efforts, we have high confidence > > >that the intruder was not able to capture the passphrase used to secur

Re: Infrastructure status, 2008-08-19 UTC 0200

On Friday 22 August 2008 17:48:22 Tom Killian wrote: > >One of the compromised Fedora servers was a system used for signing > >Fedora packages. However, based on our efforts, we have high confidence > >that the intruder was not able to capture the passphrase used to secure > >the Fedora package sig

Re: Infrastructure status, 2008-08-19 UTC 0200

On Friday 22 August 2008 19:43:56 Wolfgang S. Rupprecht wrote: > > I do find this attitude strange. There are maybe 15 messages per week > > from announce, and I can skin through and this 'I need that update' or > > 'those don't affect me', which saves me a good bit of time. > > It sounds like a s

Re: Infrastructure status, 2008-08-19 UTC 0200

> I do find this attitude strange. There are maybe 15 messages per week from > announce, and I can skin through and this 'I need that update' or 'those > don't affect me', which saves me a good bit of time. It sounds like a security-only announce list is needed then. Checking 780 messages a y

Re: Infrastructure status, 2008-08-19 UTC 0200

>One of the compromised Fedora servers was a system used for signing >Fedora packages. However, based on our efforts, we have high confidence >that the intruder was not able to capture the passphrase used to secure >the Fedora package signing key. Based on our review to date, the >passphrase was no

Re: Infrastructure status, 2008-08-19 UTC 0200

On Friday 22 August 2008 02:08:12 Tom Horsley wrote: > On Fri, 22 Aug 2008 09:28:36 +0900 > > Joel Rees <[EMAIL PROTECTED]> wrote: > > > Because I never thought the list was informative. > > > > This is a perception that needs correcting. > > Actually, when this all started, I took a look at the >

Re: Infrastructure status, 2008-08-19 UTC 0200

Jim Cornette wrote: Okay, you took the bait. That was an idea for finding out what you would say to other reorganisation of the lists. The problem with fedora-test-list is that it is supposed to be for "testers of fedora development releases" which is different from "test updates for stable rel

Re: Infrastructure status, 2008-08-19 UTC 0200

On Thu, 2008-08-21 at 20:29 -0700, Richard England wrote: > The noise to data ratio is decreasing alarmingly. Increasing I think you mean (he said noisily). poc -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Re: Infrastructure status, 2008-08-19 UTC 0200

Michael Schwendt wrote: On Thu, 21 Aug 2008 19:45:12 -0400, Jim Cornette wrote: I myself am not on the announce list Why not? Because I never thought the list was informative. Do you prefer to see emergency situations more often? ;) No emergencies would be ideal. It can be argued what

Re: Infrastructure status, 2008-08-19 UTC 0200

On Thu, 21 Aug 2008 19:45:12 -0400, Jim Cornette wrote: > >> I myself am not on the announce list > > > > Why not? > > Because I never thought the list was informative. Do you prefer to see emergency situations more often? ;) It can be argued what types of messages really belong on fedora-ann

Re: Infrastructure status, 2008-08-19 UTC 0200

Jim Cornette wrote: Anyway, the best thing to do would be to make a list called fedora-emergency-list or the fedora-OMG-list. Or perhaps the fedora-FEMA list so we'd know to expect a huge delay before any response... -- Les Mikesell [EMAIL PROTECTED] -- fedora-list mailing list fedor

Re: Infrastructure status, 2008-08-19 UTC 0200

Dave Burns wrote: Know what I wish? That posts with the subject "Re: Infrastructure status" actually discussed infrastructure status, and that discussions of 'how to improve dissemination of info about infrastructure status' had a different subject. T Dave +2 What is it, the season, t

Re: Infrastructure status, 2008-08-19 UTC 0200

Tom Horsley wrote: On Fri, 22 Aug 2008 09:28:36 +0900 Joel Rees <[EMAIL PROTECTED]> wrote: Because I never thought the list was informative. This is a perception that needs correcting. Actually, when this all started, I took a look at the announce list archives, and came to the definitive c

Re: Infrastructure status, 2008-08-19 UTC 0200

Arthur Pemberton wrote: On Thu, Aug 21, 2008 at 6:45 PM, Jim Cornette <[EMAIL PROTECTED]> wrote: Michael Schwendt wrote: On Wed, 20 Aug 2008 23:35:20 -0400, Jim Cornette wrote: I myself am not on the announce list Why not? Because I never thought the list was informative. So you made your

Re: Infrastructure status, 2008-08-19 UTC 0200

Joel Rees wrote: On Aug 22, 2008, at 8:45 AM, Jim Cornette wrote: Michael Schwendt wrote: On Wed, 20 Aug 2008 23:35:20 -0400, Jim Cornette wrote: I myself am not on the announce list Why not? Because I never thought the list was informative. This is a perception that needs correcting. U

Re: Infrastructure status, 2008-08-19 UTC 0200

Know what I wish? That posts with the subject "Re: Infrastructure status" actually discussed infrastructure status, and that discussions of 'how to improve dissemination of info about infrastructure status' had a different subject. Though the one I just suggested kinda blows. And here I am contribu

Re: Infrastructure status, 2008-08-19 UTC 0200

On Fri, 22 Aug 2008 09:28:36 +0900 Joel Rees <[EMAIL PROTECTED]> wrote: > > Because I never thought the list was informative. > > This is a perception that needs correcting. Actually, when this all started, I took a look at the announce list archives, and came to the definitive conclusion that

Re: Infrastructure status, 2008-08-19 UTC 0200

On Thu, Aug 21, 2008 at 6:45 PM, Jim Cornette <[EMAIL PROTECTED]> wrote: > Michael Schwendt wrote: >> >> On Wed, 20 Aug 2008 23:35:20 -0400, Jim Cornette wrote: >> >>> I myself am not on the announce list >> >> Why not? > > Because I never thought the list was informative. So you made your own dec

Re: Infrastructure status, 2008-08-19 UTC 0200

On Aug 22, 2008, at 8:45 AM, Jim Cornette wrote: Michael Schwendt wrote: On Wed, 20 Aug 2008 23:35:20 -0400, Jim Cornette wrote: I myself am not on the announce list Why not? Because I never thought the list was informative. This is a perception that needs correcting. Unfortunately, the

Re: Infrastructure status, 2008-08-19 UTC 0200

Michael Schwendt wrote: On Wed, 20 Aug 2008 23:35:20 -0400, Jim Cornette wrote: I myself am not on the announce list Why not? Because I never thought the list was informative. so it was not a good choice to inform users of the infrastructure problem. That's a weird conclusion. Certain

Re: Infrastructure status, 2008-08-19 UTC 0200

On Wed, 20 Aug 2008 23:35:20 -0400, Jim Cornette wrote: > I myself am not on the announce list Why not? > so it was not a good choice to > inform users of the infrastructure problem. That's a weird conclusion. Certainly it was a good choice to send an announcement to the fedora-announce-list,

Re: Infrastructure status, 2008-08-19 UTC 0200

On Wed, Aug 20, 2008 at 10:35 PM, Jim Cornette <[EMAIL PROTECTED]> wrote: > I like the idea where the update tool notifies the user of important > precautions. > I myself am not on the announce list so it was not a good choice to inform > users of the infrastructure problem. Why were you not on th

Re: Infrastructure status, 2008-08-19 UTC 0200

I like the idea where the update tool notifies the user of important precautions. I myself am not on the announce list so it was not a good choice to inform users of the infrastructure problem. I read a mail to a link on the test list initially. I think that broadcasting important messages via

Re: Infrastructure status, 2008-08-19 UTC 0200

On Tue, Aug 19, 2008 at 07:45:29AM -0430, Patrick O'Callaghan wrote: > Signatures tell you that whoever produced them has the private key, the > rest is assumption. Same with the host key, really. -- Matthew Miller [EMAIL PROTECTED] Boston University Linux

Re: Infrastructure status, 2008-08-19 UTC 0200

On Tue, 2008-08-19 at 18:10 +0930, Tim wrote: > Tim: > >> Is it just me, or do others also think that a public email (even a > >> signed one) would be almost the worst place to trust a fingerprint > >> announcement? > > Laszlo BERES: > > If the mail is correctly signed then it's OK. > > A message

Re: Infrastructure status, 2008-08-19 UTC 0200

On Tue, Aug 19, 2008 at 06:10:50PM +0930, Tim wrote: > >> Is it just me, or do others also think that a public email (even a > >> signed one) would be almost the worst place to trust a fingerprint > >> announcement? > Laszlo BERES: > > If the mail is correctly signed then it's OK. > A message being

Re: Infrastructure status, 2008-08-19 UTC 0200

Tim: >> Is it just me, or do others also think that a public email (even a >> signed one) would be almost the worst place to trust a fingerprint >> announcement? Laszlo BERES: > If the mail is correctly signed then it's OK. A message being correctly signed isn't quite the same thing as being able

Re: Infrastructure status, 2008-08-19 UTC 0200

Tim wrote: > Is it just me, or do others also think that a public email (even a > signed one) would be almost the worst place to trust a fingerprint > announcement? If the mail is correctly signed then it's OK. -- BÉRES László RHCE, RHCX senior IT engineer, trainer Red Hat, Fedora, CentOS, S

Re: Infrastructure status, 2008-08-19 UTC 0200

On Tue, 2008-08-19 at 02:07 +, Paul W. Frields wrote: > ** New SSH fingerprint for Fedora Hosted: >e6:b3:68:51:98:2d:4c:dc:63:27:46:65:51:d5:f0:7a Is it just me, or do others also think that a public email (even a signed one) would be almost the worst place to trust a fingerprint announcem

important question about updates [was Re: Infrastructure status, 2008-08-19 UTC 0200]

On Tue, Aug 19, 2008 at 02:07:45AM +, Paul W. Frields wrote: > Please give the infrastructure team the time they need to do this > demanding work. They have been doing a spectacular job and deserve the > absolute highest credit. Having been in some serious infrastructure-crunch situations myse