yum - file conflicts when updating from i?86 to x86_64
Hi, all, I had an interesting time updating a machine from i686 to x86_64 last night. I wound up using rpm alot, and would rather have used yum more, but for problems like the one noted below (just one example out of a large number of similar instances). Is there a way to get yum to not fret about file conflicts when replacing one arch with another with the same base package name? Dependency resolution and RPM seems to be happy, but the transaction check (OK, I don't really know what that means) doesn't seem to understand what's happening. Thanks, -Bill == -- Running transaction check -- Processing Dependency: tor-core = 0.2.0.35-1.fc11 for package: tor-lsb-0.2.0.35-1.fc11.noarch --- Package tor-core.x86_64 0:0.2.1.19-2.fc12 set to be updated -- Running transaction check --- Package tor-lsb.noarch 0:0.2.1.19-2.fc12 set to be updated -- Finished Dependency Resolution Dependencies Resolved Package Arch Version Repository Size Updating: tor-core x86_64 0.2.1.19-2.fc12 fedora 956 k Updating for dependencies: tor-lsb noarch 0.2.1.19-2.fc12 fedora 12 k Transaction Summary Install 0 Package(s) Upgrade 2 Package(s) Total size: 968 k Downloading Packages: Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Check Error: file /etc/tor/torrc from install of tor-core-0.2.1.19-2.fc12.x86_64 conflicts with file from package tor-core-0.2.0.35-1.fc11.i586 file /usr/share/man/man1/tor.1.gz from install of tor-core-0.2.1.19-2.fc12.x86_64 conflicts with file from package tor-core-0.2.0.35-1.fc11.i586 file /usr/share/tor/geoip from install of tor-core-0.2.1.19-2.fc12.x86_64 conflicts with file from package tor-core-0.2.0.35-1.fc11.i586 -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Telephone: +1.603.448.4440 Email, IM, VOIP: b...@bfccomputing.com VCard: http://bfccomputing.com/vcard/bill.vcf Social networks: bill_mcgonigle/bill.mcgonigle -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Any linux-based microSD utilities?
On 01/06/2010 12:48 PM, Max Pyziur wrote: However, the device doesn't automount, nor can I mount it from root. If the card has failed, I'd like to try and recover whatever data I can. You could have a card failure or a corrupt filesystem (or both). Try reading the card with something like: dd if=/dev/sdb of=myflakeycard.dd bs=2M conv=sync,noerror If that succeeds, the disk is probably OK. Usually they're vfat filesystems, so look into how to recover those. Can the card be made useable again through some sort of formatting utility? something like: mkfs -t vfat -n yourphonenumberhere /dev/sdb1 works in my phones and cameras. That'll wipe your data of course. The -n flag is optional, but in theory a number there will help an honest man return your lost device. It worked once for me anyway. -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Telephone: +1.603.448.4440 Email, IM, VOIP: b...@bfccomputing.com VCard: http://bfccomputing.com/vcard/bill.vcf Social networks: bill_mcgonigle/bill.mcgonigle -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: i686 packages in my Fedora 12 x86_64
On 01/05/2010 02:44 PM, Germán A. Racca wrote: I have freshly installed Fedora 12 x86_64 in my PC 2 weeks ago. Now I see that I have some (49) packages in both i686 and x86_64 architectures. The list is at the end of the message. What should I do? I haven't figured out the right way to deal with this, but I did just last night finally purge an upgraded system of its 32-bit packages with something like: rpm -qa | grep '86$' | sort | xargs --verbose rpm -e --nodeps And then ran: rpm -Va --nofiles --nodigest and: package-cleanup --problems with successful results. So far so good, yum runs well again. -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Telephone: +1.603.448.4440 Email, IM, VOIP: b...@bfccomputing.com VCard: http://bfccomputing.com/vcard/bill.vcf Social networks: bill_mcgonigle/bill.mcgonigle -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Anyone know of a program to read dicom files?
On 01/02/2010 08:12 AM, Paolo Galtieri wrote: I tried both cinepaint and gimp which claim to support dicom files, but cinepaint crashes and gimp says Procedure 'file-dicom-load' returned no return values Check out this one: http://dicom.offis.de/dcmtk.php.en I've been out of the field for a while, but it used to be well-considered. That being said, we had a smart guy on staff whose full-time job it was to figure out how to parse supposedly-standard DICOM files coming out of random scanners from myriad vendors. -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Telephone: +1.603.448.4440 Email, IM, VOIP: b...@bfccomputing.com VCard: http://bfccomputing.com/vcard/bill.vcf Social networks: bill_mcgonigle/bill.mcgonigle -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: How many people need to use the proprietary nvidia driver ? (Or other non kms driver ?)
On 12/22/2009 11:21 PM, Linuxguy123 wrote: Please reply if you need to ( ie must) use the proprietary nvidia driver instead of the nouveau driver. Yes, TV-Out for MythDora. Not on F12 yet, but that's in the works. It's frustrating enough that I'd switch video cards if there was decent free driver support. -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Telephone: +1.603.448.4440 Email, IM, VOIP: b...@bfccomputing.com VCard: http://bfccomputing.com/vcard/bill.vcf Social networks: bill_mcgonigle/bill.mcgonigle -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Promoting i386 version over x86_64?
On 11/21/2009 03:52 AM, Jonathan Dieter wrote: FWIW, there is a syslinux module named ifcpu64 that will load different kernels/initrds based on whether the cpu is 64-bit. Cool, do syslinux modules work in isolinux? We could have a tiny 32-bit image on a 64-bit CD that would say, sorry, you got the wrong CD. -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Telephone: +1.603.448.4440 Email, IM, VOIP: b...@bfccomputing.com VCard: http://bfccomputing.com/vcard/bill.vcf Social networks: bill_mcgonigle/bill.mcgonigle -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Promoting i386 version over x86_64?
On 11/19/2009 06:39 PM, Kevin Kofler wrote: Yes, if the CPU has the lm (long mode) flag, it's a 64-bit-capable CPU and using the 32-bit version is suboptimal. how can this be checked from within a web browser? Trusted Java applet? -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Telephone: +1.603.448.4440 Email, IM, VOIP: b...@bfccomputing.com VCard: http://bfccomputing.com/vcard/bill.vcf Social networks: bill_mcgonigle/bill.mcgonigle -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Promoting i386 version over x86_64?
On 11/18/2009 09:22 PM, Ikem Krueger wrote: That gives very little incentive to fetch the correct version. Why should a person bother with it, when a pc can do that? Perhaps Kevin is advocating for a strategy that will reduce mirror bandwidth? Of course there are a heck of a lot of variables in the preceding sentence. And I think that by now the vast majority of our userbase uses 64-bit-capable machines. I don't know. Maybe a poll would be good for that? :) smolt would be good for that. It doesn't answer the question of when to switch over of if that's a good idea. Where would a check for proper bittedness be fit in the boot process? Kernel boot is too late, I think. Grub? ISOLINUX? Some simple guidance on the download page would be helpful. Are you installing Fedora on the computer you're using now? [YES] [NO] YES - is any sort of check even possible if the user is running 32-bit on 64-bit? NO - offer guidance about date of manufacture, netbooks, re-visit the page from LiveCD, and offer 32-bit as a most compatible, I'm not sure link. -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Telephone: +1.603.448.4440 Email, IM, VOIP: b...@bfccomputing.com VCard: http://bfccomputing.com/vcard/bill.vcf Social networks: bill_mcgonigle/bill.mcgonigle -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: RFC: Btrfs snapshots feature for F13
On 11/16/2009 07:55 PM, Chris Ball wrote: It'd be great to get feedback on whether this is the right idea You might look into how the nexenta guys implemented this: http://www.nexenta.org/os/TransactionalZFSUpgrades to see if they have some thoughts worth borrowing. With the caveat that I haven't yet created a btrfs (seriously waiting on a Seagate RMA), I think most of the complaints on this thread are due to thinking of filesystems in old terms, due to limitations of old storage concepts. To do this right probably requires the careful use of subvolumes. One for rpm, one for logs, one for each package installed, one for each user's home, etc. From rpm you can know what needs rolling back. This probably implies foo-var, foo-etc, foo-log, foo-share, etc, which is inefficient, so maybe some refinement is needed there as well. -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Telephone: +1.603.448.4440 Email, IM, VOIP: b...@bfccomputing.com VCard: http://bfccomputing.com/vcard/bill.vcf Social networks: bill_mcgonigle/bill.mcgonigle -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: How to create bootable iso from files
On 09/18/2009 01:01 PM, Abhishek Sharma wrote: I want to write them to a disk in such a way that the disk becomes bootable. check out the '-b' option to mkisofs: man mkisofs and ISOLINUX: http://syslinux.zytor.com/wiki/index.php/ISOLINUX -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Telephone: +1.603.448.4440 Email, IM, VOIP: b...@bfccomputing.com VCard: http://bfccomputing.com/vcard/bill.vcf Social networks: bill_mcgonigle/bill.mcgonigle -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: F11: Amarok doesn't see all my music files
On 09/17/2009 07:09 AM, Rex Dieter wrote: taglib-extras is a dependency of amarok already oh, good. I'll chalk it up to one of my yum metadata problems then. -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Telephone: +1.603.448.4440 Email, IM, VOIP: b...@bfccomputing.com VCard: http://bfccomputing.com/vcard/bill.vcf Social networks: bill_mcgonigle/bill.mcgonigle -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: VMWare Server 2.0.1 On Fedora 11 64Bit
On 09/17/2009 12:01 AM, Frederick Abrams wrote: I copied the files from vmware-server-modules-2629tar.gz into my /usr/lib/vmware/modules/source and then ran /usr/bin/vmware-config.pl and i had no issues everything just Worked I went through the same thing last week, and this fix was more obscure than the innumerable other times I'd had trouble with unsupported kernel versions with vmware. That was enough to finally make me move over to KVM, and I'm pretty happy with it. I put some notes here: http://blog.bfccomputing.com/articles/2009/09/14/converting-a-windows-vista-kvm-virtual-machine-to-redhat-virtio-drivers -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Telephone: +1.603.448.4440 Email, IM, VOIP: b...@bfccomputing.com VCard: http://bfccomputing.com/vcard/bill.vcf Social networks: bill_mcgonigle/bill.mcgonigle -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: The other distro to offer ppc support!
On 09/16/2009 08:05 PM, gil...@altern.org wrote: I suppose security updates will still be available for some time and it doesn't seem the $29.95 SL upgrade makes a world of difference. There are some people with really decent machines that were cut off from Leopard, and so now Snow Leopard is out, and they're SOL for security updates. Something like an 800MHz flat-panel iMac is still a nice computer, would make a great Fedora machine. Snow Leopard is mostly an engineering release, so when the next upgrade arrives, you'll find some Mac Pros with the quad-liquid-cooled G5's (sold into summer '06) on the auction block (cheap/unsupported). They ought to be giving away Powerbooks with a fill-up at the gas station in Cupertino. I'll have to make sure my local computer recycling nonprofit knows where to turn. -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Telephone: +1.603.448.4440 Email, IM, VOIP: b...@bfccomputing.com VCard: http://bfccomputing.com/vcard/bill.vcf Social networks: bill_mcgonigle/bill.mcgonigle -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Nostalgy Thunderbird Plugin
On 09/16/2009 12:18 PM, Henrique Faria wrote: Does anyone knows how to install nostalgy plugin in Thunderbird Beta 3? Thanks in advance, Look on the nostalgy web site, there's a section on checking out from CVS. You create a text file in your extensions directory which contains one line, with the path to your CVS checkout. The developer release up there is stale and won't work. -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Telephone: +1.603.448.4440 Email, IM, VOIP: b...@bfccomputing.com VCard: http://bfccomputing.com/vcard/bill.vcf Social networks: bill_mcgonigle/bill.mcgonigle -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: F11: Amarok doesn't see all my music files
I had to install taglib-extras to get some of my files to show up - I'm not sure why. The KDE 4.3 version is definitely much better. -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Telephone: +1.603.448.4440 Email, IM, VOIP: b...@bfccomputing.com VCard: http://bfccomputing.com/vcard/bill.vcf Social networks: bill_mcgonigle/bill.mcgonigle -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Fedora on NSLU2/Synology/etc.
On 08/30/2009 12:21 PM, Pete Zaitcev wrote: Chasing the kaleidoscopic change of platforms is a non-starter for me as a software developer. I want to buy the box, jumpstart it, and it should get into the cloud right away, with my software pulled from the repo and running on it. It sounds like you've got two projects in mind - one that chases various ARM/other-embedded boards and your application. The *WRT distros do the first to some extent. Fedora ARM has a wiki page describing where that project is: http://fedoraproject.org/wiki/Architectures/ARM I had made this page for the Tor project: https://wiki.torproject.org/noreply/TheOnionRouter/EmbeddedTips which has some links that might help. Also, remember that a minimal Fedora install is about two orders of magnitude larger than purpose-built distros. As you've noticed, low-end x86 is rather stable and runs lots of software. Watch out, Fedora 12 is about to deprecate some of the lowest-power CPU's (C3 at least, not sure about C7). -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Telephone: +1.603.448.4440 Email, IM, VOIP: b...@bfccomputing.com VCard: http://bfccomputing.com/vcard/bill.vcf Social networks: bill_mcgonigle/bill.mcgonigle -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: dovecot update warning
On 08/21/2009 06:51 PM, Tom Horsley wrote: I dunno. Didn't really seem like a bug to me, just your standard every day linux update that breaks backwards compatibility. That seems to happen all the time, and in this case was actually easy to fix, once I found the right web page. would a sed script to fix this be appropriate in the RPM? Sorry, I forget if scripts can know if they're running in upgrade mode. -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Telephone: +1.603.448.4440 Email, IM, VOIP: b...@bfccomputing.com VCard: http://bfccomputing.com/vcard/bill.vcf Social networks: bill_mcgonigle/bill.mcgonigle -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: How to kill Kpackagekit update notification
On 08/23/2009 01:42 PM, Anoop wrote: Its under services. You can disable it from: System Settings-Advanced-Service Manager Seems like there's a reportable bug if the 'don't bother me' button doesn't do anything. I have one machine that does this, but it's still on F10/4.2 so I can't really report that. -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Telephone: +1.603.448.4440 Email, IM, VOIP: b...@bfccomputing.com VCard: http://bfccomputing.com/vcard/bill.vcf Social networks: bill_mcgonigle/bill.mcgonigle -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: fedora 6
On 08/24/2009 08:48 AM, Yves Limoge wrote: I need to install an old version of fedora, fedora 6, in order to be able to use a specific security program. Could somebody tell me wher I can find the complete distribution on CDs including the KDE desktop ? FWIW, RHEL 5 branched off from FC6, so CentOS 5.3 might be compatible too (and is maintained). -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Telephone: +1.603.448.4440 Email, IM, VOIP: b...@bfccomputing.com VCard: http://bfccomputing.com/vcard/bill.vcf Social networks: bill_mcgonigle/bill.mcgonigle -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Firewall and nfs mounts
On 08/24/2009 08:15 AM, Anne Wilson wrote: What ports are necessarily opened on an nfs server? Does the client need any ports opened? If you can limit yourself to NFSv4 you're much better off in this department. I have this on an NFSv4 server: # NFS -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --source 192.168.1.32/27 --dport 2049 -j ACCEPT and nothing on a working client other than the standard: -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Telephone: +1.603.448.4440 Email, IM, VOIP: b...@bfccomputing.com VCard: http://bfccomputing.com/vcard/bill.vcf Social networks: bill_mcgonigle/bill.mcgonigle -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: modify sshd port number
On 08/24/2009 11:01 AM, pete b. wrote: 1. Does the Firewall Configuration Tool modify a file? Which one? /etc/sysconfig/iptables it's pretty easy to edit that file and copy/paste the port 22 rule to whatever port you need. Then: service iptables restart 2. Can I change the sshd port number via the Firewall Configuration Tool? NB, can someone specify all the instructions for this, when I tried it I was unable to select a service. You would probably have to add a custom port of and allow it in the firewall tool. The firewall is just allowing connections to certain ports. What is running on those ports is a separate matter, so you need to modify both the ssh port in sshd_config and allow that new port in from the firewall. There are other techniques, such as rate limiting, port knocking, source address restrictions, log tailing, etc., that might be other ways to solve ssh daemon abuse. -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Telephone: +1.603.448.4440 Email, IM, VOIP: b...@bfccomputing.com VCard: http://bfccomputing.com/vcard/bill.vcf Social networks: bill_mcgonigle/bill.mcgonigle -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: A good desktop Wi-Fi card for Fedora 10
On 08/21/2009 03:52 PM, William M. Quarles wrote: Does anybody know of a good desktop PCI wireless ethernet card that I can buy and use with Fedora 10? Just happened to see one in today's NewEgg mailer for $15: http://is.gd/2wuqo I've had good luck with ralink myself. A comment there says 2.6.24 or better. -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Telephone: +1.603.448.4440 Email, IM, VOIP: b...@bfccomputing.com VCard: http://bfccomputing.com/vcard/bill.vcf Social networks: bill_mcgonigle/bill.mcgonigle -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: enigmail for F-11's thunderbird ?
On 08/11/2009 09:35 AM, Remi Collet wrote: Is this appropriate as a Thunderbird SOURCES/ patch? Yes. See : https://bugzilla.mozilla.org/show_bug.cgi?id=509421 Thanks, Remi. Should we get this into the Fedora build for the time being? -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Telephone: +1.603.448.4440 Email, IM, VOIP: b...@bfccomputing.com VCard: http://bfccomputing.com/vcard/bill.vcf Social networks: bill_mcgonigle/bill.mcgonigle -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Fedora 12 Features Proposed for Removal
On 08/07/2009 02:54 AM, Rahul Sundaram wrote: Pointing it out on a review and restoring to calling the packages bad quality if people don't follow your controversial recommendation isn't going to scale at all. This is a good perspective, Ralf. Putting the same energy into individual reviews won't have as amplified an impact as convincing the packaging committee of problems. I understand the theoretical value of a deterministic package build - I'm not aware of specific examples of where non-determinism has caused problems in Fedora, though I can imagine some. Gathering evidence of breakage may cause a change of opinion. Having a practical alternative is probably required as well. -Bill P.S. I support your position to not review packages you find morally offensive. Fedora itself is a moral stance (on Free software), and as such should not ask its members to behave in a personally unethical manner. -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Email, IM, VOIP: b...@bfccomputing.com Telephone: +1.603.448.4440 Twitter, etc.: bill_mcgonigle/bill.mcgonigle VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: enigmail for F-11's thunderbird ?
On 08/10/2009 08:50 AM, Bernie Innocenti wrote: Why is thunderbird-enigmail in rpfusion-free rather than fedora proper? As currently constructed, enigmail's SRPM requires the entire Thunderbird source. I speculated here last week that perhaps we need a thunderbird-devel package, but I don't know enough to qualify that. -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Email, IM, VOIP: b...@bfccomputing.com Telephone: +1.603.448.4440 Twitter, etc.: bill_mcgonigle/bill.mcgonigle VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Fedora 12 Features Proposed for Removal
On 08/10/2009 11:44 AM, Ralf Corsepius wrote: They are very easy to demonstrate. Commonly known cases are building gcc, binutils, gdb, firefox etc. Are these of the sort where a bug is reported, it's found that autotools made a bad decision, and then patching autotools fixed the problem? I'd like to read through such a bug report to learn more, if you can think of one easily. Other cases are pretty easy to find. Actually, probably almost any non-trivial, complex package has such issues. I don't _seem_ to have trouble rebuilding SRPM's (including some of the above cited) that I see are running autoconf. I'm curious to understand why or what I'm missing. -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Email, IM, VOIP: b...@bfccomputing.com Telephone: +1.603.448.4440 Twitter, etc.: bill_mcgonigle/bill.mcgonigle VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: KDE vs. GNOME on F10
On 08/06/2009 10:24 PM, Adam Williamson wrote: so if a package does get an 'adventurous' update then hits a security bug, there's no way to have a separate update without the adventurous change but with the security bug fixed so, two separate issues: one is making the updates, the other is solving for them. I only meant that with tags you could potentially solve for available updates within a single repo. I'm not sure you could _make_ a 'Solid' spin unless there was a Solid update path to work off. Right, to do that we'd need a SIG interested in making sure there was one. Some package developers/maintainers would probably join, others wouldn't be interested. It's probably not necessary to have all of Fedora in such a spin, but where there are users there tends to be interest. -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: KDE vs. GNOME on F10
On 08/06/2009 08:57 PM, Ben Boeckel wrote: Just a thought, but could that SIG just enforce a critical path- like workflow (with overrides from the security team) on FN-2? They would have to be willing to do the QA, talk with SIGs and maintainers, and be large enough to be able to do so. Thoughts? I'm not sure FN-2 always qualifies as stable. For instance, I've seen major sound and video breakage in F11 - that wouldn't make a good base for a stable distro when F13 is branching _just_ because it's two back. On the other hand, one can juggle kernel versions/options, drivers, disable PulseAudio, etc. as required to achieve stable - though work better suited for a project than random thoughts in this e-mail. ;) -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Fit and Finish, round three: peripherals
On 08/07/2009 12:53 PM, Matthias Clasen wrote: a camera, a phone, a usb stick, or whatever gizmos you have at home... Real plastic and metal plugs only, or bluetooth connections as well? -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Email, IM, VOIP: b...@bfccomputing.com Telephone: +1.603.448.4440 Twitter, etc.: bill_mcgonigle/bill.mcgonigle VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Firefox SELinux bug from Alpha Blockers meeting.
On 08/07/2009 03:40 PM, Adam Miller wrote: to get any outside feedback that others might have on the topic of this being a F12Alpha Blocker. it's a restricted-access bug. -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Email, IM, VOIP: b...@bfccomputing.com Telephone: +1.603.448.4440 Twitter, etc.: bill_mcgonigle/bill.mcgonigle VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: KDE vs. GNOME on F10
Great thread. On 08/06/2009 01:59 AM, Adam Williamson wrote: I'm simply pointing out that it's literally impossible to satisfy both possible update policies with a single unitary repository. There was some talk about additional tagging in RPM being available in Fedora 13, wasn't there? Perhaps if that could propagate through the build, repo, and yum tools there would be a way to solve for various branches. MythDora is a spin that's worth studying here. It provides a specific purpose, is pretty well-tuned to that purpose, and doesn't necessarily update for every Fedora release. One can imagine a 'Fedora Solid' spin that pays special attention to QA, maybe only plans on every-other release, sometimes back-porting release+1 things that make a huge win, maybe takes longer to compose than a regular Fedora release. There was some talk about extending updates to 18 months, which would make such a spin feasible. CentOS tends to be crufty, Fedora tends to be broken. Average users usually want to be somewhere in the middle. Having a user-focused SIG as an additional check on packagers' decisions to update packages could have quality benefits. I like the idea that Fedora is whatever there's a SIG for, not just for avoiding the question, but for the idea that Fedora is a process, not a product. -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Lower Process Capabilities
On 08/05/2009 08:02 AM, Paul Howarth wrote: http://danwalsh.livejournal.com/27571.html This is really nice. To partially answer my own question, Dan keeps coming up with great stuff that seems essential for average admins to maintain an SELinux box. -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Testing libsatsolver on Fedora
On 07/31/2009 01:12 AM, James Antill wrote: *sigh*, if you want to do some benchmarking of different package managers available in Fedora (zypp makes the 4th, if apt is working again) then feel free to actually do _a bunch of work_ comparing apples to apples. You'll almost certainly be speaking privately with developers from all of the tools, to make sure you aren't screwing it up. _Then_ post the results somewhere. Raising the bar so high on public discussion of application performance is essentially an attempt to stifle it. We don't make progress by commissioning scientific studies as soon as new ideas are put forth, we see first if they pass the smell test. But to get to the substance of the matter, do you mean to say that it's not possible for libsatsolver to improve the speed or correctness of yum, or simply that people who are not currently working on yum shouldn't participate in discussions about it? (technically speaking, I did contribute a fix to urlgrabber to fix a problem with interrupted downloads last year, but it wasn't accepted, so I just ran it locally) If, however, you want to just post yum is slow feel free to not do so on f-d-l. Likewise with quick benchmarks like this (which amounts to the same thing, IMO). Somehow you forgot to quote where I said yum was doing more work and it downloaded twice as fast. It sounds like you're trying to project unrelated anti-yum sentiment onto my simple report of positive progress on Michael's part. Just to be clear, I'm a big fan of yum and I'd like to see it improved. If libsatsolver can make it faster and more correct, I don't understand the reluctance. So far, nobody has suggested that it's yet good enough for any of the tasks such an integration would require. If you know that Michael's work is an algorithmic dead-end, please just let us know that, it would be very useful information. -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Testing libsatsolver on Fedora
On 07/31/2009 03:46 PM, James Antill wrote: We also don't make progress by posting yum is 50x slower than solv for update, and yet _predictably_ that is what this thread degenerated into within hours of your post. I seem to be reading a different thread. A few people were trying out the code posted and posting feedback and rough time results. Then why post the numbers, if you know they aren't comparable/worthwhile/etc? Are you familiar with the concept of a 'smell test'? Here: http://en.wiktionary.org/wiki/smell_test 1. (idiomatic) An informal method for determining whether something is authentic, credible, or ethical, by using one's common sense or sense of propriety. The results of a time on 'solv update' vs 'yum update' aren't comparable, but they are worthwhile. Michael had posted that the SAT algorithm can be faster and more accurate. That's a large claim. The SUSE wiki claims it can be magnitudes faster (but than what, was validly raised). My smell test showed that the two achieved similar results within a few multiples. That narrows the claims - solv isn't magnitudes faster as presently composed and I stated I didn't know exactly how much less work it's doing than yum. We also don't know how well it's been optimized. The results show that it's at least possible that it could perform faster - it's certainly not magnitudes slower. So, it passes the smell test - the claim isn't complete BS. If it were a hundred times slower it wouldn't pass the smell test. Nobody pretends a smell test is a rigorous benchmark. In fact, spending time on rigorous benchmarking without first performing smell tests would be foolhardy. And, yeh, I'd have at least worded my reply differently (if not just hit delete thread) if you were the first person to ever post weird numbers and call it a yum vs. BLAH benchmark. But that works the other way around too. I think if you'll look again you'll see that I did not call it a benchmark nor infer that it was. You're making a strawman argument here. Apparently some people are unkind about yum's performance but you can't assume that anybody looking at yum performance is mounting an attack. -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Brainstorming Session for Fedora Community 2.0 - Monday August 3, 2009 - 1500 UTC
On 07/30/2009 11:58 AM, Luke Macken wrote: The last time I tested Konqueror with Fedora Community, it choked on something like $f = $(f), where f is an html fragment. Did you file a bug on Konqueror? -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: thunderbird-enigmail should be fine for Fedora
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/30/2009 01:48 PM, Thorsten Leemhuis wrote: But the review of thunderbird-enigmail for Fedora stalled due to various reasons for a year or two iirc (bugzilla.redhat.com has some of the details; ask remi for all of them The one I found looked like it was from two years back, and the xulrunner package was going to change things? I don't claim to understand the issue fully, but does enigmail still need to be built inside a full thunderbird source tree or has that been properly factored out? - -Bill - -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpyTm4ACgkQbZzBxRhdHdswJACgi4Ge4LiR6JTKX4YaaxXN7Y9a dxQAn2hIezUDerAdwUl9Zuyxvx1YkzXZ =o5Zv -END PGP SIGNATURE- -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Lower Process Capabilities
On 07/29/2009 10:06 AM, Steve Grubb wrote: There is also the argument that what we've been teaching people for years is that SE Linux strips away privileges and doesn't grant them. Changing the model would be somewhat confusing. Just to play the devil's hair-splitting advocate, if the kernel were enforcing less and SELinux were enforcing more, the SElinux model wouldn't have changed, 'just' the kernel's. Certainly there's a good forty years of expectation about what the kernel will enforce, though I'm not sure that's important if SELinux is preventing unwanted access. Thanks for the mailing list links from '07, those made for good reading. I think the vision of SELinux in Fedora has alot to say about what the right options are. Will Fedora ever get to the point where advice to turn off SELinux is as verboten as suggesting to chmod -R 777 to solve a problem? That is, if we can guarantee that SELinux is enforcing, a whole different set of options is open that don't exist if SELinux is an optional bolt-on. Tangentially, has anybody attempted a statistical analysis tool to gather data from systems running in permissive mode to look for policy holes, ala smolt? -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Brainstorming Session for Fedora Community 2.0 - Monday August 3, 2009 - 1500 UTC
On 07/29/2009 01:28 PM, Tom spot Callaway wrote: of the two with no patches landed: http://dev.jquery.com/ticket/4362 this one lacks a konqueror bug report, or at least link. at: http://code.jquery.com/jquery-nightly.js select box val() handling seems to be done at, search for: // We need to handle select boxes special Somebody who uses either of jquery or konqueror ought to file. Fedora projects should support the browsers we ship when it's reasonable to do so. I noticed Konqueror is supposed to emit JavaScript debugging on the console, but none of the jquery test cases cause any such output. -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Lower Process Capabilities
On 07/26/2009 07:32 PM, Steve Grubb wrote: If we change the bin directory to 005, then root cannot write to that directory unless it has the CAP_DAC_OVERRIDE capability. The idea with this project is to not allow network facing or daemons have CAP_DAC_OVERRIDE, but to only allow it from logins or su/sudo. What mechanism do you use to segregate things like yum-cron that do automatic security updates? Doesn't SELinux already support allowing non-root users to have access to low-numbered ports? There's also authbind and packet mangling. We have rsyslog rules for logfile writing now. Isn't it simpler to aim for not running daemons as root rather than redefining what root means? -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Lower Process Capabilities
On 07/28/2009 04:11 PM, Chris Adams wrote: AFAIK SELinux introduces additional controls and does not replace or override existing controls. I'm pretty sure non-root still can't directly listen on a low-numbered port. For some reason I thought it was possible with MAC, but I can't find anything to support that. I might have been thinking of Solaris privileges. One simple alternative, sure to be unpopular with many, would be to patch the kernel to skip the low-numbered-port enforcement if SELinux is running in enforcing mode, and ship policies that do the right thing. Admins would have to purposely cripple their policies to make this insecure. However, init scripts would all have to become selinux savvy and know how to launch with the old model, which may be too tall an order. It also makes permissive mode more treacherous. Still, is such a change less severe than changing what root means? Is Fedora that committed to SELinux? What's it going to take to make most people who shut off SELinux stop doing that? -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Testing libsatsolver on Fedora
On 07/27/2009 04:45 PM, Rahul Sundaram wrote: What's the eventual goal? Not to speak for Michael or his ambitions, but I was curious and found this on the openSUSE site: http://en.opensuse.org/Package_Management/Sat_Solver -especially- http://en.opensuse.org/Package_Management/Sat_Solver/Basics in part: Conclusion Using SAT solver algorithms solve many of the problems the old solver had * speed: magnitudes faster * reliable results * extendibility[sic]: implementation of complex dependencies is easy * sensible error reports Improving Fedora dependency solving speed by just one order of magnitude would be lovely, the plural is deliriously attractive. -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: fedora 11 worst then ever release
On 07/26/2009 09:06 AM, Seth Vidal wrote: can you tell me even one such distro+release when this happened? it's never happened with any of the redhat, fedora, rhel releases. fc1-fc2 fc6-fc7 rhel4-rhel5 It's not new. Is this where we branch to debate a release-number super-epoch? -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: fedora 11 worst then ever release
On 07/25/2009 03:15 PM, oleksandr korneta wrote: But I dont complain, kind of got used to the idea that fedora is not made for upgrades. I haven't had the best of luck with anaconda/preupgrade, but yum + human works pretty well. I've got a machine here doing my SOHO tasks that was installed as Redhat 9 and has been yum upgraded. FC1-FC2 was the only tricky one. The YumUpgradeFAQ is indispensable and sometimes there are conflicts that need resolving (which, I assume, is why anaconda fails to depsolve). But all-in-all it takes far less time to upgrade than re-install for non-trivial configurations. We suggest filing bugs against packages that fail to upgrade, but I believe I've seen those closed with we don't support upgrades. ...yet, I say - it's inevitable. I really wish there were a way to segregate /etc into system configs and application configs so that it was easier to do re-installs. -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: RFE: FireKit
On 07/23/2009 06:17 PM, Matthew Woehlke wrote: I have to ask... when are we going to see Linux allow network access based on the checksum of the process that wants to use it? After all, 'doze has had this ability for years. (Maybe SELinux can provide this already?) Is this a checksum of the binary that got launched? Make sure prelink can update whatever database of checksums is being kept. And that prelink isn't exploitable. :) This can't be a default on MSW, right? My spam filter's pain would seem to deny that possibility. -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: RFE: FireKit
On 07/24/2009 03:21 PM, Matthew Woehlke wrote: Why is it people seem to have a problem with obscurity *on top of* security? What's wrong with making it as hard as possible for the bad guys? It's well known that security through obscurity is an insufficient defense. Only fools would rely on obscurity for strong security. Some have taken that to mean that only fools employ obscurity as part of their security. In nearly all cases that anybody here will be asked to deal with, attackers have more than one potential target and will take the lowest-cost path to achieve their ends. Obscurity increases costs. Getting a strong safe with a good lock is important if you're going to keep your gold in your house. Burying that safe in the back yard or behind a wall increases the amount of time it will take a good safe-cracker to get your gold, by varying amounts. He's only got so much time since your alarm system already called the cops, so if you make him spend that time finding the safe, he has less time to crack it. But the costs aren't only for the safe cracker. If you've buried that safe in the back yard, it's going to be a bitch to get the gold out when you need it. Same with DROP'ing packets - it makes network management and troubleshooting harder. So, more people will opt for a hidden wall-mounted safe and not put a sign on their front door that reads, the safe is under bar in the study. Even if it's got an awesome lock. I use layered firewalls, encrypt my disks, keep my software up-to-date, REJECT connections, respond to pings, and I'm not telling you where my gold is hidden. ;) Those are the right trade-offs for my situation, YMMV. -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: No Frozen Rawhide
On 07/22/2009 12:39 PM, Bruno Wolff III wrote: I think the confusion for normal users will be minimal, because normal users won't be looking at the raw repos in any case. There's a class of users between active developers/QA folk and people who only use GUI package managers who are apt to go to a download site looking for RPM's. That said, I think a succinct README (This is pre-release code, there be goblins here) in the right directory that Apache auto-displays for index listings would be sufficient to warn off those users. Otherwise, _somebody_ is going to say, oh, cool, 12 is out, I missed that. -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Feature proposal: Rebootless Installer
On 07/14/2009 11:04 AM, Christoph Wickert wrote: 2. Imagine after the installation you switch rebootless to the new system and install a kmod. But you are still running the kernel from the installation medium and kmods get installed for the running kernel, which not necessarily needs to be the one that was installed. Would it be feasible to fetch the current kernel from the 'net (if possible/permitted) and kexec into it before proceeding with the install? With liveUSB there's persistence, but is there a way to have a ramdisk survive kexec for liveCD? Heck, fetch the latest anaconda too, and get rid of some of the zero-day problems we have that require respins now. -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: http://www.fsf.org/news/dont-depend-on-mono
On 07/07/2009 07:42 PM, Kevin Kofler wrote: RAND does not necessarily mean royalty-free Oh, I agree. The trick is nobody knows what those RAND terms are. Free, not free, something-we-never-dreamed-of, etc. Various folks (e.g. OSNews) have been attempting to get Microsoft to present them with a RAND license offer to clear this up. So, the legal theory is that since ECMA requires RAND license terms, and the spec is a published ECMA spec, and various people have been trying to get a RAND license offer for a while, that if Microsoft drags you before a magistrate charging that you didn't get a license, that licenses were not available and therefore implicitly not required would convince him that the prosecution is malicious and get the case tossed out on its ear. Whether the argument holds any water or not, I have no idea, it's just what I've heard from defenders. -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: http://www.fsf.org/news/dont-depend-on-mono
On 07/07/2009 04:24 AM, drago01 wrote: http://port25.technet.com/archive/2009/07/06/the-ecma-c-and-cli-standards.aspx Were there any announcements about their libraries? This sounds like clarification about which parts of .NET they *don't* plan to sue people over. It would have been easy enough to add more to this announcement. With being tied up with ECMA and the various well-publicized efforts to get RAND licenses on them, these aren't the parts most people were worried about. I promise not to beat you up on any week day that's a Monday, Tuesday, Thursday or Friday. Call me paranoid, but to me this says Wednesday is Win.Forms. I'd be happy to be proven wrong by a subsequent press release - then Fedora [project,users] only need worry about whether Microsoft should be setting technical direction. -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Feature proposal: Extended Life Cycle Support
On 07/05/2009 08:03 PM, Kevin Kofler wrote: They already have 7 months of time to move to the next version. It's just if they absolutely want to skip a version that they only have 1 month. In the field I've often found that a Fedora at GA+0 isn't really ready to deploy. A bunch of fixes come in quickly, and things are mostly rock-solid by 2 months in, maybe 3. So, one can't really plan to skip versions and remain stable - 1 month is too short. One way to look at this project, then, would be to extend the EOL of the previous version by that period (however it could be rigorously defined). That would enable effective version skipping, thus doubling the effective life of a release. The tools required to make a 2-version skip dependable would be another useful avenue. WRT Legacy, that was done before the Extras merge, right? Did Legacy handle Extras? I don't recall, but if not that could make this incarnation that many times more difficult. -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: KSplice in Fedora?
On 06/30/2009 06:23 PM, Kevin Kofler wrote: The average home user turns his/her computer off when going to sleep, so he/she reboots at least once per day. Can we measure this? My anecdotal evidence says most home users walk away from the computer and let the default power management settings do whatever they do, so they don't have to worry about rebuilding their workspace state every day. Even laziness is sufficient to explain that behavior - few GUI environments can shut down without getting the user involved in making decisions about unsaved changes, terminating stuck apps, etc. I realize the plural of 'anecdote' is not 'data', however, so it would be helpful to have some data. My netbook has low uptimes because it keeps getting hosed on resume from disk, not because I shut it down. As far as the right thing to do to 'save the earth', there are a bunch of variables. 'How much power does it take to keep DRAM fresh?' vs. 'How much power does it take to book an OS from power-hungry hard drives'. Some new RAM types in the work don't need DRAM refreshes. Engineer down the power cost 'till it's negligible. Linux could come up with some sort of COW-like scheme to start running out of suspend-to-disk space instead of restoring to RAM first (then you can suspend to flash, e.g.), etc. And none of that addresses the macroeconomic opportunity cost of final-solution energy research as a function of GDP as a function of productivity (but now I'm completely off-topic). -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: KSplice in Fedora?
On 06/30/2009 01:20 PM, Jochen Schmitt wrote: Am 30.06.2009 19:04, schrieb Bill McGonigle: ksplice updates are only available for: 1. kernels that have been the lastest kernel in the past two weeks 2. kernel updates that are remotely exploitable 3. kernel updates that rate 'high' on CVSS I'd have to do more research to be sure, but just guessing this feels like 0-4 candidates per Fedora release cycle. Please keep in mind, that you can't handle a kernel update, if globlal structure was changed. Jon says this isn't so (BTW, Jon, thanks for the very informative post if you're reading this). But most kernel security updates don't do this anyway, to the best of my knowledge. They're fixing a buffer check, adding an extra if to validate an assumption, etc. Because Fedora has several kernel update in the lifetime, you have to create a ksplice kernelpatch for each kernel release which is available on Fedora. Since you quoted my post with criteria to avoid this, I have to assume I'm missing your point here. Could you clarify? -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: KSplice in Fedora?
On 07/01/2009 01:48 PM, Jochen Schmitt wrote: On Fedora we have kernels from the 2.6.27 and from the 2.6.28 series. This means, that you have to create seperates kernel patch modules for each kernel release which was submitted for Fedora-10. This is why I suggested it would be practical to set a bar. The example I gave was a kernel which was the latest kernel in the past two weeks. This would usually be one, occasionally two. For a sysadmin, it's pretty easy to schedule a reboot within two weeks. '-r now' can be impossible. The reseason to do it, is that ksplice is not able to handled patches, which may change global data structures. Have there been remotely exploitable and/or CVSS 'high' kernel problems for which the patches need to change global data structures? Perhaps I'm just unaware of them. Besides this, Jon Masters' post says ksplice can handle this (unless I'm misunderstanding his post). Even though it can, if a bar as set above were set, Fedora wouldn't need to. -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: KSplice in Fedora?
On 06/29/2009 10:49 PM, Kevin Kofler wrote: It can only handle small patches which don't change any data structures. So the official Fedora kernel updates will never be suitable to be distributed through KSplice. And to date there hasn't really been any compelling reason to issue tiny patch security-updated kernels, 'cause you have to reboot anyway, right? But as the technology improves, more opportunities arise. I recall deploying some sort of hack workaround for the vmsplice exploit a while back on a whole bunch of machines (Fedora or downstreams) that were going to need a reboot scheduled up to a week in the future. This kind of technology would have been really swell to have then. Lots of reasons to not want to reboot machines - most of the arguments for supporting laptop suspend would fit. Some of them may fall into the protecting users from themselves category, but that's not a bad thing either. -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Fedora 11 wireless-tools yum erase?
On 06/22/2009 10:14 AM, Dan Williams wrote: It's also a question of maintainability. Sure, we could split up tons of packages and add code to all the tools to check runtime-availability of every tool they might use. But that's just insane, and increases the maintenance burden tremendously. This is roughly what Gentoo does, right? Of course, Gentoo has the 'luxury' of re-compiling. But that just gets at, I think, that vanilla c isn't flexible enough to handle this dynamically. A Python app could do it pretty easily, IIRC. In that case, a Python implementation of a thing could conceivably compete for mindshare against the c version, given the inherent trade-offs. One could imagine Feature: and Feature-Requires: tags in a spec that could be used to generate more complex dependency trees and automatically generate the proper set of package-foo.rpm files. Integrating this with yum and/or graphical package managers would certainly be a ton of work. But to get to the thematic question, probably nobody (for large values of nobody) cares if any given package has a 40KB dependency. It's when you have a thousand packages that have a thousand unneeded dependencies, you increase the cost (time, disk, memory, cpu, bandwidth, electricity, complexity) to install, update, etc. and you wind up excluding very small computing devices in some cases. I agree that making humans manage this would approach insanity. But does that necessarily preclude allowing computers to handle it? -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
bodhi - testing back to pending?
Hi, all, I couldn't figure this out from the wiki: Do updates in -testing go back to pending if they're not pushed to stable in some amount of time? I'd like to see a tor security update make it to -updates. The package's page: https://admin.fedoraproject.org/updates/F10/FEDORA-2009-1522 indicates that it was pushed to -testing shortly after being submitted, but it's not there now, and bodhi never updated Bugzilla with a notice that it had been pushed to testing: https://bugzilla.redhat.com/show_bug.cgi?id=499438 Additionally, the package maintainer isn't able to get the bodhi client to work, so what is the right way to ask somebody to push it (back?) over to testing? If that's done, I think testers can give it the karma it needs to get out. Thanks, -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Split Media - A use case
On 06/15/2009 12:24 PM, Michael Cronenworth wrote: In fact, why are you wasting a DVD or CDs? That's not very green of you. Give them a USB stick with the DVD install ISO loaded on it so it can be reused for more useful things. On a machine with only a CD drive, it's not unreasonable to assume either a BIOS that can't boot a USB stick or USB 1, which is likely slower than IDE CD. One population I've been recommending for Fedora lately is folks with Apple PPC gear which has been abandoned by Apple. Devices like iBooks often came standard with CD-ROM. If I'm helping someone with an install, it's usually at my office with a fast cable modem. Around here, though, more than half of the population is on dial-up. Even a LiveCD install isn't sufficient for many of them, though delta RPM's are a major advance for them, once they've installed the bulk of data. Does Fedora want to exclude folks with old machines on dial-up? That would be a strategic decision with positive and negative implications. I seed the Centos 5.3 CD's because I use them quite a bit on older servers and see that set as one of my highest bandwidth users. The mindset seemed to be for a while, for servers, it's not a multimedia machine, it doesn't need DVD. That's the height of narrow foresight, but seemingly common in mid-sized companies' data centers. And getting a replacement DVD for their stupid proprietary slim CD slot is somewhere between ludicrously expensive and impossible. But they usually have USB2. I could probably count a dozen machines I've installed from my own CD set. Really, though, if I can compose a CD set from a repo or DVD, and it's ridiculously easy, I don't care if it's on the mirrors. Does jigdo make it that easy? I haven't tried yet. Does smolt report data on optical drives in machines? -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Changing the default 32-bit x86 arch for Fedora 12
On 06/15/2009 03:34 PM, Krzysztof Halasa wrote: I wonder if a switch like that makes a difference for owners of newer CPUs. Aren't they/we already using x86-64, leaving i386 for old hardware and netbooks? Many third-party vendors are just/still getting their stuff working on 64-bit, so, sadly, no. The poor saps who have to run non-free software, especially. But things are much better today than they were even just a year ago, and these are future discussions. It seems likely that a year hence everybody [for most values of 'every'] will be up to speed, which is about when F11 will be EOL. My brand new eeePC 1000he is only a 32-bit Atom, though, so as much as I'd like to support old gear, I'd like it to be fast on my netbook too. But I agree with the statisticians in the room who are calling for data. One thing that might seem counter-intuitive is that people tune for old hardware as well as new. I have a project on a Via C7 that I run a gentoo-based distro on because I can tweak compilation for that hardware, and I've seen 40% gains in some areas. On a Core2Quad, I run Fedora and don't look back, as I have CPU to spare and haven't seen a benefit in tuning for it. -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Static system level uid/gid's reservations in Fedora/RHEL - how to handle situation?
On 04/28/2009 03:04 AM, Ondřej Vašík wrote: What's the best way to handle that situation? One possibility is to increase the threshold of system level id's (to 200? 300?) I guess I've been blissfully ignorant and always assumed that id's under 500 were reserved for system use since Redhat systems have always created the first user uid as 500. Other admins I've worked with have been similarly misinformed, so you might get lucky here. I wonder if a check for uid's between 100 and 500 could be added to smolt. -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
