Re: FESCO request to revert password confirmation change in F22
Am 08.03.2015 um 17:24 schrieb Nico Kadel-Garcia: There's also a counterproductive effect. Passwords that are enforced, by policy, to be nonsensical gibberish tend to be written down, because no one can remember them. And because no one can remember them, they're written down in easily accessed locations. The classic storage is the Post-it note on the secretary's desk, but I see a lot of people who should know better writing them into source control systems that everyone in the company can read correct not so problematic in case of a policy rejecting insecure passwords *but* the real problem are security auditors claiming you have to disable the option to store a password in your browser for web-applications yes, if someone can access that password store you have a problem but given you have a master-password configured the access to the whole firefox profile is pointless if you are forced to note in somewhere it's likely a more dangerous place, if someone combines that policy with you have to change your password every month he is a fool with a theoretic view not aware what damage he does as example my my passwords are 26 chars long, the generator is self written even using openssl random stuff and if some idiot forbids me to store that *impossible to remember* passwords and enforce to change them all the time he gains nothing but problems signature.asc Description: OpenPGP digital signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: FESCO request to revert password confirmation change in F22
On 8 March 2015 at 08:41, Mike Pinkerton pseli...@mindspring.com wrote: Ok, to bring this back around to where we started -- password quality checkers on Fedora: 1. By positing a strategic attacker, we have now reduced the time we expect it to take him/her to crack our 29 character password ( rastafarianestablishmentarian), with whatever amount of entropy it has, to a matter of weeks or months rather than millions of years. Even if we had used a slightly longer password with upper case and numerals -- Rastafarianestablishmentarian2015 -- that would probably still be true because it matches a common pattern of initial upper case and appended numerals. 2. Humans are so good at patterns that we tend to embed them in everything we do, knowingly or unknowingly. Given that, any password or passphrase that a random user can easily remember is likely to match a fairly common pattern. 3. How do you get your password quality checker to recognize all such patterns, rather than just computing a string's entropy? You can't give an absolute number in deterministic time because the problem you are trying to solve is pretty much the travelling sales person problem in one form or another. You can come up with short cuts to give approximate level of 'strength' but you can't give an absolute 0/1 answer. The problem is that the better that you want me to gauge your password's strength the more resources (memory, time, etc) I need to do it. At a certain point it is not worth it so we are going to have to choose a methodology as a first guess and go with that. -- Stephen J Smoogen. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
[perl-parent] Created tag perl-parent-0.229-1.fc23
The lightweight tag 'perl-parent-0.229-1.fc23' was created pointing to: cc17c57... Update to 0.229 -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
Re: some differences between doc stuff and license stuff
On 03/08/2015 07:48 AM, Björn Persson wrote: · Files under /usr/share/doc are automatically tagged as documentation files even if %doc isn't used. Files under /usr/share/licenses are not automatically tagged as license files, so they need to be preceded by %license in file lists. I noticed the change to %doc files just a few days ago. Was this announced? This automatic process is grabbing license files since most projects have them in the /usr/share/doc and therefore negate the usefulness of %license to separate out the license files. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Broken dependencies: perl-Image-SubImageFind
perl-Image-SubImageFind has broken dependencies in the rawhide tree: On x86_64: perl-Image-SubImageFind-0.03-4.fc22.x86_64 requires libMagick++-6.Q16.so.3()(64bit) On i386: perl-Image-SubImageFind-0.03-4.fc22.i686 requires libMagick++-6.Q16.so.3 On armhfp: perl-Image-SubImageFind-0.03-4.fc22.armv7hl requires libMagick++-6.Q16.so.3 Please resolve this as soon as possible. -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
File MooseX-Getopt-0.68.tar.gz uploaded to lookaside cache by eseyman
A file has been added to the lookaside cache for perl-MooseX-Getopt: 9016a352e86b8235a4578b2b86105b45 MooseX-Getopt-0.68.tar.gz -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[perl-Mojolicious] Update to 6.01
commit b9291848fa1b04f23e6e81fa6a4ed40270c235ec Author: Emmanuel Seyman emman...@seyman.fr Date: Sun Mar 8 09:31:45 2015 +0100 Update to 6.01 .gitignore| 1 + perl-Mojolicious.spec | 7 +-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) --- diff --git a/.gitignore b/.gitignore index ef32b22..a3e6dfb 100644 --- a/.gitignore +++ b/.gitignore @@ -163,3 +163,4 @@ Mojolicious-0.26.tar.gz /Mojolicious-5.79.tar.gz /Mojolicious-5.81.tar.gz /Mojolicious-6.0.tar.gz +/Mojolicious-6.01.tar.gz diff --git a/perl-Mojolicious.spec b/perl-Mojolicious.spec index 9b1da24..3d8567c 100644 --- a/perl-Mojolicious.spec +++ b/perl-Mojolicious.spec @@ -1,6 +1,6 @@ Name: perl-Mojolicious -Version:6.0 -Release:2%{?dist} +Version:6.01 +Release:1%{?dist} Summary:A next generation web framework for Perl License:Artistic 2.0 @@ -59,6 +59,9 @@ make test %{_mandir}/man3/* %changelog +* Sun Mar 08 2015 Emmanuel Seyman emman...@seyman.fr - 6.01-1 +- Update to 6.01 + * Sun Mar 01 2015 Emmanuel Seyman emman...@seyman.fr - 6.0-2 - rebuilt diff --git a/sources b/sources index 1c5cbac..8b01d0d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -badb7f7b4db8e9ef427d4d1178f15b6c Mojolicious-6.0.tar.gz +851eefadf653afa777d8b2c73cbc0cf5 Mojolicious-6.01.tar.gz -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[perl-MooseX-Getopt] Update to 0.68
commit ac95d7bed5ec2c90cfb877e311d65ca543949a44 Author: Emmanuel Seyman emman...@seyman.fr Date: Sun Mar 8 09:54:47 2015 +0100 Update to 0.68 perl-MooseX-Getopt.spec | 5 - sources | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) --- diff --git a/perl-MooseX-Getopt.spec b/perl-MooseX-Getopt.spec index 27ce3cd..8aea492 100644 --- a/perl-MooseX-Getopt.spec +++ b/perl-MooseX-Getopt.spec @@ -1,6 +1,6 @@ Name: perl-MooseX-Getopt Summary:Moose role for processing command line options -Version:0.67 +Version:0.68 Release:1%{?dist} License:GPL+ or Artistic Group: Development/Libraries @@ -93,6 +93,9 @@ perl Build.PL --installdirs=vendor %{_mandir}/man3/MooseX::Getopt::Strict.3* %changelog +* Sun Mar 08 2015 Emmanuel Seyman emman...@seyman.fr - 0.68-1 +- Update to 0.68 + * Sun Mar 01 2015 Emmanuel Seyman emman...@seyman.fr - 0.67-1 - Update to 0.67 diff --git a/sources b/sources index f3794a8..b379cf6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -e2b107d73a622d57cbc7b3678a8b27e9 MooseX-Getopt-0.67.tar.gz +9016a352e86b8235a4578b2b86105b45 MooseX-Getopt-0.68.tar.gz -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[perl-Config-MVP] Update to 2.2000090
commit 5132f5d5b53e3f9035f29ed2f7f312d829dc627d Author: Emmanuel Seyman emman...@seyman.fr Date: Sun Mar 8 09:03:17 2015 +0100 Update to 2.290 .gitignore | 1 + perl-Config-MVP.spec | 11 ++- sources | 2 +- 3 files changed, 8 insertions(+), 6 deletions(-) --- diff --git a/.gitignore b/.gitignore index ee92079..d2c26bc 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ Config-MVP-2.101650.tar.gz /Config-MVP-2.22.tar.gz /Config-MVP-2.23.tar.gz /Config-MVP-2.28.tar.gz +/Config-MVP-2.29.tar.gz diff --git a/perl-Config-MVP.spec b/perl-Config-MVP.spec index e549af5..7705965 100644 --- a/perl-Config-MVP.spec +++ b/perl-Config-MVP.spec @@ -1,5 +1,5 @@ Name: perl-Config-MVP -Version:2.28 +Version:2.29 Release:1%{?dist} Summary:Multivalue-property package-oriented configuration License:GPL+ or Artistic @@ -8,7 +8,7 @@ URL:http://search.cpan.org/dist/Config-MVP/ Source0: http://www.cpan.org/authors/id/R/RJ/RJBS/Config-MVP-%{version}.tar.gz BuildArch: noarch BuildRequires: perl(Class::Load) = 0.17 -BuildRequires: perl(ExtUtils::MakeMaker) +BuildRequires: perl(ExtUtils::MakeMaker) = 6.76 BuildRequires: perl(File::Spec) BuildRequires: perl(lib) BuildRequires: perl(Module::Pluggable::Object) @@ -48,14 +48,12 @@ things that do. %setup -q -n Config-MVP-%{version} %build -%{__perl} Makefile.PL INSTALLDIRS=vendor +%{__perl} Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1 make %{?_smp_mflags} %install make pure_install DESTDIR=$RPM_BUILD_ROOT -find $RPM_BUILD_ROOT -type f -name .packlist -exec rm -f {} \; - %{_fixperms} $RPM_BUILD_ROOT/* %check @@ -68,6 +66,9 @@ make test %{_mandir}/man3/* %changelog +* Sun Mar 08 2015 Emmanuel Seyman emman...@seyman.fr - 2.29-1 +- Update to 2.29 + * Mon Nov 10 2014 Emmanuel Seyman emman...@seyman.fr - 2.28-1 - Update to 2.28 - Use the %%license tag diff --git a/sources b/sources index 434daf5..491922c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -5727772741e8c503bcfac110850891d7 Config-MVP-2.28.tar.gz +bf95d25777805bc760781498d8a412ed Config-MVP-2.29.tar.gz -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[perl-Palm-PDB] Update to 1.400
commit e3cec2a2e7bb18ae4bcc962b57f6ccd97d262ad1 Author: Emmanuel Seyman emman...@seyman.fr Date: Sun Mar 8 09:17:38 2015 +0100 Update to 1.400 .gitignore | 1 + perl-Palm-PDB.spec | 9 ++--- sources| 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) --- diff --git a/.gitignore b/.gitignore index 4bd42a3..6a7f3f0 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ /Palm-PDB-1.016.tar.gz +/Palm-PDB-1.400.tar.gz diff --git a/perl-Palm-PDB.spec b/perl-Palm-PDB.spec index 0891ec5..3f2ccda 100644 --- a/perl-Palm-PDB.spec +++ b/perl-Palm-PDB.spec @@ -1,6 +1,6 @@ Name: perl-Palm-PDB -Version:1.016 -Release:2%{?dist} +Version:1.400 +Release:1%{?dist} Summary:Parse Palm database files License:GPL+ or Artistic @@ -10,7 +10,7 @@ Source0: http://www.cpan.org/authors/id/C/CJ/CJM/Palm-PDB-%{version}.tar. BuildArch: noarch BuildRequires: perl BuildRequires: perl(constant) = 1.03 -BuildRequires: perl(ExtUtils::MakeMaker) +BuildRequires: perl(ExtUtils::MakeMaker) = 6.76 BuildRequires: perl(IO::File) BuildRequires: perl(Pod::Coverage::TrustPod) BuildRequires: perl(Test::More) @@ -49,6 +49,9 @@ make test %{_mandir}/man3/Palm* %changelog +* Sun Mar 08 2015 Emmanuel Seyman emman...@seyman.fr - 1.400-1 +- Update to 1.400 + * Sat Jan 31 2015 Emmanuel Seyman emman...@seyman.fr - 1.016-2 - Take into account package review (#1187873) diff --git a/sources b/sources index 8b5c0ed..4398b49 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -be61b9abbe701ce24662d89ca53aedb1 Palm-PDB-1.016.tar.gz +1946ecfe2772a0fbac6219e3a5e455b0 Palm-PDB-1.400.tar.gz -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[Bug 1198131] perl-Moo-2.000000 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1198131 --- Comment #2 from Upstream Release Monitoring upstream-release-monitor...@fedoraproject.org --- eseyman's perl-Moo-2.00-1.fc23 completed http://koji.fedoraproject.org/koji/buildinfo?buildID=618953 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=kt0cQdi9iya=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
File Mojolicious-6.01.tar.gz uploaded to lookaside cache by eseyman
A file has been added to the lookaside cache for perl-Mojolicious: 851eefadf653afa777d8b2c73cbc0cf5 Mojolicious-6.01.tar.gz -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
File Pod-Simple-Wiki-0.17.tar.gz uploaded to lookaside cache by eseyman
A file has been added to the lookaside cache for perl-Pod-Simple-Wiki: 9d3f9f6fd422be7d9ddf2ad35b1a63e4 Pod-Simple-Wiki-0.17.tar.gz -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[perl-Pod-Simple-Wiki] Update to 0.17
commit 09ae34a817787e21f3b0986cd98125acaacfe03e Author: Emmanuel Seyman emman...@seyman.fr Date: Sun Mar 8 09:51:36 2015 +0100 Update to 0.17 .gitignore| 1 + perl-Pod-Simple-Wiki.spec | 14 +++--- sources | 2 +- 3 files changed, 9 insertions(+), 8 deletions(-) --- diff --git a/.gitignore b/.gitignore index ed4c121..402893e 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ Pod-Simple-Wiki-0.09.tar.gz /Pod-Simple-Wiki-0.14.tar.gz /Pod-Simple-Wiki-0.15.tar.gz /Pod-Simple-Wiki-0.16.tar.gz +/Pod-Simple-Wiki-0.17.tar.gz diff --git a/perl-Pod-Simple-Wiki.spec b/perl-Pod-Simple-Wiki.spec index 6bcbb70..188d6f1 100644 --- a/perl-Pod-Simple-Wiki.spec +++ b/perl-Pod-Simple-Wiki.spec @@ -1,6 +1,6 @@ Name: perl-Pod-Simple-Wiki -Version:0.16 -Release:3%{?dist} +Version:0.17 +Release:1%{?dist} Summary:Utility and perl classes for converting POD to Wiki text License:GPL+ or Artistic Group: Development/Libraries @@ -9,7 +9,7 @@ Source0: http://www.cpan.org/authors/id/J/JM/JMCNAMARA/Pod-Simple-Wiki-%{ Patch0: perl-Pod-Simple-Wiki-0.09-escape.patch # Reported upstream: http://rt.cpan.org/Public/Bug/Display.html?id=38833 BuildArch: noarch -BuildRequires: perl(ExtUtils::MakeMaker) +BuildRequires: perl(ExtUtils::MakeMaker) = 6.76 BuildRequires: perl(Pod::Simple) BuildRequires: perl(Test::More) Requires: perl(Pod::Simple) @@ -31,16 +31,13 @@ iconv -f latin1 -t utf-8 README README.utf-8 mv README.utf-8 README %build -%{__perl} Makefile.PL INSTALLDIRS=vendor +%{__perl} Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1 make %{?_smp_mflags} %install make pure_install PERL_INSTALL_ROOT=$RPM_BUILD_ROOT -find $RPM_BUILD_ROOT -type f -name .packlist -exec rm -f {} \; -find $RPM_BUILD_ROOT -depth -type d -exec rmdir {} 2/dev/null \; - %{_fixperms} $RPM_BUILD_ROOT/* @@ -57,6 +54,9 @@ make test %changelog +* Sun Mar 08 2015 Emmanuel Seyman emman...@seyman.fr - 0.17-1 +- Update to 0.17 + * Wed Aug 27 2014 Jitka Plesnikova jples...@redhat.com - 0.16-3 - Perl 5.20 rebuild diff --git a/sources b/sources index 0f8b7ae..6603fb3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -3be18f6101bc5af2ddc8939505e72c38 Pod-Simple-Wiki-0.16.tar.gz +9d3f9f6fd422be7d9ddf2ad35b1a63e4 Pod-Simple-Wiki-0.17.tar.gz -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
File Palm-PDB-1.400.tar.gz uploaded to lookaside cache by eseyman
A file has been added to the lookaside cache for perl-Palm-PDB: 1946ecfe2772a0fbac6219e3a5e455b0 Palm-PDB-1.400.tar.gz -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
File Moo-2.000000.tar.gz uploaded to lookaside cache by eseyman
A file has been added to the lookaside cache for perl-Moo: f5b9072f321c66915e3af3d8e6b6674e Moo-2.00.tar.gz -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[perl-Moo] Update to 2.000000
commit 3f0c0a5834a25a4e427de887d9dd63e48c32154c Author: Emmanuel Seyman emman...@seyman.fr Date: Sun Mar 8 09:23:39 2015 +0100 Update to 2.00 .gitignore| 1 + perl-Moo.spec | 12 +++- sources | 2 +- 3 files changed, 9 insertions(+), 6 deletions(-) --- diff --git a/.gitignore b/.gitignore index d671151..511d579 100644 --- a/.gitignore +++ b/.gitignore @@ -20,3 +20,4 @@ /Moo-1.006000.tar.gz /Moo-1.006001.tar.gz /Moo-1.007000.tar.gz +/Moo-2.00.tar.gz diff --git a/perl-Moo.spec b/perl-Moo.spec index 9079c63..a5d97af 100644 --- a/perl-Moo.spec +++ b/perl-Moo.spec @@ -1,14 +1,14 @@ Name: perl-Moo -Version:1.007000 +Version:2.00 Release:1%{?dist} Summary:Minimalist Object Orientation (with Moose compatibility) License:GPL+ or Artistic -Group: Development/Libraries + URL:http://search.cpan.org/dist/Moo/ Source0: http://search.cpan.org/CPAN/authors/id/H/HA/HAARG/Moo-%{version}.tar.gz BuildArch: noarch BuildRequires: perl -BuildRequires: perl(ExtUtils::MakeMaker) +BuildRequires: perl(ExtUtils::MakeMaker) = 6.76 BuildRequires: perl(strict) BuildRequires: perl(warnings) # Run-time: @@ -77,12 +77,11 @@ not quite- two thirds of Moose. %setup -q -n Moo-%{version} %build -%{__perl} Makefile.PL INSTALLDIRS=vendor +%{__perl} Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1 make %{?_smp_mflags} %install make pure_install DESTDIR=%{buildroot} -find %{buildroot} -type f -name .packlist -exec rm -f {} \; %{_fixperms} %{buildroot}/* %check @@ -94,6 +93,9 @@ make test %{_mandir}/man3/* %changelog +* Sun Mar 08 2015 Emmanuel Seyman emman...@seyman.fr - 2.00-1 +- Update to 2.00 + * Sun Jan 25 2015 Emmanuel Seyman emman...@seyman.fr - 1.007000-1 - Update to 1.007000 diff --git a/sources b/sources index 6343721..db96a1e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -45dfb1157721f15d1f80b6514031d4f6 Moo-1.007000.tar.gz +f5b9072f321c66915e3af3d8e6b6674e Moo-2.00.tar.gz -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[Bug 1195862] Review Request: perl-Class-Virtual - Base class for virtual base classes in Perl
https://bugzilla.redhat.com/show_bug.cgi?id=1195862 Fedora Update System upda...@fedoraproject.org changed: What|Removed |Added Status|MODIFIED|ON_QA --- Comment #11 from Fedora Update System upda...@fedoraproject.org --- perl-Class-Virtual-0.07-1.el6 has been pushed to the Fedora EPEL 6 testing repository. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=qHKpctoBHna=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[Bug 1185331] perl-Net-Whois-Raw-2.82 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1185331 Fedora Update System upda...@fedoraproject.org changed: What|Removed |Added Fixed In Version|perl-Net-Whois-Raw-2.82-1.f |perl-Net-Whois-Raw-2.82-1.e |c20 |l7 --- Comment #8 from Fedora Update System upda...@fedoraproject.org --- perl-Net-Whois-Raw-2.82-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=ZjjxfDC04oa=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[Bug 1185489] permissions of dspamc different than dspam
https://bugzilla.redhat.com/show_bug.cgi?id=1185489 Fedora Update System upda...@fedoraproject.org changed: What|Removed |Added Fixed In Version|dspam-3.10.2-10.el7 |dspam-3.10.2-6.el6 --- Comment #11 from Fedora Update System upda...@fedoraproject.org --- dspam-3.10.2-6.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=VV2ZogQFLza=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[Bug 1193177] sqlite3_drv bad memory free and severe performance bug - with patch
https://bugzilla.redhat.com/show_bug.cgi?id=1193177 Fedora Update System upda...@fedoraproject.org changed: What|Removed |Added Fixed In Version|dspam-3.10.2-10.el7 |dspam-3.10.2-6.el6 --- Comment #16 from Fedora Update System upda...@fedoraproject.org --- dspam-3.10.2-6.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=qgHyAWCFnsa=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[Bug 1185331] perl-Net-Whois-Raw-2.82 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1185331 Fedora Update System upda...@fedoraproject.org changed: What|Removed |Added Fixed In Version|perl-Net-Whois-Raw-2.82-1.e |perl-Net-Whois-Raw-2.82-1.e |l7 |l6 --- Comment #9 from Fedora Update System upda...@fedoraproject.org --- perl-Net-Whois-Raw-2.82-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=ZdQHO9nML3a=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[EPEL-devel] Fedora EPEL 6 updates-testing report
The following Fedora EPEL 6 Security updates need testing: Age URL 1051 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6 115 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4008/cross-binutils-2.23.51.0.3-1.el6.1 104 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4242/facter-1.6.18-8.el6 92 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4485/python-tornado-2.2.1-7.el6 74 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4884/mapserver-6.0.4-1.el6 54 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0232/chicken-4.9.0.1-2.el6 31 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0644/perl-Gtk2-1.2495-1.el6 28 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0696/drupal7-path_breadcrumbs-3.2-1.el6 21 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0779/drupal7-views-3.10-1.el6 10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0942/novnc-0.5.1-2.el6 10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0864/nodejs-0.10.36-3.el6,libuv-0.10.34-1.el6,v8-3.14.5.10-17.el6 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0992/libpng10-1.0.63-1.el6 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0985/drupal7-entity-1.6-1.el6 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1022/cabextract-1.5-1.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1047/putty-0.63-4.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1107/dokuwiki-0-0.24.20140929c.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1108/librsync-1.0.0-1.el6,csync2-1.34-15.el6,duplicity-0.6.22-4.el6,rdiff-backup-1.2.8-6.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1173/seamonkey-2.28-4.ESR_31.5.0.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1177/libmspack-0.5-0.1.alpha.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1069/phpMyAdmin-4.0.10.9-1.el6 The following builds have been pushed to Fedora EPEL 6 updates-testing HepMC-2.06.09-9.el6 R-qtl-1.36.6-1.el6 bash-argsparse-1.7-1.el6 csdiff-1.2.1-1.el6 csmock-1.7.2-1.el6 cswrap-1.3.0-1.el6 csync2-1.34-15.el6 dokuwiki-0-0.24.20140929c.el6 drupal7-features-2.4-1.el6 drupal7-token-1.6-1.el6 duplicity-0.6.22-4.el6 fedpkg-minimal-1.0.0-3.el6 fts-3.2.32-1.el6 fts-monitoring-3.2.32-1.el6 fts-mysql-3.2.32-1.el6 getmail-4.47.0-1.el6 gfal2-2.8.4-1.el6 git-review-1.24-4.el6 globus-ftp-client-8.20-1.el6 golang-bitbucket-ww-goautoneg-0-0.2.git75cd24fc2f2c.el6 golang-github-docker-spdystream-0-0.2.gite9bf991.el6 golang-github-google-gofuzz-0-0.5.gitbbcb9da.el6 golang-github-matttproud-golang_protobuf_extensions-0-0.2.gitba7d65a.el6 golang-github-prometheus-client_golang-0-0.3.gite5098ac.el6 golang-github-prometheus-client_model-0-0.3.gitfa8ad6f.el6 golang-github-prometheus-procfs-0-0.2.git6c34ef8.el6 golang-github-rackspace-gophercloud-1.0.0-5.el6 golang-github-russross-blackfriday-1.2-5.el6 golang-github-stretchr-testify-0-0.7.gite4ec815.el6 golang-googlecode-goprotobuf-0-0.13.gitc22ae3c.el6 ipv6calc-0.98.0-10.el6 js-jquery-2.1.3-1.el6 js-jquery1-1.11.2-2.el6 js-sizzle-2.1.1-1.jquery.2.1.2.el6 lhapdf-5.9.1-9.el6 libmspack-0.5-0.1.alpha.el6 librsync-1.0.0-1.el6 milter-greylist-4.5.12-2.el6 milter-regex-2.0-1.el6 mingw-zlib-1.2.8-2.el6 munin-2.0.25-2.el6 opendkim-2.10.1-2.el6 opendmarc-1.3.1-3.el6 owncloud-7.0.4-3.el6 perl-Class-Virtual-0.07-1.el6 perl-SOAP-Lite-0.716-4.el6 php-google-apiclient-1.1.2-2.el6 php-horde-Horde-Core-2.19.2-1.el6 php-horde-Horde-Group-2.0.5-1.el6 php-horde-Horde-HashTable-1.2.3-1.el6 php-horde-Horde-Http-2.1.4-1.el6 php-horde-Horde-Service-Weather-2.1.6-1.el6 php-horde-Horde-Util-2.5.4-1.el6 php-pecl-redis-2.2.7-1.el6 php-sabre-dav-1.8.12-1.el6 php-sabredav-Sabre_VObject-2.1.7-1.el6 phpMyAdmin-4.0.10.9-1.el6 putty-0.63-4.el6 pyflakes-0.7.3-5.el6 python-fedora-0.3.37-1.el6 python-httpretty-0.8.3-3.el6 python-pep8-1.4.6-3.el6 qsstv-8.2.10-1.el6 rdiff-backup-1.2.8-6.el6 root-5.34.26-1.el6 seamonkey-2.28-4.ESR_31.5.0.el6 srm-ifce-1.22.2-1.el6 udt-4.11-4.el6 Details about builds: HepMC-2.06.09-9.el6 (FEDORA-EPEL-2015-1172) C++ Event Record for Monte Carlo Generators Update Information: Avoid hexfloat notation (gcc 5), Use greater allowed epsilon for test (fixes i686 build). ChangeLog: * Fri Mar 6 2015 Mattias Ellert mattias.ell...@fysast.uu.se - 2.06.09-9 - Increase
Package Review Request and FE-NEEDSPONSOR
Hi all, This is my first package and I need a sponsor and a reviewer. Could someone do a review for my first package : python-docx https://bugzilla.redhat.com/show_bug.cgi?id=1194576 And if someone could sponsor me aswell.I can also do some unofficial reviews. Thanks, Kushal -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
[perl-Crypt-Random-Seed/el6] Initial import (#1183255).
Summary of changes: 2bf24a1... Initial import (#1183255). (*) (*) This commit already existed in another branch; no separate mail sent -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[Bug 1185489] permissions of dspamc different than dspam
https://bugzilla.redhat.com/show_bug.cgi?id=1185489 Fedora Update System upda...@fedoraproject.org changed: What|Removed |Added Fixed In Version|dspam-3.10.2-16.fc20|dspam-3.10.2-10.el7 --- Comment #10 from Fedora Update System upda...@fedoraproject.org --- dspam-3.10.2-10.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=GGyzy8kzpSa=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[Bug 1193177] sqlite3_drv bad memory free and severe performance bug - with patch
https://bugzilla.redhat.com/show_bug.cgi?id=1193177 Fedora Update System upda...@fedoraproject.org changed: What|Removed |Added Fixed In Version|dspam-3.10.2-16.fc20|dspam-3.10.2-10.el7 --- Comment #15 from Fedora Update System upda...@fedoraproject.org --- dspam-3.10.2-10.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=VCdTtXfnKla=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[perl-Crypt-Random-TESHA2/epel7] Initial import (#1183294).
Summary of changes: 27e1c33... Initial import (#1183294). (*) (*) This commit already existed in another branch; no separate mail sent -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
Re: Package Review Request and FE-NEEDSPONSOR
I think you should do a self introduction here first per guideline for newcomers. PS last year I gave a try on docx, its functionality was still patchy at best. -- Yours sincerely, Christopher Meng http://cicku.me -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Is there a process for requesting packaging?
On 3/9/15, gil punto...@libero.it wrote: hi i prepared java3d spec file, GpsPrune's dependency but seem do not build/support ARM arch (rawhide) [exec] DrawingSurfaceObjectAWT.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr0' [exec] Canvas3D.o:(.ARM.exidx+0x18): undefined reference to `__aeabi_unwind_cpp_pr0' [exec] Canvas3D.o:(.ARM.exidx+0x80): undefined reference to `__aeabi_unwind_cpp_pr1' [exec] GraphicsContext3D.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr1' [exec] NativeScreenInfo.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr0' [exec] NativeConfigTemplate3D.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr0' [exec] GeometryArrayRetained.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr0' [exec] GeometryArrayRetained.o:(.ARM.exidx+0x60): undefined reference to `__aeabi_unwind_cpp_pr1' [exec] Attributes.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr0' [exec] Attributes.o:(.ARM.exidx+0x8): undefined reference to `__aeabi_unwind_cpp_pr1' [exec] CgShaderProgram.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr0' [exec] GLSLShaderProgram.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr0' [exec] Lights.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr1' [exec] Result: 1 any ideas? Full log, please? -- Yours sincerely, Christopher Meng http://cicku.me -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Is there a process for requesting packaging?
Il 09/03/2015 04:13, Christopher Meng ha scritto: On 3/9/15, gil punto...@libero.it wrote: hi i prepared java3d spec file, GpsPrune's dependency but seem do not build/support ARM arch (rawhide) [exec] DrawingSurfaceObjectAWT.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr0' [exec] Canvas3D.o:(.ARM.exidx+0x18): undefined reference to `__aeabi_unwind_cpp_pr0' [exec] Canvas3D.o:(.ARM.exidx+0x80): undefined reference to `__aeabi_unwind_cpp_pr1' [exec] GraphicsContext3D.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr1' [exec] NativeScreenInfo.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr0' [exec] NativeConfigTemplate3D.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr0' [exec] GeometryArrayRetained.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr0' [exec] GeometryArrayRetained.o:(.ARM.exidx+0x60): undefined reference to `__aeabi_unwind_cpp_pr1' [exec] Attributes.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr0' [exec] Attributes.o:(.ARM.exidx+0x8): undefined reference to `__aeabi_unwind_cpp_pr1' [exec] CgShaderProgram.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr0' [exec] GLSLShaderProgram.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr0' [exec] Lights.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr1' [exec] Result: 1 any ideas? Full log, please? Task info: http://koji.fedoraproject.org/koji/taskinfo?taskID=9178041 https://gil.fedorapeople.org/java3d-1.5.2-1.fc20.src.rpm https://gil.fedorapeople.org/java3d.spec thanks -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: FESCO request to revert password confirmation change in F22
Mike Pinkerton wrote: On 7 Mar 2015, at 10:41, Björn Persson wrote: Mike Pinkerton wrote: On 6 Mar 2015, at 23:49, Adam Williamson wrote: On Fri, 2015-03-06 at 23:09 +0100, Björn Persson wrote: I hope https://xkcd.com/936/ will be among the inputs to that discussion. I'm fond of noting that pwquality has not yet blacklisted any variant of correcthorsebatterystaple. I've been using correcthorse as my stock anaconda testing password, since the strength check has been enforced... It won't stand up to a combinator attack: https://www.schneier.com/blog/archives/2013/06/a_really_good_a.html It's not entirely clear, but I guess you mean that a two-word combination like correct horse won't stand up. That appears to be true. A four-word phrase is an entirely different matter. Each additional word increases the complexity exponentially, so doubling the number of words squares the number of possible combinations. The combinator attack that is described in the Ars Technica article that Bruce Schneier quotes in the above link appears to be an attack that tries combinations of multiple words from one or more of the attacker's word lists. Certainly adding more words to the pass- phrase would make that more difficult. As I don't know the current state of the art in password cracking, I don't know whether attackers typically limit their attacks to only two words, or extend to three or more words. Quoting Ars commenter epixoip, who claims to be one of the reporter's sources: | However, it is much more complicated to crack a passhrase comprised of | several words selected at random, with say a random word generator. I | have a combinator program that I've written that allows you to combine | an arbitrary number of wordlists together (similar to combinator.bin in | hashcat-utils) and accepts an array of characters to use as word | separators. Sounds awesome, but it's slow as shit and rather | impractical (which is probably why combinator.bin only accepts two | lists.) So while there are some flaws with that XKCD comic's logic, | it's not exactly terrible advice. http://arstechnica.com/security/2012/08/passwords-under-assault/?comments=1post=23189016#comment-23189016 The catch is that the words must be *randomly* chosen. XKCD doesn't stress that point much, and humans are notoriously bad at choosing randomly. I suspect that many people make up some highly nonrandom four-word passphrase and think they have a correct horse battery staple-quality passphrase. I don't think randomness matters at all, only whether the words are in the word list(s) used by the attacker. That means that you assume that the attacker will try to brute-force the passphrase – try all the possible combinations without any optimizations. The Ars Technica article that Bruce Schneier quotes and the second one that he links to both describe at length how the password crackers analyze patterns in passwords so that they can optimize their searches by trying other strings that follow the same patterns. It is naive to assume that they don't analyze patterns in phrases in the same way. And indeed, epixoip says We're already very good at cracking passphrases that are derived from quotes, proverbs, verses, lyrics, or whathaveyou. To avoid getting cracked by such an optimized search you can choose a passphrase with no patterns in it. That is a random passphrase. A truly random passphrase can only be cracked with brute force, so then it's just a matter of estimating how long it needs to be to make brute force impractical. Up-to-date knowledge about the cost of processing power and fairly simple mathematics can yield a good estimate. If you choose a nonrandom phrase to be able to remember it better, for example a grammatically correct phrase, then you need to make it much longer to compensate. Figuring out how much longer it needs to be to make the crackers give up will be mostly guesswork. So as you can see, randomness matters immensely. Björn Persson pgpOg67JLKUNp.pgp Description: OpenPGP digital signatur -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
some differences between doc stuff and license stuff
While introducing %license in my packages I have noticed these differences that packagers should be aware of, which I haven't seen documented: · There is a macro named _licensedir which is analogous to _docdir, but there is no _pkglicensedir corresponding to _pkgdocdir. Use %{_licensedir}/%{name} instead. · Files under /usr/share/doc are automatically tagged as documentation files even if %doc isn't used. Files under /usr/share/licenses are not automatically tagged as license files, so they need to be preceded by %license in file lists. · RPMlint warns about CRLF line terminators under /usr/share/doc but not under /usr/share/licenses. Björn Persson pgppv17j6Kk3n.pgp Description: OpenPGP digital signatur -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
File parent-0.229.tar.gz uploaded to lookaside cache by pghmcfc
A file has been added to the lookaside cache for perl-parent: 960cd501d0a1f551ef72d6c77c8bc66b parent-0.229.tar.gz -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
Broken dependencies: polymake
polymake has broken dependencies in the F-22 tree: On x86_64: polymake-2.13-18.git20141013.fc22.x86_64 requires perl = 4:5.20.1 On i386: polymake-2.13-18.git20141013.fc22.i686 requires perl = 4:5.20.1 On armhfp: polymake-2.13-18.git20141013.fc22.armv7hl requires perl = 4:5.20.1 Please resolve this as soon as possible. -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
Re: FESCO request to revert password confirmation change in F22
Mike Pinkerton wrote: I was responding to Björn Persson's suggestion that, in discussions of password quality, correcthorsebatterystaple would be an example of a safe password. Safe_r_. Security in passphrases isn't a binary thing. XKCD 936 demonstrates that correct horse battery staple is much more secure than Tr0ub4dor3. (It shows the math in nice graphical form, very easy to follow.) Whether one or the other is secure enough depends on what you use it for. (Of course those two specific examples are worthless as passphrases now that they're famous.) My point is that, if attackers are using strategies other than brute forcing, which the Ars Technica article suggests is the case, then constructing long passwords out of known words is probably not a safe strategy. Those strategies are designed to crack bad passphrases that adhere to common patterns. They don't help with cracking *random* passphrases. And again, the security lies in *how many* words you use. Because the word lists used by attackers are lists of strings that they have scraped from various sources -- human language dictionaries, password strings found in previous attacks, passwords publicized by Adam on mailing lists, strings constructed on patterns (e.g., 7kids, 8kids), etc. -- a string that one would normally think of as four words -- correcthorsebatterystaple -- once it has been discovered as a password once and added to the attacker's word list, becomes only one word for all future cracking attempts. And that's why you shouldn't use a passphrase that is likely to be chosen by anyone else. You should use a *random* combination of several words, or a long *random* string of characters (stored in a password manager). Or else you should make it so long and so individual that no one else is likely to come up with the same phrase – but that's much harder than people think. I bet the person who came up with all of the lights thought it was long and individual enough, but obviously it wasn't. When I was seven, my sister threw my stuffed rabbit in the toilet. might have been. Except that the attackers aren't brute forcing long passwords. Apparently, they can successfully crack a ridiculously high percentage (90% in the Ars Technica experiment) in the space of a day using other techniques. Because a ridiculously high percentage of passwords are badly chosen. Björn Persson pgpwKO6nTL5fN.pgp Description: OpenPGP digital signatur -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
[perl-parent] Update to 0.229
commit cc17c5771e64ce6b8c8399672d4754ebd0df15ee Author: Paul Howarth p...@city-fan.org Date: Sun Mar 8 13:43:53 2015 + Update to 0.229 - New upstream release 0.229 - Add link to (Github) repository - Guard tests against PERL_DISABLE_PMC perl-parent.spec | 14 ++ sources | 2 +- 2 files changed, 11 insertions(+), 5 deletions(-) --- diff --git a/perl-parent.spec b/perl-parent.spec index 12a87de..fa4a9eb 100644 --- a/perl-parent.spec +++ b/perl-parent.spec @@ -1,7 +1,7 @@ Name: perl-parent Epoch: 1 -Version: 0.228 -Release: 311%{?dist} +Version: 0.229 +Release: 1%{?dist} Summary: Establish an ISA relationship with base classes at compile time License: GPL+ or Artistic Group: Development/Libraries @@ -9,7 +9,8 @@ URL:http://search.cpan.org/dist/parent/ Source0: http://search.cpan.org/CPAN/authors/id/C/CO/CORION/parent-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu) BuildArch: noarch -BuildRequires: perl +# Build: +BuildRequires: perl = 4:5.13.10 BuildRequires: perl(ExtUtils::MakeMaker) # Run-time: BuildRequires: perl(strict) @@ -57,9 +58,14 @@ rm -rf %{buildroot} %files %doc Changes %{perl_vendorlib}/parent.pm -%{_mandir}/man3/parent.3pm* +%{_mandir}/man3/parent.3* %changelog +* Sat Mar 7 2015 Paul Howarth p...@city-fan.org - 1:0.229-1 +- Update to 0.229 + - Add link to (Github) repository + - Guard tests against PERL_DISABLE_PMC + * Tue Jan 13 2015 Petr Pisar ppi...@redhat.com - 1:0.228-311 - Specify all dependencies diff --git a/sources b/sources index 1f74bcd..568542e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -2b64f471d423f929f74c5e857cee8dfd parent-0.228.tar.gz +960cd501d0a1f551ef72d6c77c8bc66b parent-0.229.tar.gz -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[Bug 1195345] perl-Image-SubImageFind-0.03-4.fc23 FTBFS: tests fail
https://bugzilla.redhat.com/show_bug.cgi?id=1195345 David Dick dd...@cpan.org changed: What|Removed |Added Status|NEW |CLOSED Depends On||1087263 Resolution|--- |NEXTRELEASE Last Closed||2015-03-08 18:03:46 --- Comment #1 from David Dick dd...@cpan.org --- problem solved by ImageMagick upgrade. Package rebuilt. http://koji.fedoraproject.org/koji/taskinfo?taskID=9177528 Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1087263 [Bug 1087263] ImageMagick-6.9.0-7 is available -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=mqQmY7sIV4a=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
Re: FESCO request to revert password confirmation change in F22
On 7 Mar 2015, at 20:35, Stephen John Smoogen wrote: On 7 March 2015 at 15:33, Mike Pinkerton pseli...@mindspring.com wrote: On 7 Mar 2015, at 15:52, Stephen John Smoogen wrote: On 7 March 2015 at 11:53, Mike Pinkerton pseli...@mindspring.com wrote: On 7 Mar 2015, at 10:41, Björn Persson wrote: Mike Pinkerton wrote: On 6 Mar 2015, at 23:49, Adam Williamson wrote: On Fri, 2015-03-06 at 23:09 +0100, Björn Persson wrote: I hope https://xkcd.com/936/will be among the inputs to that discussion. I'm fond of noting that pwquality has not yet blacklisted any variant of correcthorsebatterystaple. I've been using correcthorse as my stock anaconda testing password, since the strength check has been enforced... It won't stand up to a combinator attack: https://www.schneier.com/blog/archives/2013/06/a_really_good_a.html It's not entirely clear, but I guess you mean that a two-word combination like correct horse won't stand up. That appears to be true. A four-word phrase is an entirely different matter. Each additional word increases the complexity exponentially, so doubling the number of words squares the number of possible combinations. The combinator attack that is described in the Ars Technica article that Bruce Schneier quotes in the above link appears to be an attack that tries combinations of multiple words from one or more of the attacker's word lists. Certainly adding more words to the pass-phrase would make that more difficult. As I don't know the current state of the art in password cracking, I don't know whether attackers typically limit their attacks to only two words, or extend to three or more words. They limit it to 1-2 words because it takes a LONG time to crack SHA512crypt passwords. You can do on average 32k - 128k hash crypt checks per second per password. A two word dictionary of diceware would have 2^25.85 passwords in it. A single system is going to take 256 seconds on 2 words. Add in 3 words (2^38.775) and it is 24 days. Add in a 4th word and it is 544 years. Add in a 5th word and it is 4.5 million years. Apparently Diceware's creator is not as confident as you -- he nows recommends more than 5 words. http://arstechnica.com/information-technology/2014/03/diceware- passwords-now-need-six-random-words-to-thwart-hackers/ Perhaps improvements in graphics cards have changed the calculus in recent years. Yes and no. 1) He has always wanted to make sure that an attack was going to take billions of years for the US government on. Thus his level of threat is the 100 billion dollar cluster... Which yes 6 or 7 words would be needed if not 8. Your password of completely random characters will also need to be a lot longer. 2) He is also aware that most of the hacks out there have not been SHA512crypt but MD5sum/SHAsum/NT password breaches. If you are lucky they used md5crypt or the original sha1crypt. Those are formats that yes millions of attacks per second can be done in an offline attempt. If you have no control over how the password is stored then using 4 or 5 words is not enough. 3) Yes graphic cards improve with more cores but they do not increase word size as often because there really isn't much need other than cracking large passwords (bitcoin which is the primary use for video cards doesn't get faster with a larger word so it isn't something people will pay for.) Without a larger word size the various code for doing a SHA512crypt gets slow. Neither of the first two items are things which are going to be general users of Linux are needing to deal with. If you are having to worry about that sort of attack then you are going to need a lot more work than a 100+ bit entropy password. While writing this up I went and checked that the whole thing is outlined point for point in wikipedia http://en.wikipedia.org/wiki/Password_strength To estimate the time just do the following: $15,000 computer - 128k/sec = 2^17. Lets assume moore's law comes in and we have 2^20 by 2020. Take the possible entropy and subtract the 2^17 and that will give you the worst case. I believe it may be 1/4 of that so make it subtract 2^19 currently for one system and 2^29 for a cluster of 1024 computers (so 15 million dollars). 2 words is going to be (25.85-19) 115 seconds for one system and 0.1 for big ass cluster. 3 words is going to be (38.78-19) 236 hours ). 1 day for big ass cluster 4 words is going to be (51.70-19) 221 years). 1 year 5 words is going to be (64.63-19) 1.7 million years) 1700 years. (or 1.7 years for a 15 billion dollar investment). To get equivalent strength from say an all lower case password you are going to need 14 [a-z] characters. Now here is the funny thing. All that speed to get 128k is if the password is less than around 12 characters for most cracking software due to the way the hardware and algorithms have been optimized. If the string is longer
Re: FESCO request to revert password confirmation change in F22
On Sun, Mar 8, 2015 at 8:44 AM, Björn Persson Bjorn@rombobjörn.se wrote: Mike Pinkerton wrote: I was responding to Björn Persson's suggestion that, in discussions of password quality, correcthorsebatterystaple would be an example of a safe password. Safe_r_. Security in passphrases isn't a binary thing. XKCD 936 demonstrates that correct horse battery staple is much more secure than Tr0ub4dor3. (It shows the math in nice graphical form, very easy to follow.) Whether one or the other is secure enough depends on what you use it for. (Of course those two specific examples are worthless as passphrases now that they're famous.) Right. I'm the guy that brought up the XKCD comic. The actual message of the comic is entertaining, and enlightening. Our modern password creation policies are forcing us to follow arbitrary mathematical rules that make our passwords *impossible to remember*. And it gets worse. If you have RSI, or a bad keyboard or visual issues, or use a speech-text system, and you're having to type an 8 character mixed case, non-alphabetical passphrase that *you cannot visually review or confirm*, password generation becomes nightmarish. My point is that, if attackers are using strategies other than brute forcing, which the Ars Technica article suggests is the case, then constructing long passwords out of known words is probably not a safe strategy. Those strategies are designed to crack bad passphrases that adhere to common patterns. They don't help with cracking *random* passphrases. And again, the security lies in *how many* words you use. There's also a counterproductive effect. Passwords that are enforced, by policy, to be nonsensical gibberish tend to be written down, because no one can remember them. And because no one can remember them, they're written down in easily accessed locations. The classic storage is the Post-it note on the secretary's desk, but I see a lot of people who should know better writing them into source control systems that everyone in the company can read. Except that the attackers aren't brute forcing long passwords. Apparently, they can successfully crack a ridiculously high percentage (90% in the Ars Technica experiment) in the space of a day using other techniques. Because a ridiculously high percentage of passwords are badly chosen. Björn Persson And a ridiculous number of them are being set, permanently, for admins and trusted users who couldn't spell password rotation if you tattooed one word on each hand. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Is there a process for requesting packaging?
Il 08/03/2015 04:03, Pete Travis ha scritto: On Mar 7, 2015 6:15 AM, Kevin Fenzi ke...@scrye.com mailto:ke...@scrye.com wrote: On Sat, 07 Mar 2015 10:53:27 +0100 fed...@activityworkshop.net mailto:fed...@activityworkshop.net wrote: Hi list, I'm an upstream developer and I'm unfamiliar with the Fedora processes, so my apologies if I'm asking obvious questions or asking in the wrong place! Not at all. This is a fine place. ;) I've seen lots of pages about how to become a Fedora packager, and the processes for reviewing packages, but I haven't yet found anything suggesting how I could go about _requesting_ whether an already experienced Fedora packager might like to adopt another package. Is there such a thing, or is the only option that I dive into learning how to do it myself? There is a generic 'wishlist': https://fedoraproject.org/wiki/Package_maintainers_wishlist But as you can see from looking at it, its kind of a big dumping ground of anything anyone anytime thought might be nice to have packaged. ;) To be specific, I would be interested in submitting the GPL2 java application GpsPrune for inclusion. It's already in Debian, so maybe that's a good starting point. And there are unofficial rpms in OpenSuse, which may also be helpful. There are only a small number of dependencies, most of which are optional, and I would be more than happy to help from my side to tweak things if necessary. I believe that if there were packagers who had already created packages for java applications, and were willing to take on another one, it would take orders of magnitude less effort than if I were to try to do it myself and ask for it to be reviewed. Is there a way to submit a request for packaging? I'd suggest mailing the Fedora Java sig: https://lists.fedoraproject.org/mailman/listinfo/java-devel You may also get some interest here in further replies. ;) Hope that helps, kevin -- The GIS SIG might be interested in this too. There's no dedicated mailing list that I'm aware of, but http://fedoraproject.org/wiki/GIS will lead you to #fedora-gis and a list of names, at least. --Pete hi i prepared java3d spec file, GpsPrune's dependency but seem do not build/support ARM arch (rawhide) [exec] DrawingSurfaceObjectAWT.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr0' [exec] Canvas3D.o:(.ARM.exidx+0x18): undefined reference to `__aeabi_unwind_cpp_pr0' [exec] Canvas3D.o:(.ARM.exidx+0x80): undefined reference to `__aeabi_unwind_cpp_pr1' [exec] GraphicsContext3D.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr1' [exec] NativeScreenInfo.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr0' [exec] NativeConfigTemplate3D.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr0' [exec] GeometryArrayRetained.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr0' [exec] GeometryArrayRetained.o:(.ARM.exidx+0x60): undefined reference to `__aeabi_unwind_cpp_pr1' [exec] Attributes.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr0' [exec] Attributes.o:(.ARM.exidx+0x8): undefined reference to `__aeabi_unwind_cpp_pr1' [exec] CgShaderProgram.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr0' [exec] GLSLShaderProgram.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr0' [exec] Lights.o:(.ARM.exidx+0x0): undefined reference to `__aeabi_unwind_cpp_pr1' [exec] Result: 1 any ideas? regards gil -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct