[EPEL-devel] Fedora EPEL 8 updates-testing report
The following Fedora EPEL 8 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-49ef288135 stb-0-0.39.20231011gitbeebb24.el8 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-799d16fa93 suricata-6.0.15-1.el8 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-619e22a8fa chromium-118.0.5993.117-1.el8 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-672d5d9003 mlpack-4.2.1-4.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing netdata-1.43.2-1.el8 wcslib-7.12-1.el8 Details about builds: netdata-1.43.2-1.el8 (FEDORA-EPEL-2023-5efb4b35d3) Real-time performance monitoring Update Information: Update to upstream release 1.43.2 Update to upstream release 1.43.1 ChangeLog: * Wed Nov 1 2023 Didier Fabert 1.43.2-1 - Update from upstream * Fri Oct 27 2023 Didier Fabert 1.43.1-1 - Update from upstream References: [ 1 ] Bug #2246455 - netdata-1.43.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2246455 [ 2 ] Bug #2247461 - netdata-1.43.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2247461 wcslib-7.12-1.el8 (FEDORA-EPEL-2023-6c6f4ba7c9) An implementation of the FITS World Coordinate System standard Update Information: Latest release of the 7.x series. See changes here: https://www.atnf.csiro.au/people/mcalabre/WCS/CHANGES ChangeLog: * Wed Dec 28 2022 Sergio Pascual 7.12-1 - New upstream version (7.12) ___ epel-devel mailing list -- epel-devel@lists.fedoraproject.org To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Bug 2207950] Please build perl-Frontier-RPC for EPEL9
https://bugzilla.redhat.com/show_bug.cgi?id=2207950 Fedora Update System changed: What|Removed |Added Fixed In Version||perl-Frontier-RPC-0.07b4p1- ||48.el9 Status|ON_QA |CLOSED Resolution|--- |ERRATA Last Closed||2023-11-02 02:29:51 --- Comment #3 from Fedora Update System --- FEDORA-EPEL-2023-b119cda485 has been pushed to the Fedora EPEL 9 stable repository. If problem still persists, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2207950 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla=report-spam_desc=Report%20of%20Bug%202207950%23c3 ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Heads up: libunibreak 5.1 update coming to rawhide
I have an update for libunibreak ready and plan to release that for rawhide in a week (or slightly later). The new version bumps libunibreak from so.3 to so.5. I also intend to drop building for i686. The following packages depend on libunibreak: $ fedrq wr -s libunibreak-devel coolreader-3.2.59-6.fc39.src fbreader-0.99.4-12.fc39.src naev-0.10.2-3.fc39.src I will take care of coolreader. I have tested fbreader and naev in Copr [1] and they build fine. I've created f40-build-side-76870 for rebuilding against the updated libunibreak and dropping support for i686. Please rebuild fbreader and naev (PRs submitted and maintainers in Cc) in the side tag to ensure a smooth update. If you prefer, you can also grant me commit rights and I will take care of rebuilding myself. [1] https://copr.fedorainfracloud.org/coprs/gui1ty/libunibreak/builds/ Cheers, -- Sandro FAS: gui1ty IRC: Penguinpee Elsewhere: [Pp]enguinpee ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: DNF5: Checking signatures of packages installed out of a repository?
On Wed, Nov 01, 2023 at 10:49:36AM -0700, Kevin Fenzi wrote: > On Wed, Nov 01, 2023 at 11:05:33AM -0400, Christopher wrote: > > On Tue, Oct 31, 2023 at 7:50 PM Kevin Fenzi wrote: > > > > > > FWIW, from what I can recall, yum used to check all packages, but this > > > resulted in tons of people complaining because they did not want it to > > > check their local packages. So, a localpkg_gpgcheck option was added and > > > set to false. dnf4 still has this option. > > > > I wasn't aware of that change in behavior. I can't find that option > > documented in the man page for dnf or any other readily available docs > > about dnf in my installation, or present in my dnf.conf file. I don't > > Odd. It's in the dnf.conf man page here in rawhide: > > "localpkg_gpgcheck > boolean > > Whether to perform a GPG signature check on local packages > (packages in a > file, not in a repository). The default is False. This option > is subject to > the active RPM security policy (see gpgcheck for more details). > " > > Looks like it was added to yum 13 years ago: > https://github.com/rpm-software-management/yum/commit/290933489b1aaeb1017d10fb59ccf3231e309115 This is pretty badly documented. I'm pretty sure that most people will not guess that any URL qualifies as "in a file". The approach to security nowadays is much stricter than 13 years ago… I think we should revisit this decision. > > remember anybody ever complaining, certainly not "tons of people". > > This was 13-14 years ago. > > > Using local RPMs is a pretty rare thing. I can't imagine too many > > people complaining about this. It was never much of a burden, and to > > the extent that it was, it was a burden that was a worthwhile tradeoff > > for increased security. > > I'm just relaying the history here... > > > It's also not clear when this option would take effect. Would it take > > effect if I did `dnf install /path/to/local/file` or just when I did > > no, because that looks up that file in your repos and downloads the repo > version of the package. > > > `dnf localinstall /path/to/local/file`? What if I did `dnf My vote would be: 'dnf install /path/to/file' default to warn-but-allow (*) 'dnf install https://some.url/' default to an enforcing check For files outside of a repo, the current set of keys registered with rpm should be used. A valid-signature-with-unknown-key must be rejected when the check is enforcing. If such fine-grained policy is not possible, then I think defaulting to requiring explicit --nogpgcheck would be better than status quo. (*) I think that 99% of the time when you're doing a local install like that, the package was built by the user and it's convenient to skip the check. Zbyszek ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Bug 2246773] perl-Devel-Cover needs to be synchronised to perl version currently installed
https://bugzilla.redhat.com/show_bug.cgi?id=2246773 --- Comment #2 from Dick Franks --- Q: Is the perl version available to the build process necessarily the same as the perl included in the distribution? -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2246773 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla=report-spam_desc=Report%20of%20Bug%202246773%23c2 ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: python-3.12 distutils removal just happened after python mass rebuild and Fedora mass rebuild ?
On Fri, 2023-09-29 at 23:20 +0100, Sérgio Basto wrote: > On Fri, 2023-09-29 at 23:42 +0200, Miro Hrončok wrote: > > On 29. 09. 23 23:38, Miro Hrončok wrote: > > > On 29. 09. 23 20:32, Sérgio Basto wrote: > > > > Hi, > > > > > > Hi. > > > > > > > Recent build of some packages like opencv and an old gpgme > > > > shows > > > > that > > > > python-3.12 disutils has gone for good , but just after all > > > > mass > > > > rebuilds and recently , what you advice to do ? > > > > > > It has been gone for since the Python 3.12 rebuild in June. > > > > > > Perhaps some required package transitively pulled in python3- > > > setuptools? That > > > package provides it's own (forked) implementation of distutils. > > > > > > > Any quick way to replace distutils ? the python 3.12 final > > > > release, > > > > currently is scheduled for 2023-10-02 ... > > > > > > For building, I encourage trying to BuildRequire python3- > > > setuptools > > > and > > > observing if it helps. > > > > > > aaah , BuildRequire python3-setuptools fix old gpgme package , and > this > is a good new for me :) > > without python3-setuptools > https://copr.fedorainfracloud.org/coprs/sergiomb/python2/build/6475479/ > https://download.copr.fedorainfracloud.org/results/sergiomb/python2/fedora-39-aarch64/06475479-gpgme/builder-live.log.gz > checking for the distutils Python package... no > configure: error: cannot import Python module "distutils". > Please check your Python installation. The error was: > Traceback (most recent call last): > File "", line 1, in > ModuleNotFoundError: No module named 'distutils' > > and with python3-setuptools > https://copr.fedorainfracloud.org/coprs/sergiomb/python2/build/6475513/ > > > > Some links with actual build failures would be helpful. > > > > The failure in > > https://koschei.fedoraproject.org/package/opencv looks > > like: > > > > Traceback (most recent call last): > > File "", line 1, in > > ModuleNotFoundError: No module named 'numpy.distutils' > > > > That is related to this numpy update: > > > > https://src.fedoraproject.org/rpms/numpy/c/200eb18e3f617dddb9702fcbc025236f81d6024f?branch=rawhide > > > > I've added -1 karma to the Fedora 39 update. > > > > https://bodhi.fedoraproject.org/updates/FEDORA-2023-e1b5f14c24 > > > huf , this is another issue, I already checked that builds for F39 > ... > > Thanks for all the support JFTR (In case someone googled this) - distutils was removed from Python 3.12 since almost the very beginning - python3-setuptools provides its own (forked) distutils module -- many Fedora packages depending on distutils were fixed just by adding BuildRequires: python3-setuptools - numpy.distutils (depends on distutils, either the one from Python or the one from setuptools) was removed from NumPy 1.26 > > > -- > > Miro Hrončok > -- Sérgio M. B. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: DNF5: Checking signatures of packages installed out of a repository?
On Wed, Nov 01, 2023 at 11:05:33AM -0400, Christopher wrote: > On Tue, Oct 31, 2023 at 7:50 PM Kevin Fenzi wrote: > > > > FWIW, from what I can recall, yum used to check all packages, but this > > resulted in tons of people complaining because they did not want it to > > check their local packages. So, a localpkg_gpgcheck option was added and > > set to false. dnf4 still has this option. > > I wasn't aware of that change in behavior. I can't find that option > documented in the man page for dnf or any other readily available docs > about dnf in my installation, or present in my dnf.conf file. I don't Odd. It's in the dnf.conf man page here in rawhide: "localpkg_gpgcheck boolean Whether to perform a GPG signature check on local packages (packages in a file, not in a repository). The default is False. This option is subject to the active RPM security policy (see gpgcheck for more details). " Looks like it was added to yum 13 years ago: https://github.com/rpm-software-management/yum/commit/290933489b1aaeb1017d10fb59ccf3231e309115 > remember anybody ever complaining, certainly not "tons of people". This was 13-14 years ago. > Using local RPMs is a pretty rare thing. I can't imagine too many > people complaining about this. It was never much of a burden, and to > the extent that it was, it was a burden that was a worthwhile tradeoff > for increased security. I'm just relaying the history here... > It's also not clear when this option would take effect. Would it take > effect if I did `dnf install /path/to/local/file` or just when I did no, because that looks up that file in your repos and downloads the repo version of the package. > `dnf localinstall /path/to/local/file`? What if I did `dnf yes. > localinstall remotepath:/to/remote/file`? All of these work, as it > seems "localinstall" and "install" both just work if given a URL, > local or remote. remote path just downloads the file and installs it, so it's the same as the last case. > This option seems poorly rolled out, unclear in function, and overall > bad for security. Well, nothing was rolled out, it's been that way for 13 years. Should it be revisited? Sure, and thats what this thread is for? > > > > > It's also worth noting that if you pass yum/dnf/dnf5 urls for the > > package(s) you want to install, it's not using a repo at all, it's > > downloading those packages and treating them as local packages. > > Is this meant to imply that it doesn't do checks by default whenever > you pass a URL?! That's even worse! From this user's perspective, a > URL pointing to a package in a repo, is just a more fully-qualified > way of specifying the shorthand package name. It seems very odd if But dnf has no way to know https://foo.bar/packagename is in a repo. If it is, you should enable the repo and install it with 'dnf install packagename'. > passing a fully-qualified path to a remote package results in less > security than specifying the (possibly ambiguous) shortname for a > package that DNF resolves via NVR. Yep. kevin signature.asc Description: PGP signature ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Fedora CoreOS Community Meeting Minutes 2023-11-1
Minutes: https://meetbot.fedoraproject.org/fedora-meeting-1/2023-11-01/fedora_coreos_meeting.2023-11-01-16.31.html Minutes (text): https://meetbot.fedoraproject.org/fedora-meeting-1/2023-11-01/fedora_coreos_meeting.2023-11-01-16.31.txt Log: https://meetbot.fedoraproject.org/fedora-meeting-1/2023-11-01/fedora_coreos_meeting.2023-11-01-16.31.log.html #fedora-meeting-1: fedora_coreos_meeting Meeting started by spresti at 16:31:34 UTC. The full logs are available athttps://meetbot.fedoraproject.org/fedora-meeting-1/2023-11-01/fedora_coreos_meeting.2023-11-01-16.31.log.html . Meeting summary --- * roll call (spresti, 16:31:49) * Action items from last meeting (spresti, 16:34:46) * ACTION: travier to create a change proposal for F40 for switching away from nss-altfiles for OSTree based systems (spresti, 16:36:29) * Create container repo tags for each FCOS release (dustymabe, 16:39:12) * LINK: https://github.com/coreos/fedora-coreos-tracker/issues/1367 (dustymabe, 16:39:19) * Open Floor (spresti, 16:46:56) * LINK: https://qa.fedoraproject.org/blockerbugs/milestone/39/final/buglist (dustymabe, 16:49:31) Meeting ended at 16:58:24 UTC. Action Items * travier to create a change proposal for F40 for switching away from nss-altfiles for OSTree based systems Action Items, by person --- * **UNASSIGNED** * travier to create a change proposal for F40 for switching away from nss-altfiles for OSTree based systems People Present (lines said) --- * spresti (29) * dustymabe (28) * zodbot (22) * jlebon (15) * jmarrero (3) * copperi (2) * marmijo (1) * gursewak (1) * fifofonix (1) * apiaseck (1) * ravanelli (1) * mnguyen (1) * fifofnix (0) Generated by `MeetBot`_ 0.4 .. _`MeetBot`: https://fedoraproject.org/wiki/Zodbot#Meeting_Functions ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Fedora Linux 39 Final Go/No-Go meeting tomorrow (Thursday)
The Fedora Linux 39 Final Go/No-Go[1] meeting is scheduled for Thursday 2 November at 1700 UTC in #fedora-meeting (on IRC, not Matrix). At this time, we will determine the status of F39 Final for the 7 November target date[2]. For more information about the Go/No-Go meeting, see the wiki[3]. [1] https://calendar.fedoraproject.org/meeting/10627/?from_date=2023-10-30 [2] https://fedorapeople.org/groups/schedule/f-39/f-39-key-tasks.html [3] https://fedoraproject.org/wiki/Go_No_Go_Meeting -- Adam Williamson (he/him/his) Fedora QA Fedora Chat: @adamwill:fedora.im | Mastodon: @ad...@fosstodon.org https://www.happyassassin.net ___ devel-announce mailing list -- devel-announce@lists.fedoraproject.org To unsubscribe send an email to devel-announce-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Test-Announce] Fedora Linux 39 Final Go/No-Go meeting tomorrow (Thursday)
The Fedora Linux 39 Final Go/No-Go[1] meeting is scheduled for Thursday 2 November at 1700 UTC in #fedora-meeting (on IRC, not Matrix). At this time, we will determine the status of F39 Final for the 7 November target date[2]. For more information about the Go/No-Go meeting, see the wiki[3]. [1] https://calendar.fedoraproject.org/meeting/10627/?from_date=2023-10-30 [2] https://fedorapeople.org/groups/schedule/f-39/f-39-key-tasks.html [3] https://fedoraproject.org/wiki/Go_No_Go_Meeting -- Adam Williamson (he/him/his) Fedora QA Fedora Chat: @adamwill:fedora.im | Mastodon: @ad...@fosstodon.org https://www.happyassassin.net ___ test-announce mailing list -- test-annou...@lists.fedoraproject.org To unsubscribe send an email to test-announce-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test-annou...@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Bug 2247491] Obsolete perl-Math-BigRat
https://bugzilla.redhat.com/show_bug.cgi?id=2247491 Jitka Plesnikova changed: What|Removed |Added Status|NEW |CLOSED Resolution|--- |RAWHIDE Last Closed||2023-11-01 15:36:31 --- Comment #3 from Jitka Plesnikova --- It is done. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2247491 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla=report-spam_desc=Report%20of%20Bug%202247491%23c3 ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Bug 2247491] Obsolete perl-Math-BigRat
https://bugzilla.redhat.com/show_bug.cgi?id=2247491 Miro Hrončok changed: What|Removed |Added CC||jples...@redhat.com, ||mspa...@redhat.com, ||perl-devel@lists.fedoraproj ||ect.org, ppi...@redhat.com Assignee|j...@tib.bs|jples...@redhat.com Summary|perl-Math-BigRat has been |Obsolete perl-Math-BigRat |retired | Component|fedora-obsolete-packages|perl-Math-BigInt --- Comment #2 from Miro Hrončok --- I'd also obsolete it from perl-Math-BigInt. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2247491 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla=report-spam_desc=Report%20of%20Bug%202247491%23c2 ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Bug 2246773] perl-Devel-Cover needs to be synchronised to perl version currently installed
https://bugzilla.redhat.com/show_bug.cgi?id=2246773 Jitka Plesnikova changed: What|Removed |Added CC||jples...@redhat.com Doc Type|--- |If docs needed, set a value --- Comment #1 from Jitka Plesnikova --- It will be useful to add run-time dependency on perl version used for build. Requires: perl(:VERSION) = %(eval "`perl -V:version`"; echo ${version:-0}) -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2246773 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla=report-spam_desc=Report%20of%20Bug%202246773%23c1 ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: DNF5: Checking signatures of packages installed out of a repository?
> Christopher writes: >> $ wget mypackage.rpm >> $rpm --checksig mypackage.rpm > the whole point of > using DNF to install a local file is for consistency of using the same > command as for repo packages, not manually altering the RPM database > outside of YUM/DNF (that results in a warning), This isn't intended as a counter-argument, but I did want to point out that running rpm --checksig does not alter the RPM database; it just checks the signature. You would still install the package using DNF. - J< ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Bug 2247441] perl-CGI-4.60 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2247441 Fedora Update System changed: What|Removed |Added Status|MODIFIED|CLOSED Fixed In Version||perl-CGI-4.60-1.fc40 Resolution|--- |ERRATA Last Closed||2023-11-01 15:13:10 --- Comment #2 from Fedora Update System --- FEDORA-2023-89a83a76ab has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2247441 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla=report-spam_desc=Report%20of%20Bug%202247441%23c2 ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Bug 2247279] perl-Math-BigInt-2.000000 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2247279 Fedora Update System changed: What|Removed |Added Status|MODIFIED|CLOSED Fixed In Version||perl-Math-BigInt-2..00- ||1.fc40 Resolution|--- |ERRATA Last Closed||2023-11-01 15:10:10 --- Comment #3 from Fedora Update System --- FEDORA-2023-2ece64d4bf has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2247279 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla=report-spam_desc=Report%20of%20Bug%202247279%23c3 ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: DNF5: Checking signatures of packages installed out of a repository?
On Wed, Nov 1, 2023 at 5:53 AM Paul Howarth wrote: > > On Tue, 31 Oct 2023 12:48:31 -0400 > Christopher wrote: > > I'm actually a bit concerned about this thread, because I assumed DNF4 > > and DNF5 would check signatures by default today, and that it would > > only skip if `--nogpgcheck` was passed as an option. If it sometimes > > skips the GPG check without that flag, that seems like a serious > > security bug to me. I would expect the same level of signature > > verification for both `dnf install mypackage` and `wget mypackage.rpm > > && dnf localinstall mypackage.rpm`. > > > > After all, there is no documented flag to force a GPG signature check, > > only the flag to omit the check (`--nogpgcheck`). So, users really > > have to rely on the default behavior of always checking GPG signatures > > if they want DNF to check them. If DNF is not doing that, that's > > really bad, because there's no way for users to force it to check > > them. > > Maybe not using dnf, but you can check it using rpm directly: > > $ wget mypackage.rpm > $ rpm --checksig mypackage.rpm Yeah, that's why DNF is more convenient for this... the whole point of using DNF to install a local file is for consistency of using the same command as for repo packages, not manually altering the RPM database outside of YUM/DNF (that results in a warning), and the expectation of it performing the standard checks. If it's not doing those checks, then I have to resort to doing that manually... but that undermines the whole convenience of DNF being capable of handling local RPMs for me. Why bother having that feature in DNF at all, if it doesn't add any value for local packages? > > Regards, Paul. > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Bug 2247441] perl-CGI-4.60 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2247441 Fedora Update System changed: What|Removed |Added Status|ASSIGNED|MODIFIED --- Comment #1 from Fedora Update System --- FEDORA-2023-89a83a76ab has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2023-89a83a76ab -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2247441 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla=report-spam_desc=Report%20of%20Bug%202247441%23c1 ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: DNF5: Checking signatures of packages installed out of a repository?
On Tue, Oct 31, 2023 at 7:50 PM Kevin Fenzi wrote: > > FWIW, from what I can recall, yum used to check all packages, but this > resulted in tons of people complaining because they did not want it to > check their local packages. So, a localpkg_gpgcheck option was added and > set to false. dnf4 still has this option. I wasn't aware of that change in behavior. I can't find that option documented in the man page for dnf or any other readily available docs about dnf in my installation, or present in my dnf.conf file. I don't remember anybody ever complaining, certainly not "tons of people". Using local RPMs is a pretty rare thing. I can't imagine too many people complaining about this. It was never much of a burden, and to the extent that it was, it was a burden that was a worthwhile tradeoff for increased security. It's also not clear when this option would take effect. Would it take effect if I did `dnf install /path/to/local/file` or just when I did `dnf localinstall /path/to/local/file`? What if I did `dnf localinstall remotepath:/to/remote/file`? All of these work, as it seems "localinstall" and "install" both just work if given a URL, local or remote. This option seems poorly rolled out, unclear in function, and overall bad for security. > > It's also worth noting that if you pass yum/dnf/dnf5 urls for the > package(s) you want to install, it's not using a repo at all, it's > downloading those packages and treating them as local packages. Is this meant to imply that it doesn't do checks by default whenever you pass a URL?! That's even worse! From this user's perspective, a URL pointing to a package in a repo, is just a more fully-qualified way of specifying the shorthand package name. It seems very odd if passing a fully-qualified path to a remote package results in less security than specifying the (possibly ambiguous) shortname for a package that DNF resolves via NVR. > > kevin > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Bug 2247279] perl-Math-BigInt-2.000000 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2247279 Fedora Update System changed: What|Removed |Added Status|ASSIGNED|MODIFIED --- Comment #2 from Fedora Update System --- FEDORA-2023-2ece64d4bf has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2023-2ece64d4bf -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2247279 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla=report-spam_desc=Report%20of%20Bug%202247279%23c2 ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Bug 2247483] New: perl-PAR-1.019 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2247483 Bug ID: 2247483 Summary: perl-PAR-1.019 is available Product: Fedora Version: rawhide Status: NEW Component: perl-PAR Keywords: FutureFeature, Triaged Assignee: jples...@redhat.com Reporter: upstream-release-monitor...@fedoraproject.org QA Contact: extras...@fedoraproject.org CC: anon.am...@gmail.com, jples...@redhat.com, mmasl...@redhat.com, perl-devel@lists.fedoraproject.org Target Milestone: --- Classification: Fedora Releases retrieved: 1.019 Upstream release that is considered latest: 1.019 Current version/release in rawhide: 1.018-3.fc39 URL: http://search.cpan.org/dist/PAR/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_Monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/3188/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/perl-PAR -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2247483 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla=report-spam_desc=Report%20of%20Bug%202247483%23c0 ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[rpms/perl-Math-BigInt] PR #7: 2.000000 bump (rhbz#2247279)
jplesnik merged a pull-request against the project: `perl-Math-BigInt` that you are following. Merged pull-request: `` 2.00 bump (rhbz#2247279) `` https://src.fedoraproject.org/rpms/perl-Math-BigInt/pull-request/7 ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[rpms/perl-Math-BigInt] PR #7: 2.000000 bump (rhbz#2247279)
jplesnik opened a new pull-request against the project: `perl-Math-BigInt` that you are following: `` 2.00 bump (rhbz#2247279) `` To reply, visit the link below https://src.fedoraproject.org/rpms/perl-Math-BigInt/pull-request/7 ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Bug 2247279] perl-Math-BigInt-2.000000 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2247279 --- Comment #1 from Jitka Plesnikova --- The main change in this version is merge the Math-BigRat distribution into the Math-BigInt distribution. This merge eliminates the problems that users have experienced when incompatible versions of the two distributions have been installed. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2247279 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla=report-spam_desc=Report%20of%20Bug%202247279%23c1 ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Fedora 39 compose report: 20231101.n.0 changes
OLD: Fedora-39-20231031.n.0 NEW: Fedora-39-20231101.n.0 = SUMMARY = Added images:7 Dropped images: 2 Added packages: 0 Dropped packages:0 Upgraded packages: 6 Downgraded packages: 0 Size of added packages: 0 B Size of dropped packages:0 B Size of upgraded packages: 66.68 MiB Size of downgraded packages: 0 B Size change of upgraded packages: -184.24 KiB Size change of downgraded packages: 0 B = ADDED IMAGES = Image: Silverblue dvd-ostree ppc64le Path: Silverblue/ppc64le/iso/Fedora-Silverblue-ostree-ppc64le-39-20231101.n.0.iso Image: Cloud_Base raw-xz ppc64le Path: Cloud/ppc64le/images/Fedora-Cloud-Base-39-20231101.n.0.ppc64le.raw.xz Image: Silverblue dvd-ostree aarch64 Path: Silverblue/aarch64/iso/Fedora-Silverblue-ostree-aarch64-39-20231101.n.0.iso Image: Kinoite dvd-ostree aarch64 Path: Kinoite/aarch64/iso/Fedora-Kinoite-ostree-aarch64-39-20231101.n.0.iso Image: Onyx dvd-ostree x86_64 Path: Onyx/x86_64/iso/Fedora-Onyx-ostree-x86_64-39-20231101.n.0.iso Image: Cloud_Base qcow2 ppc64le Path: Cloud/ppc64le/images/Fedora-Cloud-Base-39-20231101.n.0.ppc64le.qcow2 Image: Kinoite dvd-ostree ppc64le Path: Kinoite/ppc64le/iso/Fedora-Kinoite-ostree-ppc64le-39-20231101.n.0.iso = DROPPED IMAGES = Image: i3 live aarch64 Path: Spins/aarch64/iso/Fedora-i3-Live-aarch64-39-20231031.n.0.iso Image: LXQt live aarch64 Path: Spins/aarch64/iso/Fedora-LXQt-Live-aarch64-39-20231031.n.0.iso = ADDED PACKAGES = = DROPPED PACKAGES = = UPGRADED PACKAGES = Package: anaconda-39.32.6-2.fc39 Old package: anaconda-39.32.6-1.fc39 Summary: Graphical system installer RPMs: anaconda anaconda-core anaconda-dracut anaconda-gui anaconda-install-env-deps anaconda-install-img-deps anaconda-live anaconda-tui anaconda-webui anaconda-widgets anaconda-widgets-devel Size: 23.85 MiB Size change: 6.51 KiB Changelog: * Mon Oct 30 2023 Adam Williamson - 39.32.6-2 - Backport PR #5292 to fix media check failure visibility Package: arm-image-installer-3.9-2.fc39 Old package: arm-image-installer-3.8-2.fc39 Summary: Writes binary image files to any specified block device RPMs: arm-image-installer Size: 86.28 KiB Size change: 108 B Changelog: * Thu Oct 26 2023 Paul Whalen - 3.9-1 - Update to 3.9 * Thu Oct 26 2023 Paul Whalen - 3.9-1-2 - fix lvm rename when not resizing Package: bcm283x-firmware-20231017-1.ce3a0b4.fc39 Old package: bcm283x-firmware-20230921-1.6b37a45.fc39 Summary: Firmware for the Broadcom bcm283x/bcm2711 used in the Raspberry Pi RPMs: bcm2711-firmware bcm2835-firmware bcm283x-firmware bcm283x-overlays Size: 6.99 MiB Size change: 19.38 KiB Changelog: * Mon Sep 25 2023 Peter Robinson - 20231017-1.ce3a0b4 - Update to latest firmware - Updates for config.txt and minor fixes Package: dracut-059-15.fc39 Old package: dracut-059-14.fc39 Summary: Initramfs generator using udev RPMs: dracut dracut-caps dracut-config-generic dracut-config-rescue dracut-live dracut-network dracut-squash dracut-tools Size: 2.36 MiB Size change: -7.76 KiB Changelog: * Sat Oct 28 2023 Adam Williamson - 059-15 - Backport PR #2545 to fix media check failure visibility Package: mutter-45.0-12.fc39 Old package: mutter-45.0-11.fc39 Summary: Window and compositing manager based on Clutter RPMs: mutter mutter-common mutter-devel mutter-tests Size: 15.66 MiB Size change: 1.90 KiB Changelog: * Mon Oct 30 2023 Adam Williamson - 45.0-12 - Backport MRs #3311 and #3326 to fix screencast issues (#2247033) Package: uboot-tools-1:2023.07-3.fc39 Old package: uboot-tools-2023.10-0.4.rc3.fc39 Summary: U-Boot utilities RPMs: uboot-images-armv8 uboot-tools Size: 17.73 MiB Size change: -204.38 KiB Changelog: * Wed Oct 25 2023 Peter Robinson - 1:2023.07-2 - Fixes for release * Wed Oct 25 2023 Peter Robinson - 1:2023.07-3 - Rebuild for rebase = DOWNGRADED PACKAGES = ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Bug 2245998] Please branch and build perl-Mail-POP3Client in epel9
https://bugzilla.redhat.com/show_bug.cgi?id=2245998 --- Comment #5 from static --- Thanks. I tested the test RPM of perl-Mail-POP3Client on EL9 and it worked. I was able to check a pop3 server for email with it just like I did in EL7. Looks good to me. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2245998 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla=report-spam_desc=Report%20of%20Bug%202245998%23c5 ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: OK to have same license file in multiple sub-packages?
On Wed, Nov 1, 2023 at 2:19 AM Miroslav Suchý wrote: > > Dne 31. 10. 23 v 18:21 Kalev Lember napsal(a): > > On Tue, Oct 31, 2023 at 5:47 PM Miroslav Suchý wrote: >> >> How it conflicts? >> >> %files >> >> %license LICENSE >> >> %files doc >> >> %license LICENSE >> >> should not create any conflicts. And this is recomended way to do it. > > > I guess the conflicts happen when the LICENSE file changes between builds and > individual subpackages that ship it aren't updated in lock step. Often there > is a full NVR version requirement that locks individual subpackages together, > but not in this case. If people for example download just one of the > subpackages from koji (and not the other), it can lead to only one of them > getting updated. > > License from subpackage goes to different directory. See: > > $ rpm -qf /usr/share/licenses/llvm/LICENSE.TXT > llvm-17.0.2-1.fc39.x86_64 > $ rpm -qf /usr/share/licenses/llvm-libs/LICENSE.TXT > llvm-libs-17.0.2-1.fc39.x86_64 > > llvm-libs-17.0.2-1.fc39.i686 > > so license from llvm and llvm-libs should not never conflicts because the > file goes to different directory. > > What can conflict is multilib packages in different version with different > content of the file. > The cmake-doc package reuses the license and doc directories from the main package and ships them. That's why the conflict exists. -- 真実はいつも一つ!/ Always, there's only one truth! ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: DNF5: Checking signatures of packages installed out of a repository?
On Tue, 31 Oct 2023 12:48:31 -0400 Christopher wrote: > I'm actually a bit concerned about this thread, because I assumed DNF4 > and DNF5 would check signatures by default today, and that it would > only skip if `--nogpgcheck` was passed as an option. If it sometimes > skips the GPG check without that flag, that seems like a serious > security bug to me. I would expect the same level of signature > verification for both `dnf install mypackage` and `wget mypackage.rpm > && dnf localinstall mypackage.rpm`. > > After all, there is no documented flag to force a GPG signature check, > only the flag to omit the check (`--nogpgcheck`). So, users really > have to rely on the default behavior of always checking GPG signatures > if they want DNF to check them. If DNF is not doing that, that's > really bad, because there's no way for users to force it to check > them. Maybe not using dnf, but you can check it using rpm directly: $ wget mypackage.rpm $ rpm --checksig mypackage.rpm Regards, Paul. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Bug 2247441] New: perl-CGI-4.60 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2247441 Bug ID: 2247441 Summary: perl-CGI-4.60 is available Product: Fedora Version: rawhide Status: NEW Component: perl-CGI Keywords: FutureFeature, Triaged Assignee: jples...@redhat.com Reporter: upstream-release-monitor...@fedoraproject.org QA Contact: extras...@fedoraproject.org CC: jples...@redhat.com, mmasl...@redhat.com, mspa...@redhat.com, perl-devel@lists.fedoraproject.org Target Milestone: --- Classification: Fedora Releases retrieved: 4.60 Upstream release that is considered latest: 4.60 Current version/release in rawhide: 4.59-1.fc40 URL: https://metacpan.org/dist/CGI/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_Monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/2687/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/perl-CGI -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2247441 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla=report-spam_desc=Report%20of%20Bug%202247441%23c0 ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Bug 2247279] perl-Math-BigInt-2.000000 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2247279 Jitka Plesnikova changed: What|Removed |Added CC|mspa...@redhat.com, | |ppi...@redhat.com | Status|NEW |ASSIGNED Doc Type|--- |If docs needed, set a value -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2247279 ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Bug 2246931] perl-Data-TreeDumper-0.41 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2246931 Fedora Update System changed: What|Removed |Added Status|MODIFIED|CLOSED Resolution|--- |ERRATA Fixed In Version||perl-Data-TreeDumper-0.41-1 ||.fc40 Last Closed||2023-11-01 06:55:12 --- Comment #2 from Fedora Update System --- FEDORA-2023-675a2c4774 has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2246931 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla=report-spam_desc=Report%20of%20Bug%202246931%23c2 ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Bug 2246931] perl-Data-TreeDumper-0.41 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2246931 Fedora Update System changed: What|Removed |Added Status|NEW |MODIFIED --- Comment #1 from Fedora Update System --- FEDORA-2023-675a2c4774 has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2023-675a2c4774 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2246931 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla=report-spam_desc=Report%20of%20Bug%202246931%23c1 ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: OK to have same license file in multiple sub-packages?
Dne 31. 10. 23 v 18:21 Kalev Lember napsal(a): On Tue, Oct 31, 2023 at 5:47 PM Miroslav Suchý wrote: How it conflicts? %files %license LICENSE %files doc %license LICENSE should not create any conflicts. And this is recomended way to do it. I guess the conflicts happen when the LICENSE file changes between builds and individual subpackages that ship it aren't updated in lock step. Often there is a full NVR version requirement that locks individual subpackages together, but not in this case. If people for example download just one of the subpackages from koji (and not the other), it can lead to only one of them getting updated. License from subpackage goes to different directory. See: $ rpm -qf /usr/share/licenses/llvm/LICENSE.TXT llvm-17.0.2-1.fc39.x86_64 $ rpm -qf /usr/share/licenses/llvm-libs/LICENSE.TXT llvm-libs-17.0.2-1.fc39.x86_64 llvm-libs-17.0.2-1.fc39.i686 so license from llvm and llvm-libs should not never conflicts because the file goes to different directory. What can conflict is multilib packages in different version with different content of the file. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue