Re: google-re2 pacakge update and facebook vs google python bindings ?

On Mon, 4 Mar 2024, Fabio Valentini wrote: Since this update was stuck and obviously broken, with no response from Paul in over a week (either here or on the bodhi update), I've used my provenpackager rights to revert the commits in dist-git and unpush the stuck update (it failed gating tests,

Re: google-re2 pacakge update and facebook vs google python bindings ?

On Wed, 7 Feb 2024, Ben Beasley wrote: Subject: Re: google-re2 pacakge update and facebook vs google python bindings I haven't heard back from any of the maintainers. I've created a PR to upgrade re2-2022-06-01 to re2-2024-02-01 as the first step towards getting python-google-re2 working.

google-re2 pacakge update and facebook vs google python bindings ?

Hi, At $dayjob we are running into issues with re2 and python bindings. Fedora has a fairly old version of re2 with so.9 while upstream is at so.11. Is there a reason for this? If it is just time, I'd like to help bumping the package in rawhide. Originally, facebook creating python bindings

proposal to orphan tcpcrypt

Hi, After talking to the debian maintainer of tcpcrypt, we both decided the best thing is to remove tcpcrypt from the distributions. - The protocol at the IETF seems have stalled for many years - The main proponent and implementer sadly passed away years ago - The website tcpcrypt.org has died

Re: Inactive packager check for F38

On Wed, 15 Feb 2023, Ben Cotton wrote: For the curious, here are the stats from today's run: ### Found 2129 users in the packager group. ### ### Found 914 users with no activity in pagure/src.fp.org over the last year. ### ### Found 845 users which also show no activity in Bodhi over the last

Re: Heads-up: OpenSSL update

On Thu, 9 Feb 2023, Dmitry Belyavskiy wrote: I've just pushed updates of OpenSSL to the 3.0.8 version to f36/37. I will also push to f38 and rawhide later today. Why is f36/f37 the playground for f38/rawhide? Shouldn't this be done in the reverse order? In fact all the updates landed

Re: Heads-up: OpenSSL update

On Thu, 9 Feb 2023, Dmitry Belyavskiy wrote: I've just pushed updates of OpenSSL to the 3.0.8 version to f36/37. I will also push to f38 and rawhide later today. Why is f36/f37 the playground for f38/rawhide? Shouldn't this be done in the reverse order? This is a security release, it fixes

Re: Donate 1 minute of your time to test upgrades from F36 to F37

On Mon, 12 Sep 2022, Miroslav Suchý wrote: Do you want to make Fedora 37 better? Please spend 1 minute of your time and try to run: In case you hit dependency issues, please report it against the appropriate package. Seemed fine. I saw two issues related to python azure packages but

Re: rpm with sequoia pgp

On Fri, 2 Sep 2022, Neal H. Walfield wrote: Note: Sequoia currently uses Nettle on Fedora, but there is ongoing work to port it to Sequoia to OpenSSL: I think this should be considered a blocker for changing gpg backends.

Re: percona-xtrabackup bundling the kitchen sink in static libs

On Tue, 23 Aug 2022, Otto Liljalaakso wrote: The relevant policy is Bundled software policy [1]. Unlike in the past, a package does not need a FESCo exception to bundle dependencies. However, the requirements of that policy are not being met here: The reason for bundling should be recorded in

percona-xtrabackup bundling the kitchen sink in static libs

Hi, I looked at fixing percona-xtrabackup and noticed it is staticly linking to a bunch of libraries. These .a files are then removed in %install so they are not shipped. It bundles a bunch of this stuff from its extra/ dir: duktape googletest icu libcbor libedit libevent libfido2

dnf makecache memory usage increase

Looks like dnf makecache is uses a lot more memory, causing issues on smaller systems/containers. F34: Metadata cache created. 1.51user 0.15system 0:12.01elapsed 13%CPU (0avgtext+0avgdata 162440maxresident)k 144inputs+56outputs (0major+46906minor)pagefaults 0swaps F35: Metadata cache

Re: Bugzilla: You can't ask Lennart Poettering because that account is disabled.

On Fri, 8 Jul 2022, Kevin Kofler via devel wrote: But upstream is now under a hostile corporation's control? Can we trust the most privileged userspace program when it is effectively controlled by a hostile corporation? Yes we can, by reading and evaluating the code like we always do. If it

[rpms/perl-Net-DNS] PR #2: Remove obsolete dependency to Net::DNS::SEC and package tests

pwouters merged a pull-request against the project: `perl-Net-DNS` that you are following. Merged pull-request: `` Remove obsolete dependency to Net::DNS::SEC and package tests `` https://src.fedoraproject.org/rpms/perl-Net-DNS/pull-request/2 ___

Re: Undoing my screw-up with python-async-timeout

On Wed, 19 Jan 2022, Miro Hrončok wrote: It seems the update received negative karma in Fedora 35 -- when that happened, you should have immediately disabled autopush to Fedora 34. (I am not saying this to rub your nose in it, but rather as an advice for future-you and for others as well.)

Re: Self Introduction: Roman Inflianskas

to become Fedora maintainers is Paul Wouters. I'm grateful to him for this.Best Regards, Roman Welcome Roman! I'm happy to see more Aiven people join our Fedora efforts :) Paul ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send

Re: F35 Change: Remove SHA-1 from Sqlite (Self-Contained Change proposal)

On Mon, 12 Jul 2021, Simo Sorce wrote: SQLite is a general-purpose tool. Not every use of SHA-1 is cryptographically relevant. Most uses in the context of SQLite probably aren't, so the removal just annoys users for no good reason. Note that this is a Sqlite decision, from RHEL engineering

Re: F35 Change: Disable SHA1 In OpenDNSSec (Self-Contained Change proposal)

On Mon, 28 Jun 2021, Ben Cotton wrote: https://fedoraproject.org/wiki/Change/DisableSHA1InOpenDNSSec == Detailed Description == OpenDNSSec changed the default behavior to not include SHA1 DS by default, and added the -sha1 knob as an immediately-deprecated compatibility knob in version

Re: Offering strongswan for (co)maintaining

On Wed, 31 Mar 2021, Petr Menšík wrote: strongswan and NetworkManager-strongswan packages were passed to me from previous maintainer. I admit I have little experience with them and do not run any service based on them. Because IPSsec is quite complex technology, I am looking for help with its

Re: systemd-resolved fallback DNS servers: usability vs. GDPR

On Wed, 24 Feb 2021, Colin Walters wrote: It's trickier than that because local caching nameservers can provide real benefits in various server scenarios, and also the IoT/edge case (as usual) blurs the traditional datacenter/mobile boundary. (IoT can be servers with WiFi) We ended up

Re: systemd-resolved fallback DNS servers: usability vs. GDPR

On Tue, 23 Feb 2021, Lennart Poettering wrote: And yeah, call me a hypocrite, but if I have the choice between having no Internet at all or using some public DNS servers for DNS, and leaking a tiny bit of information to those DNS server providers then I am definitely preferring to have

Re: [dns-sig] Re: split-DNS, resolvconf on Fedora

On Mon, 22 Feb 2021, Petr Menšík wrote: Wouldn't it be much simpler, if I could just dnf remove systemd-resolved in case I don't want it? In the past I also mentioned this. The overwhelming majority of installs do not gain any benefit from te systemd-resolved service. Most servers, containers

Re: f33: systemd-resolved hang on ip query

On Wed, 9 Dec 2020, Dridi Boukelmoune wrote: So it looks like my initial intuition that there could be a mitigation of sorts is starting to hold water. The problem now is that clients on my system using getaddrinfo in a way that was legit until now are now being DoS'd by systemd-resolved,

Re: systemd-resolved in a container

On Wed, 18 Nov 2020, Alexander Bokovoy wrote: Is there a way to use systemd resolved in a container? I figured this out yesterday -- at least in Rawhide, dbus-daemon is now replaced by dbus-broker which is not active by default. So you need systemctl enable --now dbus-broker Without it

Re: Deprecating SCP

On Mon, 2 Nov 2020, Jakub Jelen wrote: Some months ago, I wrote a patch [2] for scp to use SFTP internally (with possibility to change it back using -M scp) and ran it through some successful testing. The general feedback from upstream was also quite positive so I would like to hear also

Re: F34 Change proposal: DNS Over TLS (System-Wide Change)

On Thu, 8 Oct 2020, Michael Catanzaro wrote: On Thu, Oct 8, 2020 at 1:28 pm, Paul Wouters wrote: I agree for two reasons. One, the FESCO decision to postpone making systemd-resolvd the default resolver. I would like to ensure this change happens properly and securely for f34. Well it's

Re: F34 Change proposal: DNS Over TLS (System-Wide Change)

On Thu, 8 Oct 2020, Petr Menšík wrote: I would like to request pausing any new systemd-resolved features system-wide, until its current bugs and deficiencies are resolved sufficiently. I agree for two reasons. One, the FESCO decision to postpone making systemd-resolvd the default resolver. I

Re: F33 upgrade: dnssec-trigger and Strong Crypto Settings, phase 2

On Wed, 7 Oct 2020, Dominik 'Rathann' Mierzejewski wrote: Today, I upgraded one of my machines to F33. Upon first F33 boot I noticed that the dnssec-triggerd service failed to start. It turns out I had very old dnssec-trigger keys and certificates ("only" 1536-bit RSA) generated back in 2014

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal:??^M^J systemd-resolved

On Fri, 2 Oct 2020, Michael Catanzaro wrote: Hm, thanks for the explanation. I guess the DNS request would indeed be the *first* way you lose, because you have to do DNS before you do anything else. But you are going to lose immediately after anyway: * Immediately after you connect to the

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal:^M^J systemd-resolved

On Thu, 1 Oct 2020, Michael Catanzaro wrote: We are not going to patch out fallback to Cloudflare or Google because it is a non-issue. Fallback only happens when you have zero other DNS servers configured. When was the last time you connected to a network and there's no DHCP, no nothing? The

Re: splitting out systemd-networkd, systemd-standalone-{sysusers,tmpfiles} subpackages in F33+

On Thu, 1 Oct 2020, Neal Gompa wrote: Essentially, split-horizon DNS setups on Fedora systems become possible with this change. As reported by libreswan and openvpn developers already in the last two days, these are already possible without systemd-resolved and people have relied on that for

Re: splitting out systemd-networkd, systemd-standalone-{sysusers,tmpfiles} subpackages in F33+

On Wed, 30 Sep 2020, Neal Gompa wrote: since it's only a couple of binaries averaging 2MB with a few unit files. My reply was aimed at Peter saying he'd like to not ship resolved, and I'm saying that we should *not* do that, because it makes things even harder and more complicated. These

Re: splitting out systemd-networkd, systemd-standalone-{sysusers,tmpfiles} subpackages in F33+

On Wed, 30 Sep 2020, Zbigniew Jędrzejewski-Szmek wrote: the systemd package is getting a systemd-networkd subpackage split out that will contain systemd-networkd, networkctl, and the associated data files. This was requested by coreos maintainers: NetworkManager is used and skipping

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

On Tue, 29 Sep 2020, Lennart Poettering wrote: "Custom" is in the eye of the beholder. It appears to me you mean that in a derogatory way. I went out of my way to compare the systemd-resolved team to te DNS teams consisting of dozens of full time senior people working 20+ years on DNS with

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

On Tue, 29 Sep 2020, Petr Menšík wrote: is there any generic protocol exchanging what (sub)domains should be targetted to specific DNS server? The search domains are usually the only signal available and used for this. RFC 7296 (IKEv2) and split-DNS (RFC 8598) defines the sent domain name

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

On Tue, 29 Sep 2020, Lennart Poettering wrote: Well, but how do you determine "local resources"? This is not the proper question. The proper question is "what are you trying to do". The .local domain discovery clearly is something meant to be local. I assume the real question is: How to

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

On Mon, 28 Sep 2020, Lennart Poettering wrote: stuff that doesn't come from classic Internet DNS cannot possibly be DNSSEC validated. This statement is incorrect. Please read RFC 8598 and perhaps read up on the handling of Special Use Domain Names and DNSSEC validation. No one expects .local

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

On Mon, 28 Sep 2020, Marius Schwarz wrote: It's always a bad idea for a programm to do the dns itself, instead of using the dns anyone on the host does. You get a inconsistent behaviour at best, and a security nightmare at worse. DOx in a browser or any other programm is wrong anyhow. The

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

On Mon, 28 Sep 2020, Michael Catanzaro wrote: Well, let's amend that to "first when it's smart to be first." We can't ever *require* DNSSEC validation, because Windows and macOS are not going to do so. https://tools.ietf.org/id/draft-pauly-add-resolver-discovery-01.html That draft has a

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

On Mon, 28 Sep 2020, Michael Catanzaro wrote: Anyway, if you don't like this heuristic, we could decide to always delete /etc/resolv.conf. You will break all software linked against libunbound that uses the ub_ctx_resolvconf() function. Most users of libunbound will use this, because

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

On Mon, 28 Sep 2020, Michael Catanzaro wrote: I don't think it would be smart for employees to voluntarily opt-in to sending all DNS to their employer anyway... there's little benefit to the employee, and a lot of downside. Again, it is not up to systemd to limit valid use cases. Perhaps

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

On Mon, 28 Sep 2020, Tom Hughes via devel wrote: On 28/09/2020 15:57, Marius Schwarz wrote: Am 28.09.20 um 13:47 schrieb Zbigniew Jędrzejewski-Szmek: DNSSEC support in resolved can be enabled through resolved.conf. Why isn't that the default, if this resolver can do it? Because DNSSEC

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

On Mon, 28 Sep 2020, Michael Catanzaro wrote: If you're running mail servers or VPN servers, you can probably configure the DNS to your liking, right? Either enable DNSSEC support in systemd-resolved, or disable systemd-resolved. I'm not too concerned about this You should be concerned

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

On Mon, 28 Sep 2020, Zbigniew Jędrzejewski-Szmek wrote: This change is harmful to network security, impacts existing installations depending on DNSSEC security, and leaks private queries for VPN/internal domains to the open internet, and prefers faster non-dnssec answers over dnssec validated

This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

Subject: Re: Fedora 33 System-Wide Change proposal: systemd-resolved I was just hit by the first bug in systemd-resolved 4 days after I upgraded to fedora33. I will file a bug report for that, but I wanted to discuss something more fundamental. systemd-resolved has a number of architectural

Re: [Fedora-packaging] Let's standardize the way to disable tests during RPM build?

Or just a new option to rpmbuild that skips %check ? Sent from my iPhone > On Jun 5, 2020, at 10:11, Tomas Orsava wrote: > > Hi, > I think it would be useful to have a standard way of disabling the running of > tests during RPM build (in the %check section of a spec file). > > I see a lot

Re: Does anybody care about gettext?

On Fri, 9 Aug 2019, Daniel P. Berrangé wrote: We can't carry on postponing things indefinitely though - at some point we have to say enough, and expect a maintainer to actually do some maintaining. That is an argument to orphan, not an argument to remove the package. Had gettext been

Re: [HEADS UP] Unannounced soname bump of qrencode

This was a mistake on my end. I thought I was the owner of the package, but I think I was only the owner of it back in el6. I assume systemd then wasn't depending on it. I saw a PR the other day, assumed it was to me as package owner, and saw no reason to not upgrade since it was long over due. I

Re: F29 System Wide Change: Strong crypto settings: phase 2

On Thu, 14 Jun 2018, Tomas Mraz wrote: On Wed, 2018-06-13 at 00:45 -0400, Paul Wouters wrote: I don't think TLS 1.3 will see a wide deployment immediately. Sure, the famous top websites and top browsers will, but enterprises will not. And especially those with any kind of loggin/auditing

Re: F29 System Wide Change: Strong crypto settings: phase 2

On Wed, 6 Jun 2018, Nikos Mavrogiannopoulos wrote: I think the debate here is whether fedora (and in general operating systems) can afford to be stricter than the browsers. As an OS our attack surface is much larger than the browser setup, and thus it makes sense (to me), to be more careful.

Re: Prioritizing ~/.local/bin over /usr/bin on the PATH

On Wed, 2 May 2018, Lennart Poettering wrote: I presume you mean "~/.local" rather than "~/local"? I don't. As my argument goes, hidden directories containing binaries in your path are a bad idea. And it was a bad idea 15 years ago. Note that my home directory seems to only contain

Re: Prioritizing ~/.local/bin over /usr/bin on the PATH

On Wed, 2 May 2018, Vít Ondruch wrote: User explicitly installed SW into his home directory. Why (s)he needs to override the $PATH in addition to make the SW work? Can you account for all your ~/.??* entries in your home dir? I have several of which I have no clue what it is or why it got

Re: Prioritizing ~/.local/bin over /usr/bin on the PATH

On Wed, 2 May 2018, Lennart Poettering wrote: It's already there. And it is XDG complaint. The question here is about order (what takes priority). Can you point me to the XDG specification that requires it ? It was mentioned by Lenart on the bug, but he later clarified his comment[1]. So

Re: script to run after hotspot authentication?

On Tue, 24 Apr 2018, Sam Varshavchik wrote: Is there a way to run a custom command after hotspot authentication? You might be able to hook into dhclient. That happens when you obtain an IP address. There is no notification method that I know about that will signal me when the hotspot

script to run after hotspot authentication?

Hi, Is there a way to run a custom command after hotspot authentication? Fedora has/had some ways of detecting portals. dnssec-trigger, NetworkManager and Gnome3. I think the current method is supposed to be based on the latter. So I guess the problem that is used is

Re: Get stubby into Fedora to provide safe DNS resolution via DNS-over-TLS

st release of Getdns. See https:// > src.fedoraproject.org/rpms/getdns/blob/master/f/getdns.spec > > Maybe you could suggest the package maintainer to add a "Provides: stubby" so > it can be found directly. CCing Paul Wouters in that regard. That's a good idea! I'l

Re: CVE-2016-8655, systemd, and Fedora

On Wed, 14 Dec 2016, Scott Schmit wrote: IPsec requires AF_NETLINK (NETLINK_XFRM) to manage the security associations & security policies. libreswan probably also needs to be able to manage the routing for IPsec tunnels (NETLINK_ROUTE[6]). The nature of libreswan is that it allows custom

Re: CVE-2016-8655, systemd, and Fedora

On Mon, 12 Dec 2016, Lennart Poettering wrote: Note that I wonder if restricting address families really belongs in systemd. Why isnt this a libcap-ng capability? That way my software can support this without depending on systemd. hu? libcap-ng is a library to manage Linux process

Re: CVE-2016-8655, systemd, and Fedora

On Mon, 12 Dec 2016, Matthew Miller wrote: Question 1: How can we take advantage of this feature in specific? We could bulk file a bunch of bugs. Or, what about turning on some more restrictive defaults (AF_INET AF_INET6 AF_UNIX) on some flag day in Rawhide, and having services which have

Re: Fedora captive portal page changed output :(

On Mon, 5 Dec 2016, Michael Catanzaro wrote: On Mon, 2016-12-05 at 09:05 -0500, Paul Wouters wrote: That is incorrect in my experience. When I go to coffee shops, my iphone shows the portal page, but my laptop shows the TLS cert invalid thing. Oh wow. I didn't know that. Feels like time

Re: Fedora captive portal page changed output :(

On Sun, 4 Dec 2016, Michael Catanzaro wrote: On Sun, 2016-12-04 at 16:39 -0500, Paul Wouters wrote: That is a different issue. And indeed I see it as well, and was quite surprised at them checking the TLS validity of a captive portal page. We have no plans to stop doing this, because that's

Re: Fedora captive portal page changed output :(

On Sun, 4 Dec 2016, Kevin Fenzi wrote: On Fri, 2 Dec 2016 21:42:07 -0600 Eric Sandeen <sand...@redhat.com> wrote: On 12/2/16 7:10 PM, Paul Wouters wrote: Fedora runs a captive portal check page at: http://fedoraproject.org/static/hotspot.txt It used to return "OK\n". No

Re: Fedora captive portal page changed output :(

On Sat, 3 Dec 2016, Langdon White wrote: Wouldn't it make more sense to be checking for status 200? Checking for content on the page seems fragile in general.  Who says a stolen page wouldn't return status 200? Also, and perhaps related, I filed a bug[1] about captive portals that seems to

Fedora captive portal page changed output :(

Fedora runs a captive portal check page at: http://fedoraproject.org/static/hotspot.txt It used to return "OK\n". Now it returns "OK" without the newline. This caused at least the geome tool (from the geome package) to return a false positive and abort, telling the user to first authenticate

Re: F24, small backward steps

On Tue, 13 Sep 2016, Ralf Corsepius wrote: This is a truly awful experiance from POV of a Fedora user filing bugs :-( We've set a silent trap for them with no warning of the fact that their bug reports are going to be ignored until Fedora EOL procedure closes them :-( One lesson I have

Re: F24, small backward steps

On Fri, 9 Sep 2016, Adam Williamson wrote: 2. fingerprint identification: The laptop has a fingerprint reader and it works fine. However I prefer not to use it. The user set up specifies that fingerprint login is disabled. However whenever I am asked for a password the

Re: Imaginary single quotes in ls ?

On Mon, 6 Jun 2016, bendem wrote: Are you using an alias like ls="ls --quoting-style=shell"? Not knowingly. Whatever I got, I got it from systems default. And yes this is an f-24 install. using a gnome-term if it matters. Paul On 06/06/2016 05:53 PM, Paul Wouters wrote: pau

Imaginary single quotes in ls ?

paul@thinkpad:/tmp/test$ touch foo bar baz paul@thinkpad:/tmp/test$ touch "touch and go" paul@thinkpad:/tmp/test$ ls -l total 0 -rw-rw-r--. 1 paul paul 0 Jun 6 11:48 bar -rw-rw-r--. 1 paul paul 0 Jun 6 11:48 baz -rw-rw-r--. 1 paul paul 0 Jun 6 11:48 foo -rw-rw-r--. 1 paul paul 0 Jun 6 11:49

Re: systemd 230 change - KillUserProcesses defaults to yes

On Fri, 3 Jun 2016, Lennart Poettering wrote: You are redefining the meaning of (a graphical) logout. It simply means another user can use the mouse, keyboard and screen of this device. It makes no statement on whether the machines resources are shared or not. Actually, with logind, current

Re: systemd 230 change - KillUserProcesses defaults to yes

> On Jun 1, 2016, at 09:48, Lennart Poettering wrote: > > Any scheme that relies on unprivileged programs "being nice" doesn't > fix the inherent security problem: after logout a user should not be > able consume further runtime resources on the system, regardless if he > does that because of a

Re: systemd 230 change - KillUserProcesses defaults to yes

On Thu, 2 Jun 2016, Lennart Poettering wrote: Well. Let's say you are responsible for the Linux desktops of a large security-senstive company (let's say bank, whatever), and the desktops are installed as fixed workstations, which different employees using them at different times. They log in,

Re: systemd 230 change - KillUserProcesses defaults to yes

On Sun, 29 May 2016, Chris Murphy wrote: On Fri, May 27, 2016 at 5:03 PM, Paul Wouters <p...@nohats.ca> wrote: If there is a systematic problem of badly written code leaving orphaned code running when a user logs out, then that broken code should be fixed instead of adding another

Re: systemd 230 change - KillUserProcesses defaults to yes

On Fri, 27 May 2016, Chris Murphy wrote: It seems to me systemd should be able to know the difference between a program that's zombie or unresponsive but isn't doing anything or is unresponsive but is doing something; and if not then some way for programs to say "hey wait just a minute, I need

Re: pidgin, was Re: Orphaned Packages in branched (2016-05-03)

On Mon, 9 May 2016, Jan Synacek wrote: I got a few of these warnings in the last few weeks and I'd like those to stop :) Is there any interest in supporting SILC? It's an old encryption chat protcol that I never used or never heard of someone using. Do the pidgin maintainers want to take the

pidgin, was Re: Orphaned Packages in branched (2016-05-03)

On Tue, 3 May 2016, opensou...@till.name wrote: libsilcorphan, cicku, nosnilmot 9 weeks ago Depending on: libsilc (12), status change: 2016-02-26 (9 weeks ago) pidgin (maintained by: jsynacek, itamarjp, jskarvad, mcrha, nosnilmot)

Re: mod_rewrite rule please? admin.fedoraproject.org/updates/packagename/ ?

On Mon, 21 Dec 2015, Michael Cronenworth wrote: On 12/21/2015 01:19 PM, Paul Wouters wrote: Could we have a mod_rewrite rule for bodhi.fedoraproject.org/updates/packagename ? One already existed. Have you not tried it? https://bodhi.fedoraproject.org/updates/libreswan I had in the past

mod_rewrite rule please? admin.fedoraproject.org/updates/packagename/ ?

Hi, I really miss the simple URL lookup to find links to the last few package builds of a certain package. Eg for libreswan, I could use: https://admin.fedoraproject.org/updates/libreswan/ Now I have to go search around and type in a package name, eg:

Re: F24 System Wide Change: Default Local DNS Resolver

On 12/12/2015 09:11 PM, Oron Peled wrote: > On Friday 11 December 2015 09:09:28 Paul Wouters wrote: >> On 12/09/2015 06:02 PM, Oron Peled wrote: >>> Why don't we plan this feature in two stages: >>> * Fedora 24: turn it on by default, but *keep using results

Re: F24 System Wide Change: Default Local DNS Resolver

On 12/14/2015 04:26 PM, Oron Peled wrote: >>> 2. dbus: >>>* The local DNS server would send specific DBUS signal (e.g: >>> net.dnsseq.InsecureDNSReply). >>>* A desktop process would listen on these signals and show proper >>> desktop notification. >> >> But these solutions can quickly

Re: F24 System Wide Change: Default Local DNS Resolver

On 12/09/2015 06:02 PM, Oron Peled wrote: > Why don't we plan this feature in two stages: > * Fedora 24: turn it on by default, but *keep using results* from bad DNS > servers, >just issue a user-visible warning, possibly with a link to a page with > friendly >explanation and

Re: F24 System Wide Change: Default Local DNS Resolver

On 12/09/2015 01:04 PM, Debarshi Ray wrote: > On Mon, Dec 07, 2015 at 10:48:55AM +0100, Tomas Hozza wrote: >> On 04.12.2015 15:57, Lennart Poettering wrote: >>> How do other popular desktop/consumer OSes deal with this? Windows, MacOS, >>> iOS, Android, ChromeOS? Does any of them do client-side

Re: F24 System Wide Change: Default Local DNS Resolver

On Mon, 7 Dec 2015, Lennart Poettering wrote: Hmm? If I work for a company "Foo Corp" that defined .foocorp as its private TLD, then I won't be able to access servers in that local network until I added .foocorp to a local whitelist Foo Corp should not have done that. If you had picked .hotel

Re: F24 System Wide Change: Default Local DNS Resolver

On Mon, 7 Dec 2015, Matthew Miller wrote: I read your whole post. Those possibilities seem pretty limited, from the point of view of serious regressions in Fedora usability. It isn't that I "like" Fedora being less than technically correct (especially around security-related features), but I

Re: F24 System Wide Change: Default Local DNS Resolver

On Mon, 7 Dec 2015, Lennart Poettering wrote: In case this is blocked on the network, Unbound is configured to tunnel the DNS queries to Fedora public infrastructure over TCP (80, 443) or SSL (443), in which case this is similar to the first situation, when Unbound forwards queries to the

Fwd: Re: F24 System Wide Change: Default Local DNS Resolver (fwd)

(resending - looks like mty @redhat.com is not subscribed) On 12/07/2015 04:48 AM, Tomas Hozza wrote: So, here's a question: in germany "Fritzbox" wifi routers are very popular. Their configuration page is reachable under the "fritz.box" pseudo-domain from inside their wifi network, and all

Re: F24 System Wide Change: Default Local DNS Resolver

On Mon, 7 Dec 2015, Florian Weimer wrote: Clearly, fedora cannot be changed to hijack a real domain, so Fritzbox better solve this quickly with an update, even if no one actually will update their router :( Well, AVM could just register fritz.box and leave it unsigned, which solves the

Re: F24 System Wide Change: Default Local DNS Resolver

On 12/07/2015 04:48 AM, Tomas Hozza wrote: >> So, here's a question: in germany "Fritzbox" wifi routers are very >> popular. Their configuration page is reachable under the "fritz.box" >> pseudo-domain from inside their wifi network, and all other systems on >> the network are also eachable below

Re: F24 System Wide Change: Default Local DNS Resolver

On Tue, 1 Dec 2015, Randy Barlow wrote: This sounds overall pretty neat to me! One detail came to my mind: how would this interact with VPN DNS servers? In my experience with VPNs, it's common for them to provide a DNS server that allows internal host resolution to work. Would this local

Re: F24 System Wide Change: Default Local DNS Resolver

On Tue, 1 Dec 2015, Björn Persson wrote: Tomas Hozza wrote: - dnssec-trigger does not do the Captive Portal detection and handling and we rather rely on NM for the detection and on Gnome Shell for the Portal login Can I assume that users of non-Gnome desktops will also

Re: SPF records @fedoraproject.org versus @lists.fedoraproject.org

And openpgpkey-milter :) And put in a TLSA record for their MX :) Paul Sent from my iPhone > On Oct 5, 2015, at 10:58, Michel Alexandre Salim > wrote: > > On a related note to that, it would be great if active Fedora contributors do > get to use an SMTP server with

Re: SPF records @fedoraproject.org versus @lists.fedoraproject.org

On Mon, 5 Oct 2015, Kevin Fenzi wrote: On Mon, 5 Oct 2015 11:04:40 -0400 Paul Wouters <p...@nohats.ca> wrote: And openpgpkey-milter :) And put in a TLSA record for their MX :) I don't think it makes much sense for Fedora Infrastructure to get into the business of being a SMTP

Re: python: dropping the .py files [was Re: Fedora 23 cloud image (and, for that matter, minimal anything)] bloat

On Fri, 25 Sep 2015, Matthew Miller wrote: On Thu, Sep 24, 2015 at 10:10:40AM +0200, Vít Ondruch wrote: Also, you might consider to ship the precompiled bytecode just optionally, using recommends. On contrary, if you insist on shipping the bytecode, why you don't drop the .py files? I see a

Re: Disable PulseAudio flat volumes to prevent it from pushing volume level to max

On Mon, 21 Sep 2015, Owen Taylor wrote: Experimenting with GNOME, the model presented to the user seems to be:  - Each application's volume control separate goes from 0-100% of the    maximum system volume.   - Adjusting each application is independent  - Modifying the system global volume

Re: bind: CVE-2015-5722 and CVE-2015-5986

On Fri, 4 Sep 2015, Bojan Smojver wrote: According to ISC, these two affect bind 9.10.2 as well (up to P3). There a no new builds (i.e. P4) for F22 of this package that I can see. Does anyone know why? Is there something Fedora specific that prevents these problems in F22 packages? I just

Re: Cleanup of Upstream Relase Monitoring bugs

On Wed, 2 Sep 2015, Vít Ondruch wrote: 3) Packages are updated, but the bug is kept open I would suggest probably to close the bugs for 1st category, the packages from 2nd category should be orphaned and the packages from 3rd category should not be monitored anymore. Any thoughts? I would

Re: perl-Net-DNS-SEC license correction

On Fri, 7 Aug 2015, Petr Šabata wrote: This package's license tag was wrong all along; the license tag will be corrected to `MIT'. Updates are on the way. hm, I had 1.01 packages pending.. Also, the license says GPL+ or Artistic. The README says: Permission to use, copy, modify, and

Re: gpg keys of older/newer fedora versions

On Wed, 5 Aug 2015, Neal Gompa wrote: I disagree that including the keys for EOL'd releases counts as encouraging people to use old stuff. If someone has a reason to be building RPMs for something way-old, I think it'd be nice for us to keep those GPG keys available for them. Agreed. Paul --

Re: gpg keys of older/newer fedora versions

On Fri, 17 Jul 2015, Zbigniew Jędrzejewski-Szmek wrote: [In light of https://bugzilla.redhat.com/show_bug.cgi?id=1241383] 'dnf install --installroot=... --releasever=XX dnf' can be used to bootstrap a Fedora chroot. The only snag is that --nogpg is often recommended, because fedora-repos only

Re: Summary of Thursday's call between GNOME and NM devels and Default DNS resolver change owners

On Fri, 17 Jul 2015, Chuck Anderson wrote: What doesn't work in your experience with the captive portal stuff? Usually, the dnssec-triggerd captive portal detection pops up a dialog, and when I click log in nothing happens. When I click skip (sorry I might be forgetting the exact button

Re: dnssec-trigger + GNOME + NetworkManager integration

And dnssec-validator.cx for a Firefox/chrome plugin that you can see in action against fedoraproject.org that already deploys this Sent from my iPhone On Jul 3, 2015, at 10:43, Petr Spacek pspa...@redhat.com wrote: On 2.7.2015 17:56, Michael Catanzaro wrote: On Thu, 2015-07-02 at 16:38

  1   2   3   4   5   >