Am 30.04.2014 20:38, schrieb Dan Williams:
There's really no guessing what's trusted/not-trusted unless you're
using 802.1x/WPA Enterprise, or if the user has told you explicitly to
trust this network
thank you!
signature.asc
Description: OpenPGP digital signature
--
devel mailing list
looks like https://fedoraproject.org/wiki/Features/DracutHostOnly over
the long has the opposite effect and more and more modules are included
in the hostonly-initrd because regressions right and left
people who used hostonly before the feature on machines where
it is fine where down below 5 MB,
Am 29.04.2014 20:51, schrieb Chris Adams:
Once upon a time, Marcelo Ricardo Leitner marcelo.leit...@gmail.com said:
You're considering only the escalation way to do it, but there are
other ways to exploit code laying around, like when some web pages
don't sanitize the URL enough and end up
Am 29.04.2014 21:17, schrieb Chris Adams:
Once upon a time, Reindl Harald h.rei...@thelounge.net said:
wrong question - is /bin/sh used?
if the answer is yes then the anser to your question is no
the point is remove anything *unneeded* from production systems
that are best practices
Am 29.04.2014 21:36, schrieb Andrew Lutomirski:
On Tue, Apr 29, 2014 at 12:33 PM, Reindl Harald h.rei...@thelounge.net
wrote:
simple example:
* binary XYZ is vulerable for privilege escalation
This makes no sense...
for you
* we talk about a *local* exploit until now
...I don't
Am 29.04.2014 21:31, schrieb Daniel J Walsh:
On 04/29/2014 03:17 PM, Chris Adams wrote:
Once upon a time, Reindl Harald h.rei...@thelounge.net said:
wrong question - is /bin/sh used?
if the answer is yes then the anser to your question is no
the point is remove anything *unneeded* from
Am 29.04.2014 21:59, schrieb Chris Adams:
Once upon a time, Reindl Harald h.rei...@thelounge.net said:
simple example:
* binary XYZ is vulerable for privilege escalation
A local, non-privileged binary cannot be vulerable for privilege
escalation. If I can run a non-privileged binary
Am 29.04.2014 22:22, schrieb Chris Adams:
Once upon a time, Reindl Harald h.rei...@thelounge.net said:
don't get me wrong but you are talking bullshit
Put up or shut up
i shut when i say - not when you say
https://www.google.com/search?q=local+root+exploit+CVE
google as example for CVE
Am 29.04.2014 23:00, schrieb Chris Adams:
Once upon a time, Reindl Harald h.rei...@thelounge.net said:
google as example for CVE-2014-0038 and as i already explained
you: a attacker has no shell, you have two ways to force a existing
local exploit by a web-application:
A: try to get
Am 29.04.2014 23:09, schrieb Andrew Lutomirski:
If you want to go down that path, set up selinux to prevent execing
things that oughtn't to be execed. But trying to prevent exploits
from working by removing every possible helper from the path is a
losing proposition and is just not worth
Am 29.04.2014 23:20, schrieb Chris Adams:
Once upon a time, Reindl Harald h.rei...@thelounge.net said:
defense in depth means limit the attack surface as much as you can
No, because as much as you can is turn the system off and bury it in
concrete (with an armed guard).
The goal
Am 29.04.2014 23:33, schrieb Martin Langhoff:
On Tue, Apr 29, 2014 at 5:28 PM, Chris Adams:
Once upon a time, Reindl Harald h.rei...@thelounge.net:
however, thank you to show me that any discussion with you is worthless
Right back at you.
The CoC does say a few things
Am 28.04.2014 12:42, schrieb David Woodhouse:
On Mon, 2014-04-21 at 09:42 +0200, Reindl Harald wrote:
Am 21.04.2014 03:39, schrieb Lars Seipel:
Nicely aligning with the current firewall thread I noticed that one of
my machines was running the exim MTA for the last few days, dutifully
Am 28.04.2014 18:52, schrieb Miloslav Trmač:
2014-04-28 12:42 GMT+02:00 David Woodhouse dw...@infradead.org
mailto:dw...@infradead.org:
On Mon, 2014-04-21 at 09:42 +0200, Reindl Harald wrote:
Am 21.04.2014 03:39, schrieb Lars Seipel:
Nicely aligning with the current
Am 28.04.2014 19:04, schrieb Miloslav Trmač:
2014-04-28 18:59 GMT+02:00 Reindl Harald h.rei...@thelounge.net
mailto:h.rei...@thelounge.net:
Am 28.04.2014 18:52, schrieb Miloslav Trmač:
No no no no no. If you want a firewall integrated /that/ way, you
are really
better
Am 28.04.2014 19:27, schrieb Miloslav Trmač:
2014-04-28 19:13 GMT+02:00 Reindl Harald:
Well if the users' expectations were that the firewall doesn't
interfere with Fedora applications, why
would they
expect it to interfere with non-Fedora applications?
do i really need
Am 28.04.2014 19:36, schrieb Miloslav Trmač:
2014-04-28 19:33 GMT+02:00 Reindl Harald h.rei...@thelounge.net
mailto:h.rei...@thelounge.net:
Am 28.04.2014 19:27, schrieb Miloslav Trmač:
2014-04-28 19:13 GMT+02:00 Reindl Harald:
you can make signed fedora packages trusted
Am 26.04.2014 11:24, schrieb Michael Scherer:
Le vendredi 25 avril 2014 à 19:30 +0200, Miloslav Trmač a écrit :
And it's not only commercial software; private projects that make no
sense to publish (such as a company's web site) are equally affected
such changes. Simply spoken, if we care
Am 25.04.2014 12:40, schrieb Jóhann B. Guðmundsson:
On 04/24/2014 04:30 PM, Miloslav Trmač wrote:
Only those that are maintained directly inside Fedora.
Which is what we care about we cannot hold back progress in the
distribution based on someone, someplace, somewhere might be using
Am 25.04.2014 12:58, schrieb Jóhann B. Guðmundsson:
On 04/25/2014 10:50 AM, Reindl Harald wrote:
Am 25.04.2014 12:40, schrieb Jóhann B. Guðmundsson:
On 04/24/2014 04:30 PM, Miloslav Trmač wrote:
Only those that are maintained directly inside Fedora.
Which is what we care about we cannot
Am 25.04.2014 13:12, schrieb Lukáš Nykrýn:
Dne 25.4.2014 12:50, Reindl Harald napsal(a):
Am 25.04.2014 12:40, schrieb Jóhann B. Guðmundsson:
On 04/24/2014 04:30 PM, Miloslav Trmač wrote:
Only those that are maintained directly inside Fedora.
Which is what we care about we cannot hold back
Am 25.04.2014 16:10, schrieb Petr Spacek:
I'm trying to rebuild bind-9.9.4-12.P2.fc20.src.rpm with
CFLAGS=$CFLAGS $RPM_OPT_FLAGS -O0 -ggdb.
I did the simplest possible thing - edited the original spec file (see
spec.diff) and built the package:
$ rpmbuild -ba bind.spec
The package
Am 25.04.2014 16:43, schrieb Petr Spacek:
On 25.4.2014 16:28, Reindl Harald wrote:
Am 25.04.2014 16:10, schrieb Petr Spacek:
I'm trying to rebuild bind-9.9.4-12.P2.fc20.src.rpm with
CFLAGS=$CFLAGS $RPM_OPT_FLAGS -O0 -ggdb.
I did the simplest possible thing - edited the original spec file
Am 25.04.2014 17:10, schrieb Adam Jackson:
On Fri, 2014-04-25 at 16:50 +0200, Reindl Harald wrote:
but it don't justify incompatible flags
IMHO you enter the area of undefined behavior with that
Your humble opinion is misguided, building without _FORTIFY_SOURCE is an
entirely reasonable
Am 25.04.2014 19:30, schrieb Miloslav Trmač:
2014-04-25 12:40 GMT+02:00 Jóhann B. Guðmundsson:
Which is what we care about we cannot hold back progress in the
distribution based on someone, someplace,
somewhere might be using legacy cruff.
It's better for everybody they
Am 26.04.2014 02:01, schrieb Jóhann B. Guðmundsson:
On 04/25/2014 10:53 PM, Miloslav Trmač wrote:
I don't think our foundations ever implied that we need or want to be a
closed ecosystem restricted to only the
repository we produce. The just don't address this.
You must understand we
Am 23.04.2014 07:52, schrieb Liam:
On Apr 22, 2014 5:09 AM, Christian Schaller wrote:
I think this is a misunderstanding of who a developer might be and why they
choose
a system. Those of my friends and acquaintances, who are developers and who
over the
years have decided to switch their
Am 22.04.2014 19:01, schrieb Miloslav Trmač:
2014-04-22 13:40 GMT+02:00 Stephen Gallagher sgall...@redhat.com
mailto:sgall...@redhat.com:
3) Recovery and auditing are more important than prevention.
This is /only/ true for large managed enterprises, where recovery is possible
in
Am 21.04.2014 06:17, schrieb Orcan Ogetbil:
On Sun, Apr 20, 2014 at 6:59 PM, drago01 drag...@gmail.com wrote:
There is difference between a software developer, a sysadmin and a
user that simply wants to share his music with his family. The latter
should not have to learn about computer
Am 21.04.2014 03:39, schrieb Lars Seipel:
Nicely aligning with the current firewall thread I noticed that one of
my machines was running the exim MTA for the last few days, dutifully
listening on all interfaces
and now it is *proven for sure* that disable the firewall
by default is the most
Am 21.04.2014 10:25, schrieb drago01:
I did learn those things so did probably you and Harald but designing
an operating system that requires deep technical understanding to be
used is just a failure on our part
you don't get it - ship dangerous defaults is just a failure on our part
the
Am 21.04.2014 11:13, schrieb drago01:
On Mon, Apr 21, 2014 at 10:50 AM, Reindl Harald h.rei...@thelounge.net
wrote:
Am 21.04.2014 10:25, schrieb drago01:
I did learn those things so did probably you and Harald but designing
an operating system that requires deep technical understanding
Am 21.04.2014 12:58, schrieb Mauricio Tavares:
On Mon, Apr 21, 2014 at 3:42 AM, Reindl Harald h.rei...@thelounge.net wrote:
Am 21.04.2014 03:39, schrieb Lars Seipel:
Nicely aligning with the current firewall thread I noticed that one of
my machines was running the exim MTA for the last few
Am 20.04.2014 20:19, schrieb drago01:
On Sun, Apr 20, 2014 at 6:53 PM, Kevin Kofler kevin.kof...@chello.at wrote:
Christian Schaller wrote:
where we at the same time need to allow each user to have any port they
desire opened for traffic to make sure things like DLNA or Chromecast
works.
Am 20.04.2014 22:44, schrieb drago01:
On Sun, Apr 20, 2014 at 10:15 PM, Reindl Harald h.rei...@thelounge.net
wrote:
Am 20.04.2014 20:19, schrieb drago01:
On Sun, Apr 20, 2014 at 6:53 PM, Kevin Kofler kevin.kof...@chello.at
wrote:
Christian Schaller wrote:
where we at the same time need
Am 20.04.2014 23:44, schrieb drago01:
On Sun, Apr 20, 2014 at 10:56 PM, Reindl Harald h.rei...@thelounge.net
wrote:
after you booted the new installed machine and open ports of
possible vulnerable services which needs updatdes it is
*too late* to enable the firewall for preventing already
Am 21.04.2014 00:22, schrieb drago01:
On Mon, Apr 21, 2014 at 12:02 AM, Reindl Harald h.rei...@thelounge.net
wrote:
* there are network services enabled by default
Again that's a bug and a viloation of the guidelines. Which services
are you talking about?
Please file bugs.
please
Am 21.04.2014 00:59, schrieb drago01:
On Mon, Apr 21, 2014 at 12:39 AM, Reindl Harald h.rei...@thelounge.net
wrote:
There have been other suggestions in this thread that are helpful like
the network zones thing (but we still have too many zones) or enabling
services should make them work
Am 17.04.2014 09:50, schrieb David Tardon:
On Thu, Apr 17, 2014 at 12:48:47AM +0200, Reindl Harald wrote:
why do whe have that always with libreoffice?
I will send a note to the editors of Oxford English Dictionary that
always has been redefined to mean in less than 10 % of cases. If I
Am 17.04.2014 16:16, schrieb Sérgio Basto:
On Qui, 2014-04-17 at 00:48 +0200, Reindl Harald wrote:
why do whe have that always with libreoffice?
the broken build hangs around for 30 hours in the repo
the supposed to fix that one is not pushed
even with using the koji-repo no way t osolve
Am 17.04.2014 16:19, schrieb Reindl Harald:
Am 17.04.2014 16:16, schrieb Sérgio Basto:
I don't broken deps [1] , the important is why you got broken deps
[1] yum --enablerepo=updates-testing update --advisory FEDORA-2014-5062
I'm installing libreoffice-4.2.3.3-4, and you are installing
Am 17.04.2014 18:26, schrieb Paul Wouters:
On Thu, 17 Apr 2014, Daniel J Walsh wrote:
Didn't mean to accuse you of saying that. I do like the idea of asking
if you are on a trusted network.
For DNS issues we have similar issues. A sane default seems to be that
if you plugin a cable or
why do whe have that always with libreoffice?
the broken build hangs around for 30 hours in the repo
the supposed to fix that one is not pushed
even with using the koji-repo no way t osolve that
Am 15.04.2014 11:01, schrieb Jaroslav Reznik:
= Proposed System Wide Change: Workstation: Disable firewall =
https://fedoraproject.org/wiki/Changes/Workstation_Disable_Firewall
Change owner(s): Matthias Clasen mcla...@redhat.com
The firewalld service will not be enabled by default in
Am 15.04.2014 11:32, schrieb drago01:
On Tue, Apr 15, 2014 at 11:18 AM, Reindl Harald h.rei...@thelounge.net
wrote:
User Experience
Applications that are using sharing protocols such as DAAP or
UPnP will work out of the box, without the need to tweak or
disable the firewall service
Am 15.04.2014 11:32, schrieb drago01:
do we really want to go the way of dangerous defaults without
... dangerous ?
So install the workstation package set. Boot it up. Disable the firewall.
Which kind of vulnerabilities are able to find? Which ports are
accessible?
Avahi at least
Am 15.04.2014 15:59, schrieb Michael Catanzaro:
On Tue, 2014-04-15 at 14:35 +0200, Zbigniew Jędrzejewski-Szmek wrote:
What needs to be done to improve the firewall integration?
Zbyszek
The rule in the Workstation technical spec is: A firewall in its
default configuration may not interfere
Am 15.04.2014 16:28, schrieb Christian Schaller:
- Original Message -
From: Reindl Harald h.rei...@thelounge.net
To: devel@lists.fedoraproject.org
Sent: Tuesday, April 15, 2014 11:40:20 AM
Subject: Re: F21 System Wide Change: Workstation: Disable firewall
Am 15.04.2014 11:32
Am 15.04.2014 17:40, schrieb Andrew Lutomirski:
On Tue, Apr 15, 2014 at 7:42 AM, Reindl Harald h.rei...@thelounge.net wrote:
that is pretty easy - defaults have to be closed anything and the user
have to make a choice for, otherwise if there are cirtical security
updates after a release you
Am 15.04.2014 18:13, schrieb Andrew Lutomirski:
On Tue, Apr 15, 2014 at 9:04 AM, Christopher ctubb...@apache.org wrote:
Ideally, users would have complete knowledge of the behavior of every
piece of software in their system that utilizes the network, in which
case, they could very easily get
Am 15.04.2014 18:38, schrieb Mateusz Marzantowicz:
On 15.04.2014 11:40, Reindl Harald wrote:
it is not a point of *what i can do and do*
it is a point what the ordinary 08/15 user does which assumes
to have a by default secure system after install
Fedora is not for ordinary users. Fedora
Am 15.04.2014 18:51, schrieb Andrew Lutomirski:
On Tue, Apr 15, 2014 at 9:44 AM, Reindl Harald h.rei...@thelounge.net wrote:
Am 15.04.2014 17:40, schrieb Andrew Lutomirski:
On Tue, Apr 15, 2014 at 7:42 AM, Reindl Harald h.rei...@thelounge.net
wrote:
How about having an API where things
Am 15.04.2014 19:05, schrieb Andrew Lutomirski:
On Tue, Apr 15, 2014 at 10:00 AM, Reindl Harald h.rei...@thelounge.net
wrote:
Am 15.04.2014 18:51, schrieb Andrew Lutomirski:
On Tue, Apr 15, 2014 at 9:44 AM, Reindl Harald h.rei...@thelounge.net
wrote:
Am 15.04.2014 17:40, schrieb Andrew
Am 15.04.2014 20:03, schrieb Andreas Tunek:
I just want to say that I really support this feature. I do not see
any point in a firewall for a Workstation.
that's obviously
BTW, while we are on the subject, does anyone know how to actually
disable the firewall in Fedora 20? I haven't
Am 15.04.2014 20:18, schrieb Andreas Tunek:
2014-04-15 20:08 GMT+02:00 Reindl Harald h.rei...@thelounge.net:
Am 15.04.2014 20:03, schrieb Andreas Tunek:
I just want to say that I really support this feature. I do not see
any point in a firewall for a Workstation.
that's obviously
BTW
Am 15.04.2014 22:19, schrieb Andreas Tunek:
2014-04-15 21:28 GMT+02:00 Reindl Harald h.rei...@thelounge.net:
Am 15.04.2014 20:18, schrieb Andreas Tunek:
2014-04-15 20:08 GMT+02:00 Reindl Harald h.rei...@thelounge.net:
Am 15.04.2014 20:03, schrieb Andreas Tunek:
I just want to say that I
Am 13.04.2014 08:42, schrieb Simo Sorce:
* DNS cache should be flushed on route or interface state change.
I do not see why, the only reason to flush a cache is when there is a
DNS change (new interface, eg VPN coming up, or going away)
because if i change my routing from ISP to VPN i want
Am 12.04.2014 13:25, schrieb William Brown:
Consider, I get home, and open my laptop. Cache is cleared,
and I'm now populating that cache with the contents from the ISP.
No, why contents from ISP? Local resolver will populate cache from root
servers, no?
This isn't how DNS works .
Am 12.04.2014 15:31, schrieb Chuck Anderson:
On Sat, Apr 12, 2014 at 02:09:19PM +0800, P J P wrote:
On Saturday, 12 April 2014 11:11 AM, William Brown wrote:
Say I have freshly installed my fedora system at home. I then boot it up
and start to use it. My laptop is caching DNS results all the
Am 12.04.2014 16:16, schrieb Chuck Anderson:
On Sat, Apr 12, 2014 at 04:03:14PM +0200, Reindl Harald wrote:
Am 12.04.2014 15:31, schrieb Chuck Anderson:
I disagree. You can still do DNSSEC validation with a local caching
resolver and configure that local resolver to forward all queries
Am 12.04.2014 16:55, schrieb Paul Wouters:
On Sat, 12 Apr 2014, Reindl Harald wrote:
a DNS server doing recursion don't ask any forwarder
That's wrong. a DNS server can use a forwareder for some or all of its
recursive queries. unbound+dnssec-triggerd mostly cause unbound to do
full
Am 12.04.2014 17:05, schrieb Paul Wouters:
On Sat, 12 Apr 2014, Reindl Harald wrote:
nonsense - there are so much ISP nameservers broken out there
responding with wildcards and so on that you can not trust them
and you will realize that if not before after you started to run
a production
Am 12.04.2014 17:11, schrieb Paul Wouters:
On Sat, 12 Apr 2014, Reindl Harald wrote:
we should not do anything - because we don't have a clue about the
network of the enduser
We know and handle a lot more than you think already using unbound with
dnssec-trigger and VPNs. Why don't you
Am 12.04.2014 17:21, schrieb Paul Wouters:
On Sat, 12 Apr 2014, Reindl Harald wrote:
That's wrong. a DNS server can use a forwareder for some or all of its
recursive queries. unbound+dnssec-triggerd mostly cause unbound to do
full recursion but using the ISP nameserver as forward for all
Am 13.04.2014 03:07, schrieb Paul Wouters:
On Sun, 13 Apr 2014, William Brown wrote:
When they change records in their local zones, they don't want
to have to flush caches etc. If their ISP is unreliable, or their own
DNS is unreliable, a DNS cache will potentially mask this issue delaying
Am 11.04.2014 16:30, schrieb Jaroslav Reznik:
=== Description ===
An empty /etc/securetty file prevents root login on any devices attached to
the computer.
=== Effects ===
Prevents access to the root account via the console or the network. The
following programs are '''prevented''' from
Am 09.04.2014 22:05, schrieb Billy Crook:
I would like to see logic like this:
manpage files don't get installed unless/until:
1) packagename-manpages is requested to be installed by the user. that
package would require the 'man' package.
OR
2) package is installed AND man is installed.
Am 09.04.2014 23:01, schrieb Billy Crook:
On Wed, Apr 9, 2014 at 3:41 PM, Reindl Harald h.rei...@thelounge.net
mailto:h.rei...@thelounge.net wrote:
Am 09.04.2014 22:05, schrieb Billy Crook:
I would like to see logic like this:
manpage files don't get installed unless
Am 10.04.2014 00:00, schrieb Jóhann B. Guðmundsson:
On 04/09/2014 09:12 PM, Ralf Corsepius wrote:
On 04/09/2014 10:05 PM, Billy Crook wrote:
I would like to see logic like this:
manpage files don't get installed unless/until:
1) packagename-manpages is requested to be installed by the
Am 04.04.2014 04:44, schrieb Andrew Lutomirski:
On Apr 3, 2014 7:18 PM, Reindl Harald h.rei...@thelounge.net wrote:
besides that it is the wrong list:
What's the right list?
the users list, not the developers list
grub2-install
$ grub2-install
/usr/sbin/grub2-probe: error: cannot
Am 03.04.2014 16:32, schrieb quickbooks office:
This change will not affect logging into the console using the local
account and then doing su to get root privileges.
Is there a problem with logging into the local user account and then
typing su and the root password?
i do *not* need a
Am 03.04.2014 19:47, schrieb drago01:
Note: I didn't look at the bugs
then please don't answer at all
signature.asc
Description: OpenPGP digital signature
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct:
Am 03.04.2014 19:54, schrieb drago01:
On Thu, Apr 3, 2014 at 7:52 PM, Reindl Harald h.rei...@thelounge.net wrote:
Am 03.04.2014 19:47, schrieb drago01:
Note: I didn't look at the bugs
then please don't answer at all
What I wrote does not depend on what the bugs actually are
it does
Am 03.04.2014 20:00, schrieb Adam Jackson:
On Thu, 2014-04-03 at 19:31 +0200, Reindl Harald wrote:
and if someone asks why i called Lennart in #1072368
names
We didn't, and no justification would matter. It's not acceptable
behaviour, and you need to knock it off.
i know
Am 03.04.2014 21:44, schrieb Martin Langhoff:
On Thu, Apr 3, 2014 at 3:08 PM, Reindl Harald h.rei...@thelounge.net wrote:
Am 03.04.2014 20:00, schrieb Adam Jackson:
On Thu, 2014-04-03 at 19:31 +0200, Reindl Harald wrote:
and if someone asks why i called Lennart in #1072368
names
We didn't
Am 03.04.2014 22:04, schrieb Kevin Fenzi:
Bad behavior in response to bad behavior just feeds a positive feedback
cycle ( http://en.wikipedia.org/wiki/Positive_feedback ).
The way to break out of it is for the person you control (namely YOU)
to behave well. If others don't do so, things
Am 03.04.2014 22:32, schrieb Adam Williamson:
On Thu, 2014-04-03 at 19:31 +0200, Reindl Harald wrote:
will that below ever get fixed in F20?
https://bugzilla.redhat.com/show_bug.cgi?id=1072368
The developer does not consider it to be a bug. You may disagree, but so
far, you don't seem
Am 03.04.2014 22:37, schrieb Richard Hughes:
On 3 April 2014 20:00, Adam Jackson a...@redhat.com wrote:
We didn't, and no justification would matter. It's not acceptable
behaviour, and you need to knock it off.
I'm not the only developer considering unsubscribing from fedora-devel
because
Am 03.04.2014 22:46, schrieb Martin Langhoff:
On Thu, Apr 3, 2014 at 4:41 PM, Reindl Harald h.rei...@thelounge.net wrote:
Am 03.04.2014 22:32, schrieb Adam Williamson:
On Thu, 2014-04-03 at 19:31 +0200, Reindl Harald wrote:
will that below ever get fixed in F20?
https://bugzilla.redhat.com
Am 04.04.2014 03:08, schrieb Andrew Lutomirski:
Once upon a time (Fedora 15? -- I've lost track), it was possible to
reinstall the bootloader using grub-install.
besides that it is the wrong list: grub2-install
Nowadays it's a clusterfsck. I've managed to screw up my bootloader. Is
Am 02.04.2014 19:29, schrieb Chris Adams:
Once upon a time, Jaroslav Reznik jrez...@redhat.com said:
- Original Message -
[CHANGE PROPOSAL] The securetty file is empty by default
All the info has been sitting here @
Am 02.04.2014 20:18, schrieb Mikolaj Izdebski:
lbzip2 is a mature project and it has been used in production for years. It
is
already packaged for Fedora and it is also available in EPEL.
A quick check shows lbzip2 doesn't provide a library interface, much less
one compatible with
Am 29.03.2014 15:54, schrieb Orion Poplawski:
What gives you the impression that fail2ban is crusty? It's being
actively developed upstream and integrates with firewalld now. Are
those particularly onerous dependencies?
and that is the problem / difference to tcpwrapper
it integrates in
Am 28.03.2014 14:39, schrieb Petr Lautrbach:
On 03/20/2014 08:05 PM, Lennart Poettering wrote:
On Thu, 20.03.14 12:20, Stephen John Smoogen (smo...@gmail.com) wrote:
I doubt there are many people even using them anymore, firewalls are
more comprehensive and a lot more powerful, and while
Am 28.03.2014 14:48, schrieb Petr Lautrbach:
On 03/28/2014 02:44 PM, Reindl Harald wrote:
- every change in sshd_config has to be confirmed by sshd restart, while
changing hosts.deny doesn't need
any other action
no - try it out!
make a fatal syntax error in sshd_config and in case
Am 26.03.2014 16:28, schrieb Bill Nottingham:
Jaroslav Reznik (jrez...@redhat.com) said:
= Proposed System Wide Change: PrivateDevices=yes and PrivateNetwork=yes For
Long-Running Services =
https://fedoraproject.org/wiki/Changes/PrivateDevicesAndPrivateNetwork
Change owner(s): Lennart
Am 26.03.2014 18:52, schrieb Stephen Gallagher:
On 03/26/2014 11:30 AM, Reindl Harald wrote:
i just tried on F20 and PrivateDevices is not known sadly because
i have some services in mind where i would like that
Mär 26 15:51:55 testserver.rhsoft.net systemd[1]:
[/usr/lib/systemd/system
Am 26.03.2014 22:47, schrieb Kevin Kofler:
Sergio Belkin wrote:
Hmmm... but NetworkManager should think in desktop users (ok, somewhat
power desktop users) that install a new release/distro and a user
configuration should be completely independent. Or at least give the
chance to save either
Am 25.03.2014 15:22, schrieb Jóhann B. Guðmundsson:
On 03/25/2014 01:24 PM, Matthew Miller wrote:
On Mon, Mar 24, 2014 at 09:17:20PM +0100, Reindl Harald wrote:
For the record Fedora is not a bleeding edge distro anymore or first in
anything
maybe some people should consider the difference
Am 25.03.2014 15:54, schrieb Jóhann B. Guðmundsson:
On 03/25/2014 02:41 PM, Reindl Harald wrote:
stop your destructive FUD, without users developers and contributors are
*meaningless*
and with throwing alpha-state software to the users and make them bleed all
the
time you will end
Am 24.03.2014 12:57, schrieb Nicolas Mailhot:
Le Sam 22 mars 2014 01:20, Miloslav Trmač a écrit :
The RHEL documentation, apart from fully describing the abilities,
specifically describes two uses: a ftpd banner
Surprisingly, ftp is still widely used entreprise-side, because ssh is
Am 24.03.2014 13:21, schrieb Florian Weimer:
On 03/24/2014 01:06 PM, Reindl Harald wrote:
Am 24.03.2014 12:57, schrieb Nicolas Mailhot:
Le Sam 22 mars 2014 01:20, Miloslav Trmač a écrit :
The RHEL documentation, apart from fully describing the abilities,
specifically describes two uses
Am 24.03.2014 13:26, schrieb Florian Weimer:
On 03/24/2014 01:23 PM, Reindl Harald wrote:
It's still very difficult to securely process uploaded files under a
different user account. Some SFTP clients set
restrictive permissions on upload, and the OpenSSH implementation does not
allow
Am 24.03.2014 20:27, schrieb Jóhann B. Guðmundsson:
But certain people seem to rather want to drown Fedora in bureaucracy and
vague future proposals
and working groups instead of doing what needs to be done.
no, certain people want to do something *useful* with their sytems and precious
Am 24.03.2014 20:30, schrieb Jóhann B. Guðmundsson:
Being at the bleeding edge of things also means deciding that
some things really should go, from time to time... Besides deprecating
old cruft like libwrap, this would also mean removing all the old crap
from comps standard that we still
Am 24.03.2014 21:32, schrieb Lennart Poettering:
On Mon, 24.03.14 20:59, Reindl Harald (h.rei...@thelounge.net) wrote:
Am 24.03.2014 20:27, schrieb Jóhann B. Guðmundsson:
But certain people seem to rather want to drown Fedora in bureaucracy and
vague future proposals
and working groups
Am 24.03.2014 21:51, schrieb Lennart Poettering:
On Mon, 24.03.14 21:45, Reindl Harald (h.rei...@thelounge.net) wrote:
and that is the problem with you attitude
Okeydokey, as you wish, you are now in my killfile
so what - why should i case about beeing in the killfile
of people which
Am 24.03.2014 22:22, schrieb Peter Robinson:
Interesting! You sent the email starting this thread a mere 4 days
ago, two of those a weekend. You've not given it a chance to even go
to FESCo meeting for discussion. Did you send it in the same way to
the rest of the distros that depend, or are
Am 24.03.2014 22:53, schrieb Jóhann B. Guðmundsson:
By the way the kernel does not have a proper deprecation process which is
accurately reflected in all the code that
is bit-rotting there so it's not the holy grail of code maintenance as you
let it out to be
the kernel at least has the
Am 22.03.2014 03:07, schrieb Lennart Poettering:
On Fri, 21.03.14 23:46, Reindl Harald (h.rei...@thelounge.net) wrote:
if you believe it or not: there exists code which don't neeed
updates and reweites all te time because it just works and given
You do realize that if software
801 - 900 of 2086 matches
Mail list logo