e years ago), they
are cached for a period of time, so they may look stable in busy
projects where you have regular downloads that keep the cache alive,
but they are *regenerated* from the tag for seldom downloaded tarballs.
And when that happens then hashes change.
Simo.
--
Simo Sorce
Dis
On Tue, 2023-10-03 at 23:13 +0200, Leon Fauster via devel wrote:
> Am 03.10.23 um 21:29 schrieb Simo Sorce:
> > On Tue, 2023-10-03 at 20:55 +0200, Leon Fauster via devel wrote:
> > > Am 03.10.23 um 20:46 schrieb Sérgio Basto:
> > > > On Tue, 2023-10-03 at 13:13
On Tue, 2023-10-03 at 20:55 +0200, Leon Fauster via devel wrote:
> Am 03.10.23 um 20:46 schrieb Sérgio Basto:
> > On Tue, 2023-10-03 at 13:13 -0500, Michael Catanzaro wrote:
> > > On Tue, Oct 3 2023 at 01:19:20 PM -0400, Simo Sorce
> > > wrote:
> > > >
s part of CentOS Stream.
If that is not enough for you, that's fine, just do not spread false
information.
Thanks,
Simo.
--
Simo Sorce,
DE @ RHEL Crypto Team,
Red Hat, Inc
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubsc
On Wed, 2023-08-30 at 09:11 +0100, Peter Robinson wrote:
> On Mon, Aug 28, 2023 at 9:50 PM Simo Sorce wrote:
> >
> > On Mon, 2023-08-28 at 15:14 -0500, Chris Adams wrote:
> > > Once upon a time, Richard Hughes said:
> > > > On Mon, 28 Aug 2023 at 16:27, L
On Tue, 2023-08-29 at 20:07 +0100, Richard Hughes wrote:
> On Tue, 29 Aug 2023 at 18:54, Simo Sorce wrote:
> > That depends on how you are going to handle re-installs of peers in the
> > network where the certificate will start mismatching ...
>
> In event of a mismatch
nd they
download the whole thing.
This means it is up to you to decide how many delta files to keep for
how long.
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to de
On Mon, 2023-08-28 at 22:07 +0100, Richard Hughes wrote:
> On Mon, 28 Aug 2023 at 21:50, Simo Sorce wrote:
> > It could be improved by using TOFU, so that the window of impersonation
> > is small, but requires clients to cache an association and then has
> > weird fail
of certificates for authentication,
will be faster, and will give you the "fake-secure" TLS tunnel without
the self-signed cert headache I think ... (not endorsing this option,
just mentioning it).
HTH,
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
covery" partition if you update the
contents of the second partition only after successful reboot after
update of the first...
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
___
devel mailing list -- devel@lists.fedoraproject.org
To uns
On Wed, 2023-05-10 at 18:46 +0200, Lennart Poettering wrote:
> On Mi, 10.05.23 11:20, Simo Sorce (s...@redhat.com) wrote:
>
> > It sounds reasonable for sure.
> > The only concern is, given Microsoft creates at most 500MB ESP
> > partitions, are we sure all UEFI systems
On Wed, 2023-05-10 at 12:00 -0400, Neal Gompa wrote:
> On Wed, May 10, 2023 at 11:12 AM Simo Sorce wrote:
> >
> > On Tue, 2023-05-09 at 12:37 -0400, Neal Gompa wrote:
> > > On Tue, May 9, 2023 at 12:31 PM Lennart Poettering
> > > wrote:
> > > >
>
e the number of kernels by having *only* one UKI and a
rescue one that can be used to restore the previous working UKI from
/root if the active one fails?
Or perhaps just have always 2 UKI (current, and former working).
Do we actually need a separate dedicated rescue UKI? Can't rescue be
implemented
it image needed to unlock and
mount the root partition.
There is no point in building a more complex system than that and load
tons of garbage drivers in the EFI.
Booting is a staged system, and should be kept as simple as possible to
avoid duplication (which means subtle bugs and a ton of mainten
ory we could make it simpler by sending back a message that
requires just a click to subscribe/authorize the email by a real user,
if they intend to do so, on their first email to a mailing list.
We could also allow posting to other mailing lists if the email address
is subscribed to any other list.
I reali
need to discuss what is really needed. Numbers shouldn't be priority
number one, unless there are other underlying issues.
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubsc
On Fri, 2023-04-21 at 14:27 -0400, Matthew Miller wrote:
> On Fri, Apr 21, 2023 at 11:37:20AM -0400, Simo Sorce wrote:
> > So I registered the account, added the email I want to get
> > notifications at, and selected a few topics.
> >
> > First impressions.
> >
bedded in the email, so all that
information is unavailable offline or for archival (and in my
configuration requires to actively pull images as I configured my
client to not pull 3rd party content automatically for privacy and
security reasons).
I have not tried to reply to anything,
rm the Fedora devel list into something new
> =======
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
htt
On Thu, 2023-04-06 at 12:56 -0400, Owen Taylor wrote:
> On Thu, Apr 6, 2023 at 12:32 PM Simo Sorce wrote:
>
> > On Mon, 2023-04-03 at 16:18 -0500, Michael Catanzaro wrote:
> > > On Mon, Apr 3 2023 at 01:41:48 PM -0700, Brian C. Lane
> > > wrote:
> >
ber to visit for updates.
>
> There is a notification bell in the right sidebar. Click it. ;)
>
Or we can simply ignore that discussion until it lands in devel with a
change proposal.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
___
devel mailing list
o while we wait for
something better, we will have to use the least worst.
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fe
ontact the current maintainer first.
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedor
list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
___
oname breakage should not happen in stable releases...
liblua should be rebuilt to provide the older so name and if not
possible with the new code, reverted back via epoch change or some
patching
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
andling timeouts
and then handling the case a user space process was slow and ignoring
late replies.
Not sure this is really a good point given waiting indefinitely for a
user space program that hangs for some reason seems worse to me.
When I had to code a call from k
supported likewise will use the old
kernel + custom initrd, you just disable secure boot.
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fe
e your HW carefully you may even be able to register
your own public keys, generate and sign your own built UKIs and re-
enable SecureBoot after that... your choice!
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
___
devel mailing list --
standard configuration that requires really no special
drivers... the only issue probably being the use of LVM for the root
filesystem, which I hope we'll have a way to deal with (but I can do
without on the laptop).
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
___
ect/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
--
Si
lematic crate.
Although vendored crates can be tracked (this i much better than
copy/pasting), with additional tooling, the distribution remains on the
hook for solving the same problem in N packages, without easy
coordination. Some upstream may be quick and do the work for you, some
may not
ial
timing attacks.
The only caveat is if the "pure rust" implementation actually embeds
assembly optimization for modular arithmetic that are explicitly
addressing constant time computation.
I am not aware of that being the case in any rust libraries yet.
Simo.
--
Simo Sorce
RHEL Cr
On Sun, 2022-11-20 at 19:24 -0500, Demi Marie Obenour wrote:
> On 11/20/22 17:40, Simo Sorce wrote:
> > On Sun, 2022-11-20 at 17:22 -0500, Demi Marie Obenour wrote:
> > > On 11/20/22 07:24, Bojan Smojver via devel wrote:
> > > > Now that nss 3.85 has been built, I tho
, because nss was too old at the time.
>
> Has switching to bundled NSS been considered? For browsers anything
> that holds up an update is very, *very* bad.
Casually handling crypto libraries is very, *very* worse.
Simo.
--
Simo Sorce
ke
> > them?
> > Simply changing rpmbuild to set timestamp to 0 for all contained files, or
> > removing the time attribute from the RPM format completely?
>
> This is what ostree has done since its inception.
And it broke some software, I know because i had to fix it.
Sim
e no prejudice about x509 because I also have no clue
> about it. Ditto for Signify, which often gets brought up in these
> discussions.
>
> And yet, that all is largely irrelevant for the subject at hand: no
> matter what, rpm will need OpenPGP support for years to come be
y high priority item because the hobbling works
fine but we will get there, and hopefully we'll get to a point where we
do not need to disable as much stuff either.
But no promises right now, resources are what they are and we are not
aware of actual issues caused by hobbling.
Simo.
--
Simo Sorce
R
2 separate keys (if Feodra Infra will allow
that), but not everyone has the means to do that.
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedor
cases for
container images because it is much smaller than OpenSSL.
Finally nettle could even be statically built into sequoia (together
with gmp) if we need even smaller footprint or we are concerned about
potential rpm breakage during upgrades.
I am not saying we want to do this, but it is
re you going to maintain it till Fedora 50 in the meantime?
Simo.
> --
> Miro Hrončok
> --
> Phone: +420777974800
> IRC: mhroncok
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to
that command and then
> patch it. It could be e.g. systemd/logind.
Is this an upstream change?
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email t
On Thu, 2022-04-07 at 15:26 -0400, Neal Gompa wrote:
> On Thu, Apr 7, 2022 at 3:16 PM Simo Sorce wrote:
> >
> > On Thu, 2022-04-07 at 16:16 +0200, Zbigniew Jędrzejewski-Szmek wrote:
> > > On Thu, Apr 07, 2022 at 10:58:29AM +0200, Peter Boy wrote:
> > > >
&g
t; in a testable way, and then switch to UEFI as the default in as many
> places as possible. Then we can talk about dropping support for BIOS,
> taking into account how many users are still left with BIOS-only
> hardware.
FWMOIW this sounds like the most reasonable comment I have seen he
plore
> alternative boot loader like systemd-boot (mainly for x86-64
> architecture and useful for desktop and workstation) and rEFi (?) to
> further reduce the code burden.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
___
devel mailing lis
idia drivers anyway, so clicking
> to accept the key isn't too much of a hurdle to jump through at that
> point.
There is potentially an even easier solution.
Ideally dkms (or whatever) could simply generate a key, sign the module
and manage to get the public key in the right place so
t Guidelines:
> https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
--
Simo Sorce
RHEL Crypto Team
ail to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fed
On Mon, 2022-03-14 at 16:35 +, José Abílio Matos wrote:
> On Monday, 14 March 2022 11.04.56 WET Simo Sorce wrote:
> > Have you tried setting crypto policies to LEGACY in case the server is
> > old and supports only bad cryptography?
> >
> > Simo.
>
> How
es/list/devel@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send
On Sat, 2022-03-12 at 10:15 +0100, Florian Weimer wrote:
> * Simo Sorce:
>
> > On Fri, 2022-03-11 at 13:52 +, Peter Robinson wrote:
> > > > On Thu, Mar 10, 2022 at 9:45 AM Colin Walters
> > > > wrote:
> > > > > Long term if Bugzilla slo
IMO.
And just to be clear I am both a *heavy* Jira and Bugzilla user
(including writing automation for both and other stuff via bots) for
work, so I think I can say I know what I am talking about.
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
___
d
On Thu, 2022-03-10 at 19:28 +0100, Dominik 'Rathann' Mierzejewski
wrote:
> On Thursday, 10 March 2022 at 17:51, Simo Sorce wrote:
> [...]
> > Also I always resented that I need two separate accounts to deal with
> > Fedora packages,
>
> It's been possible to log
means we can
easily connect commits/PRs/MRs to the issues meaning our issue tracker
a lot more useful, and will allow us to have better content also in our
updates, where today associating an update to an issue (a bz) is not
happening as well as it could.
HTH,
Simo.
--
Simo Sorce
RHEL Crypto
f-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
--
Simo
d. It works well, and
> I don't need 32-bit libs on my host system at all, which is nice.)
Wouldn't wine problem be solved by providing the 32bit version as a
flatpak if still needed for some corner cases?
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
_
of time
> (say 5 years?) as a starting point.
Some may be backups for others, and do not normally create builds but
collaborate to the maintenance via patches.
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
___
devel mailing list -- deve
On Thu, 2022-02-03 at 22:02 +, Luca Boccassi wrote:
> > On 03. 02. 22 16:36, Simo Sorce wrote:
> >
> > I've just tried to build python-gssapi with notes enabled after
> > krb5 was fixed
> > and it builds fine.
> >
> > See https://src.fedoraproject.o
On Thu, 2022-02-03 at 16:22 +0100, Petr Pisar wrote:
> V Thu, Feb 03, 2022 at 09:26:09AM -0500, Simo Sorce napsal(a):
> > On Thu, 2022-02-03 at 15:15 +0100, Petr Pisar wrote:
> > > V Thu, Feb 03, 2022 at 08:56:20AM -0500, Simo Sorce napsal(a):
> > > > On Thu, 2022
On Thu, 2022-02-03 at 15:15 +0100, Petr Pisar wrote:
> V Thu, Feb 03, 2022 at 08:56:20AM -0500, Simo Sorce napsal(a):
> > On Thu, 2022-02-03 at 10:09 +0100, Florian Weimer wrote:
> > > * Richard W. M. Jones:
> > >
> > > > Thinking about this a bit m
e it is nice to discuss future options, do we have a way to fix
FTBFS's in rawhide _now_ ?
My time is limited and I want to upgrade one of my packages and this is
blocking me.
Is opening a FESCO ticket the only way ?
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
/builddir/build/BUILD/.package_note-krb5-1.19.2-4.fc36.1.x86_64.ld: No
such file or directory
How do I solve this?
I need to update to a new version of python-gssapi but I cvan't build
it right now.
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
s needed and
get over the "dbus steals my knowledge" issue.
Steve,
what would it take for auditd to trust systemd's information?
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
___
devel mailing list -- devel@lists.fedoraproject.org
e magic markers in the kernel side and will instead be the
systemd process.
This breaks the audit log chain, as there is no way to audit that
systemd is operating on behalf of that user. The audit trail chain is
broken by the systemcl -> systemd jump.
This is the problem that need to be s
On Thu, 2022-01-06 at 20:01 +, Zbigniew Jędrzejewski-Szmek wrote:
> On Thu, Jan 06, 2022 at 01:17:01PM -0500, Simo Sorce wrote:
> > On Thu, 2022-01-06 at 18:02 +, Zbigniew Jędrzejewski-Szmek wrote:
> > > On Thu, Jan 06, 2022 at 08:48:52AM -0800, Adam Williamson wrote:
&g
"who" is the user, not the script.
The problem of going through systemctl is that the "who" is lost
because all the audit system can see is that systemd started the
action. Basically the communication between systemctl and systemd masks
the identity of the user that initiated t
d an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@li
/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
ps://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> ht
checksum to only detect network transmission issues is
not a problem, and is not under the purview of the FIPS certification.
As mentioned above the actual packages are still finally reassembled
and the signature checked, so that is what matters in terms of security
(those algorithms and computations n
implementation the
same and handles them all with a single plugin.
It's be nice if NM renamed it's plugin to something that just uses the
name IPsec, it would avoid a lot of confusion.
HTH,
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
___
devel mai
is indefensible, don't go there.
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedorapr
are
transmitted, including credentials.
A weak session key will allow store and later decryption of
communications, therefore retrieval of sensitive data.
HTH,
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
___
devel mailing list -- devel@list
:
> V Wed, Sep 08, 2021 at 09:01:42AM -0400, Simo Sorce napsal(a):
> > If I try to do this I get an error:
> > # grub2-editenv - set menu_auto_hide=1
> > grub2-editenv: error: environment block too small.
> >
> > What the issue here ?
>
> Perhaps /boot/grub2
c33.x86_64
- package perl-libs-4:5.32.1-471.module_f35+12589+8a7d3254.x86_64 is
filtered out by modular filtering
- package perl-libs-4:5.32.1-471.module_f35+12574+98410e7f.x86_64 is
filtered out by modular filtering
(try to add '--skip-broken' to skip uninstallable packages)
HTH,
Simo.
--
Simo
On Wed, 2021-09-08 at 15:23 +0200, Petr Pisar wrote:
> V Wed, Sep 08, 2021 at 09:01:42AM -0400, Simo Sorce napsal(a):
> > If I try to do this I get an error:
> > # grub2-editenv - set menu_auto_hide=1
> > grub2-editenv: error: environment block too small.
> &g
__
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
&g
On Tue, 2021-08-03 at 07:52 -0400, Neal Gompa wrote:
> On Tue, Aug 3, 2021 at 7:10 AM Simo Sorce wrote:
> >
> > On Tue, 2021-08-03 at 06:50 -0400, Neal Gompa wrote:
> > > On Tue, Aug 3, 2021 at 5:59 AM Simo Sorce wrote:
> > > >
> > > > On
On Tue, 2021-08-03 at 06:50 -0400, Neal Gompa wrote:
> On Tue, Aug 3, 2021 at 5:59 AM Simo Sorce wrote:
> >
> > On Mon, 2021-08-02 at 17:43 -0400, Neal Gompa wrote:
> > > On Mon, Aug 2, 2021 at 5:39 PM Stephen Gallagher
> > > wrote:
> > > >
>
On Mon, 2021-08-02 at 17:43 -0400, Neal Gompa wrote:
> On Mon, Aug 2, 2021 at 5:39 PM Stephen Gallagher wrote:
> >
> > On Mon, Aug 2, 2021 at 11:11 AM Simo Sorce wrote:
> > >
> > > I think at this stage it may be safer to defer to F36, and land OpenSSL
>
ines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
On Wed, 2021-07-14 at 14:13 -0400, Paul Wouters wrote:
> On Mon, 12 Jul 2021, Simo Sorce wrote:
>
> > > SQLite is a general-purpose tool. Not every use of SHA-1 is
> > > cryptographically relevant. Most uses in the context of SQLite probably
> > > aren't,
On Mon, 2021-07-12 at 16:53 +0200, Ondrej Mosnacek wrote:
> On Mon, Jul 12, 2021 at 4:32 PM Simo Sorce wrote:
> >
> > Hello,
> > I just rebased libkcapi in Rawhide, without realizing there was an ABI
> > change.
> > The ABI change should affect only S390 but I
Apologies if any build will have issues between today and when I will
be able to handle it, if you have any concerns please let me know.
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubs
at this is a Sqlite decision, from RHEL engineering we only
requested the removal in digital signatures and where integrity
protection is required for security.
Also note that we do not require full removal, just that SHA-1 is not
used unless users intentionally chang
ct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
--
Simo Sorce
RHEL Cr
fix the FAS account if really
needed.
OTP cannot be reversed by users themselves, but admins can fix it if
really needed.
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an ema
pak, and
> the overlayfs is dynamic instead of static.
Having a couple of user containers using podman now occupying a lot of
space in my user home, I would appreciate this option.
It would be *especially* nice if it were possible to *rebase* (a la
git) such containers to a later fedora release
yota, as uses can still log in after
install and re-enable root login with passwords, or use a kickstart
file to do the same.
If this is being done because maintaining the option for Anaconda
developers then just say that. Otherwise do not do this change and let
people that need it for convenience
__
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guide
On Mon, 2021-04-19 at 18:24 +0100, Daniel P. Berrangé wrote:
> On Mon, Apr 19, 2021 at 01:12:07PM -0400, Simo Sorce wrote:
> > On Mon, 2021-04-19 at 12:02 +0100, Richard W.M. Jones wrote:
> > > On Mon, Apr 19, 2021 at 06:00:38PM +0800, Kairui Song wrote:
> > > > 2. L
here Argon2
> used too much memory for our small appliance when opening LUKS2 disks.
> We had to simply increase the amount of memory reserved, which is far
> from ideal.
Or you could switch to use PBKDF2, it is still a supported and
reasonable option.
previous DB should remain
available. We do not really have a way to convert back though,
modifying the migrations script to go ther way around should be
possible, but unclear if that is really required as you have a backup
of th user's db at time of migration.
> 2) I'm curious why GDBM was cho
*you asked for*.
> >
> > Thanks,
> > --Robbie
>
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproje
tual packages I have
currently installed.
In short, I am not amused by this proposal, it is about removing an
extremely useful tool.
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscrib
hread where the exact same question was asked also aggresively *and*
responded to by Ben Cotton ...
Troll much ?
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send
On Fri, 2021-01-15 at 14:22 -0500, Colin Walters wrote:
>
> On Fri, Jan 15, 2021, at 9:47 AM, Simo Sorce wrote:
> > There is of course no problem to have it in Fedora, but if this is
> > something that is going to end up in RHEL one day, it would be better
> > to do the
On Fri, 2021-01-15 at 09:33 -0600, Michael Catanzaro wrote:
> On Fri, Jan 15, 2021 at 9:47 am, Simo Sorce wrote:
> > Which is one of the reasons we do not admit boringssl in RHEL.
> >
> > There is of course no problem to have it in Fedora, but if this is
> > someth
__
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fed
On Fri, 2020-12-04 at 11:59 -0700, Jerry Snitselaar wrote:
> Simo Sorce @ 2020-12-04 07:32 MST:
>
> > On Fri, 2020-12-04 at 14:08 +, Peter Robinson wrote:
> > > On Fri, Dec 4, 2020 at 2:04 PM Simo Sorce wrote:
> > > > On Thu, 2020-12-03 at 21:25 +, Pet
On Fri, 2020-12-04 at 14:08 +, Peter Robinson wrote:
> On Fri, Dec 4, 2020 at 2:04 PM Simo Sorce wrote:
> > On Thu, 2020-12-03 at 21:25 +, Peter Robinson wrote:
> > > > We are looking to no longer support TPM1.2 in RHEL9. Than raised the
> > > > ques
1 - 100 of 669 matches
Mail list logo