security of the lookaside cache (was: frafra uploaded yumex-dnf-4.1.6.tar.gz for yumex-dnf)

2015-12-30 Thread Björn Persson
Tim Lauridsen wrote: > How do i handle a situation where someone, without my knowledge > uploads new sources to one of my projects. It could be a security > problem ? While I trust that Francesco had only good intentions, the general question remains: Is it possible to modify a package without

Re: security of the lookaside cache (was: frafra uploaded yumex-dnf-4.1.6.tar.gz for yumex-dnf)

2015-12-30 Thread Kevin Fenzi
On Wed, 30 Dec 2015 19:38:35 +0100 Björn Persson wrote: > Tim Lauridsen wrote: > > How do i handle a situation where someone, without my knowledge > > uploads new sources to one of my projects. It could be a security > > problem ? > > While I trust that Francesco

Re: Firefox build?

2015-12-30 Thread Bojan Smojver
Neal Gompa gmail.com> writes: > Is there a simple way to test if the issue is a problem on Fedora? I > don't even know of any sites with TLS 1.2 using MD5 signatures, > especially when Chrome "broke" signatures that weren't SHA-256 or > better for SSLv3 and stronger a year ago... I guess one

Re: security of the lookaside cache (was: frafra uploaded yumex-dnf-4.1.6.tar.gz for yumex-dnf)

2015-12-30 Thread Pierre-Yves Chibon
On Wed, Dec 30, 2015 at 07:38:35PM +0100, Björn Persson wrote: > Tim Lauridsen wrote: > > How do i handle a situation where someone, without my knowledge > > uploads new sources to one of my projects. It could be a security > > problem ? > > While I trust that Francesco had only good intentions,

Re: security of the lookaside cache

2015-12-30 Thread Björn Persson
Kevin Fenzi wrote: > On Wed, 30 Dec 2015 19:38:35 +0100 > Björn Persson wrote: > > Without commit access to Git the attacker couldn't edit the sources > > file, so – assuming that everything that uses the lookaside cache > > bothers to verify the checksum – the

Re: security of the lookaside cache (was: frafra uploaded yumex-dnf-4.1.6.tar.gz for yumex-dnf)

2015-12-30 Thread Mathieu Bridon
On Wed, 2015-12-30 at 20:09 +0100, Pierre-Yves Chibon wrote: > On Wed, Dec 30, 2015 at 07:38:35PM +0100, Björn Persson wrote: > > But still, why are we still using MD5? > > For the record bochecha has been leading the move away from md5 to > sha, making the changes in such a way that it will give

rawhide report: 20151230 changes

2015-12-30 Thread Fedora Rawhide Report
Compose started at Wed Dec 30 05:15:02 UTC 2015 Broken deps for i386 -- [IQmol] IQmol-2.3.0-9.fc24.i686 requires libboost_serialization.so.1.58.0 IQmol-2.3.0-9.fc24.i686 requires libboost_iostreams.so.1.58.0

Re: Fwd: frafra uploaded yumex-dnf-4.1.6.tar.gz for yumex-dnf

2015-12-30 Thread Francesco Frassinelli
> How do i handle a situation where someone, without my knowledge uploads > new sources to one of my projects. It could be a security problem ? Sorry Tim and sorry everyone for this false alarm. I was playing with fedpkg and I realized I could upload new sources; I thought I could provide a

Re: frafra uploaded yumex-dnf-4.1.6.tar.gz for yumex-dnf

2015-12-30 Thread Michael Schwendt
On Tue, 29 Dec 2015 21:15:12 -0700, Orion Poplawski wrote: > On 12/28/2015 02:35 AM, Tim Lauridsen wrote: > > How do i handle a situation where someone, without my knowledge uploads > > new sources to one of my projects. It could be a security problem ? > > > > Tim > > Email the person and ask

Fedora Rawhide 20151230 compose check report

2015-12-30 Thread Fedora compose checker
Missing expected images: Cloud_atomic disk raw x86_64 No images in this compose but not Rawhide 20151229 Images in Rawhide 20151229 but not this: Mate live i386 Failed openQA tests: 3 of 61 ID: 2023Test: i386 kde_live default_install URL: https://openqa.fedoraproject.org/tests/2023

[EPEL-devel] Re: Additional python34 components for epel7

2015-12-30 Thread Orion Poplawski
On 12/30/2015 10:00 AM, Orion Poplawski wrote: > On 12/30/2015 12:16 AM, Denis Fateyev wrote: >> Actually, I've opened a bug against 'msgpack': >> https://bugzilla.redhat.com/show_bug.cgi?id=1290393 >> >> What we actually need is to clarify and officially approve python3 epel >> proposal and

[EPEL-devel] Re: Additional python34 components for epel7

2015-12-30 Thread Orion Poplawski
On 12/30/2015 12:16 AM, Denis Fateyev wrote: > Actually, I've opened a bug against 'msgpack': > https://bugzilla.redhat.com/show_bug.cgi?id=1290393 > > What we actually need is to clarify and officially approve python3 epel > proposal and guidelines, to start packaging things for epel7. > > I'm

[Bug 1292061] Review Request: perl-POE-Loop-Event - Bridge that allows POE to be driven by Event.pm

2015-12-30 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1292061 --- Comment #9 from Fedora Update System --- perl-POE-Loop-Event-1.305-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. -- You are

[EPEL-devel] Fedora EPEL 7 updates-testing report

2015-12-30 Thread updates
The following Fedora EPEL 7 Security updates need testing: Age URL 296 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 88 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-925e9374c9 python-pymongo-3.0.3-1.el7 59

[Bug 1294915] New: perl-Dumbbench-0.10 is available

2015-12-30 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1294915 Bug ID: 1294915 Summary: perl-Dumbbench-0.10 is available Product: Fedora Version: rawhide Component: perl-Dumbbench Keywords: FutureFeature, Triaged Assignee:

[Bug 1294915] perl-Dumbbench-0.10 is available

2015-12-30 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1294915 --- Comment #1 from Upstream Release Monitoring --- Failed to kick off scratch build. cmd: spectool -g /var/tmp/thn-sw_QE4/perl-Dumbbench.spec return code: 22 stdout: Getting

python-macros review

2015-12-30 Thread Orion Poplawski
I've submitted a review for a separate python-macros package here: https://bugzilla.redhat.com/show_bug.cgi?id=1294904 This is what the FPC approved here https://fedorahosted.org/fpc/ticket/567#comment:12 to be added to the Fedora buildroots to provide the %python3_pkgversion macro needed for

Re: python-macros review

2015-12-30 Thread Orion Poplawski
On 12/30/2015 02:48 PM, Neal Gompa wrote: > On Wed, Dec 30, 2015 at 3:46 PM, Orion Poplawski wrote: >> I've submitted a review for a separate python-macros package here: >> >> https://bugzilla.redhat.com/show_bug.cgi?id=1294904 >> >> This is what the FPC approved here >>

[Bug 1291677] perl-Regexp-Grammars-1.043 is available

2015-12-30 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1291677 --- Comment #3 from Fedora Update System --- perl-Regexp-Grammars-1.044-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. -- You are

[Bug 1291677] perl-Regexp-Grammars-1.043 is available

2015-12-30 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1291677 Fedora Update System changed: What|Removed |Added Status|ON_QA

[Bug 1293114] perl-Net-SSH2-0.58 is available

2015-12-30 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1293114 --- Comment #3 from Fedora Update System --- perl-Net-SSH2-0.58-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving

[Bug 1292874] perl-Test-PostgreSQL: please add f22 branch

2015-12-30 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1292874 --- Comment #3 from Fedora Update System --- perl-Test-PostgreSQL-1.06-3.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. -- You are