Re: libelf now depends on openssl

2021-01-15 Thread Simo Sorce
On Fri, 2021-01-15 at 14:22 -0500, Colin Walters wrote: > > On Fri, Jan 15, 2021, at 9:47 AM, Simo Sorce wrote: > > There is of course no problem to have it in Fedora, but if this is > > something that is going to end up in RHEL one day, it would be better > > to do the

Re: libelf now depends on openssl

2021-01-15 Thread Simo Sorce
On Fri, 2021-01-15 at 09:33 -0600, Michael Catanzaro wrote: > On Fri, Jan 15, 2021 at 9:47 am, Simo Sorce wrote: > > Which is one of the reasons we do not admit boringssl in RHEL. > > > > There is of course no problem to have it in Fedora, but if this is > > someth

Re: libelf now depends on openssl

2021-01-15 Thread Simo Sorce
__ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fed

Re: Fedora TPM1.2 Support

2020-12-04 Thread Simo Sorce
On Fri, 2020-12-04 at 11:59 -0700, Jerry Snitselaar wrote: > Simo Sorce @ 2020-12-04 07:32 MST: > > > On Fri, 2020-12-04 at 14:08 +, Peter Robinson wrote: > > > On Fri, Dec 4, 2020 at 2:04 PM Simo Sorce wrote: > > > > On Thu, 2020-12-03 at 21:25 +, Pet

Re: Fedora TPM1.2 Support

2020-12-04 Thread Simo Sorce
On Fri, 2020-12-04 at 14:08 +, Peter Robinson wrote: > On Fri, Dec 4, 2020 at 2:04 PM Simo Sorce wrote: > > On Thu, 2020-12-03 at 21:25 +, Peter Robinson wrote: > > > > We are looking to no longer support TPM1.2 in RHEL9. Than raised the > > > > ques

Re: Fedora TPM1.2 Support

2020-12-04 Thread Simo Sorce
; > how everyone felt. > > I think it should be dropped, tpm2 has been shipped in hardware for 5+ > years and tpm1 has security issues, so I think the time is now to drop > it. Please do a Fedora Change proposal to ensure it's communicated > properly. Won't that hurt people that have k

Re: Should the default editor be changed from vi to nano on upgrades to Fedora 33+

2020-12-04 Thread Simo Sorce
la.redhat.com/show_bug.cgi?id=1896707#c13 > > "dnf remove nano-default-editor". Alternatively, you can set "export > > EDITOR=vim" in your ~/.bash_profile Shouldn't we just set export EDITOR=nano in the default profile and leave existing users alone? I cannot se

Re: video meeting to discuss Matrix/Element and IRC

2020-11-20 Thread Simo Sorce
On Fri, 2020-11-20 at 09:14 -0800, Adam Williamson wrote: > On Fri, 2020-11-20 at 08:32 -0500, Simo Sorce wrote: > > On Thu, 2020-11-19 at 23:14 -0500, Matthew Miller wrote: > > > On Fri, Nov 20, 2020 at 02:06:46AM +0100, Dominik 'Rathann' Mierzejewski > > > wrote: >

Re: Fedora 34 Change: Route all Audio to PipeWire (System-Wide Change)

2020-11-20 Thread Simo Sorce
* Contingency deadline: beta freeze > * Blocks release? No > * Blocks product? No > > > == Documentation == > [https://pipewire.org](PipeWire website) > [https://www.youtube.com/watch?v=8LZt4loZu64=14s](Video with Current status) > [https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/master/IN

Re: Fedora 34 Change: GNU Toolchain update (gcc 11, glibc 2.33) (System-Wide Change)

2020-11-20 Thread Simo Sorce
=NEWS;hb=HEAD > > > -- > Ben Cotton > He / Him / His > Senior Program Manager, Fedora & CentOS Stream > Red Hat > TZ=America/Indiana/Indianapolis > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an

Re: video meeting to discuss Matrix/Element and IRC

2020-11-20 Thread Simo Sorce
ed to start Your Element is misconfigured Invalid homeserver discovery response Sounds like if you already are a user it works, otherwise not -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fe

Re: INVALID USER jden...@redhat.com / FAS jdennis

2020-11-18 Thread Simo Sorce
ainer: > > > > https://src.fedoraproject.org/rpms/python-nss > > My motivation here is to either get this package orphaned/retired or > maintained > by a new maintainer. The former is more likely. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc __

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

2020-11-16 Thread Simo Sorce
ist -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: &

Re: Deprecating SCP

2020-11-02 Thread Simo Sorce
ibcurl to slowly move scp:// to be using the sftp protocol instead ? Or they could simply deprecate it, and then users will have to change their config to say sftp:// For something like libcurl the latter is probably more appropriate anyway. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, I

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-10-02 Thread Simo Sorce
On Fri, 2020-10-02 at 00:50 +0200, Marius Schwarz wrote: > Am 01.10.20 um 19:36 schrieb Simo Sorce: > > That said, > > if it really is an internal DNS and there are strong policies around it > > I assume that the perimeter or the local machine firewall will be > > conf

Re: Thunderbird with mail.corp.redhat.com does not work on Fedora 33

2020-10-02 Thread Simo Sorce
On Thu, 2020-10-01 at 20:10 +0100, Tom Hughes wrote: > On 01/10/2020 20:02, Simo Sorce wrote: > > > You mean Fedora 33 release notes ? > > We already blocked things like TLS1.0/1.1 in previous Fedras, and that > > had a larger impact on legacy enterprise

Re: Thunderbird with mail.corp.redhat.com does not work on Fedora 33

2020-10-01 Thread Simo Sorce
On Thu, 2020-10-01 at 18:08 +, Gary Buhrmaster wrote: > On Thu, Oct 1, 2020 at 5:21 PM Simo Sorce wrote: > > > Note that at this point in time (2020), this is a server bug not a > > Fedora policy problem. > > Regardless, as (especially) corporate servi

Re: Thunderbird with mail.corp.redhat.com does not work on Fedora 33

2020-10-01 Thread Simo Sorce
On Thu, 2020-10-01 at 14:01 -0400, Simo Sorce wrote: > On Thu, 2020-10-01 at 19:47 +0200, Miro Hrončok wrote: > > On 01. 10. 20 19:20, Simo Sorce wrote: > > > and the policy affects all software on the system, not just thunderbird > > > ... > > > > I

Re: Thunderbird with mail.corp.redhat.com does not work on Fedora 33

2020-10-01 Thread Simo Sorce
On Thu, 2020-10-01 at 19:47 +0200, Miro Hrončok wrote: > On 01. 10. 20 19:20, Simo Sorce wrote: > > and the policy affects all software on the system, not just thunderbird ... > > Is it possible to workaround the problem in Thunderbird only? Only if thunderbrind provides a confi

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-10-01 Thread Simo Sorce
n may cause this fallback to kick in. The occurrence is probably rare enough not to be a problem in practice at least from the pov of GDPR. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists

Re: Thunderbird with mail.corp.redhat.com does not work on Fedora 33

2020-10-01 Thread Simo Sorce
o unsubscribe send an email to devel-le...@lists.fedoraproject.org > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List A

Re: splitting out systemd-networkd, systemd-standalone-{sysusers,tmpfiles} subpackages in F33+

2020-09-30 Thread Simo Sorce
il to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@list

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-29 Thread Simo Sorce
. This is true, but much less so for standard RFCs. > So please keep that in mind when considering discussing DNS. Always use a grain of salt with *any* standards, even ISO standards are often made by mandatory and optional parts, and somet

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-29 Thread Simo Sorce
On Tue, 2020-09-29 at 20:01 +0200, Lennart Poettering wrote: > On Di, 29.09.20 13:56, Simo Sorce (s...@redhat.com) wrote: > > > On Tue, 2020-09-29 at 12:59 +0200, Lennart Poettering wrote: > > > On Di, 29.09.20 03:49, John M. Harris Jr (joh...@splentity.com) wrote: > >

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-29 Thread Simo Sorce
he café broken wifi. Maybe the way to do this is to provide a different switch that say something like "I trust this connection to protect my privacy". Then if you do not want to trust the DNS provided by the VPN for everything, you can toggle that one off (default would be on), and that will ca

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-29 Thread Simo Sorce
On Tue, 2020-09-29 at 16:35 +, Zbigniew Jędrzejewski-Szmek wrote: > On Mon, Sep 28, 2020 at 02:20:46PM -0400, Simo Sorce wrote: > > On Mon, 2020-09-28 at 13:32 +, Zbigniew Jędrzejewski-Szmek wrote: > > > On Mon, Sep 28, 2020 at 07:57:13AM -0500, Ian Pilcher wrote: >

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-29 Thread Simo Sorce
vided as search domain by the VPN so that they automatically are searched for via the VPN (and flushed at the time) when the VPN comes up? In split DNS situation fan out is quite bad because you can get completely different answers, where generally the VPN has the correct answer for you bu

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-29 Thread Simo Sorce
On Tue, 2020-09-29 at 10:19 +0200, Lennart Poettering wrote: > On Mo, 28.09.20 14:29, Simo Sorce (s...@redhat.com) wrote: > > > On Mon, 2020-09-28 at 16:02 +0100, Tom Hughes via devel wrote: > > > On 28/09/2020 15:57, Marius Schwarz wrote: > > > > Am 2

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-28 Thread Simo Sorce
breaking working systems for people, at the very least it should be very high on priority, not downplayed to irrelevance (as that is the route for never fixing it, and having people always disable resolved as a matter of fact) -- Simo Sorce RHEL Crypto Team Red Hat, Inc __

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-28 Thread Simo Sorce
on-default, systemd-resolved may decide to break anything it wants, but once you decide you want to be the default in a system, then standard compliance becomes paramount. Of course systemd-resolved can deviate *optionally*, but the default needs to be compliant, which means returning all records the client

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-28 Thread Simo Sorce
probably > > observable for some jboss.org subdomains for Red Hatters, but I > > don't > > work in that area, so I don't have a good example at hand). > > Yes, that's true. And there's not currently any good solution to that > without resor

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-28 Thread Simo Sorce
ed out it is also reasonably simple to detect if the local network have bad DNS servers ... What am I missing ? Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to de

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-28 Thread Simo Sorce
doesn't change the DNS server or domain, so I don't bother > > editing resolv.conf to remove this comment. I'm relatively certain that > > this is a common pattern. > > Yeah, that test is far from ideal, but we need something. If you have > a constructive proposal how to improve

Re: compat-openssl11 vs openssl1.1

2020-09-16 Thread Simo Sorce
your fear, seek only peace > in your fear, seek only love > -d. bowie > > Sent with ProtonMail Secure Email. > > ‐‐‐ Original Message ‐‐‐ > On Wednesday, September 16, 2020 1:24 PM, Simo Sorce wrote: > > > On Wed, 2020-09-16 at 12:41 -0500, Michael Catanzaro wrot

Re: compat-openssl11 vs openssl1.1

2020-09-16 Thread Simo Sorce
On Wed, 2020-09-16 at 12:41 -0500, Michael Catanzaro wrote: > On Wed, Sep 16, 2020 at 1:37 pm, Simo Sorce wrote: > > note that one of the dependencies is gnome-vfs2, itself a dependency > > for libgnome, which is a dependency for another dozen packages. > > > > All

Re: compat-openssl11 vs openssl1.1

2020-09-16 Thread Simo Sorce
note that one of the dependencies is gnome-vfs2, itself a dependency for libgnome, which is a dependency for another dozen packages. All of them will likely go away because gnome-vfs2 is unlikely to be changed. Simo. On Wed, 2020-09-16 at 12:56 -0400, Simo Sorce wrote: > Do we need a m

Re: compat-openssl11 vs openssl1.1

2020-09-16 Thread Simo Sorce
Ciesla > she/her/hers > > in your fear, seek only peace > in your fear, seek only love > -d. bowie > > Sent with ProtonMail Secure Email. > > ‐‐‐ Original Message ‐‐‐ > On Wednesday, September 16, 2020 11:32 AM, Simo Sorce wrote: > >

Re: compat-openssl11 vs openssl1.1

2020-09-16 Thread Simo Sorce
On Wed, 2020-09-16 at 14:58 +0200, Miro Hrončok wrote: > On 16. 09. 20 14:29, Simo Sorce wrote: > > Indeed compat-openssl10 really should go. > > If there are still packages depending on it they should be ported or > > dropped at this point. > > Openssl1.0.2 is unm

Re: compat-openssl11 vs openssl1.1

2020-09-16 Thread Simo Sorce
n the Fedora package anymore. OpenSSL 1.0 does not support things lie TLS 1.3 or system-wide crypto policies. Frankly at this point it is just a liability to continue offering it. I'll file a bugzilla to ask to retire it from rawhide. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc __

Re: compat-openssl11 vs openssl1.1

2020-09-15 Thread Simo Sorce
edoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists

Re: RFC7919 Diffie-Hellman parameters in Fedora

2020-08-24 Thread Simo Sorce
On Mon, 2020-08-24 at 19:29 +0200, Christopher Engelhard wrote: > On 24.08.20 18:43, Simo Sorce wrote: > > On Fri, 2020-08-21 at 16:13 +0200, Christopher Engelhard wrote: > > We already are making it easier in some ways, but feel free to open a > > bug if there are sp

Re: RFC7919 Diffie-Hellman parameters in Fedora

2020-08-24 Thread Simo Sorce
-- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Arc

Re: RFC7919 Diffie-Hellman parameters in Fedora

2020-08-24 Thread Simo Sorce
s mentioned, which are definitely more review than randomly selected parameters which often are more suspicious. If you are worried about DH I suggest you just disable it entirely and rely on RSA/ECDH key exchanges instead. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-07-27 Thread Simo Sorce
On Mon, 2020-07-27 at 09:20 -0400, Neal Gompa wrote: > On Mon, Jul 27, 2020 at 9:07 AM Simo Sorce wrote: > > On Sun, 2020-07-26 at 21:06 -0500, Michael Catanzaro wrote: > > > On Sun, Jul 26, 2020 at 6:15 pm, John M. Harris Jr > > > wrote: > > > >

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-07-27 Thread Simo Sorce
(I think that is a worthy goal) then it needs to be a thing that speaks DNS on UDP port 53 on 127.0.0.X and that address needs to be in resolv.conf as the nameserver address. Any other "solution" will just break a bunch of stuff unnecessarily. Simo. -- Simo Sorce RHEL Crypto

Re: Fedora 33 System-Wide Change proposal: Make btrfs the default file system for desktop variants

2020-07-09 Thread Simo Sorce
On Thu, 2020-07-09 at 13:32 -0700, Davide Cavalca via devel wrote: > On Thu, 2020-07-09 at 16:15 -0400, Simo Sorce wrote: > > However I have had bad kernels, power outages, loss of battery power > > (laptops on too long suspend) and other random reasons to force > > reboot &

Re: The future of legacy BIOS support in Fedora.

2020-07-09 Thread Simo Sorce
velopment hasn't generated their own key, and isn't signing their > > kernels locally? > > To be honest, I don't know. Do all UEFI secure boot implementations > allow you to add your own keys to the list of trusted keys? In theory they should, but the interface may be broken or overl

Re: Fedora 33 System-Wide Change proposal: Make btrfs the default file system for desktop variants

2020-07-09 Thread Simo Sorce
a desktop/laptop OS and therefore of the behavior of btrfs in those cases. Note, not saying btrfs should be avoided or anything, just that we need more data about those failure modes and how they affect btrfs before a change of defaults. My 2c, Simo. -- Simo Sorce RHEL Crypto Team Red

Re: The future of legacy BIOS support in Fedora.

2020-07-06 Thread Simo Sorce
otkeys that one is > actually listed if you hit '?' or 'h'. Ah this is good, sorry I must have misunderstood what you were saying. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsu

Re: The future of legacy BIOS support in Fedora.

2020-07-06 Thread Simo Sorce
__ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mai

Re: A few questions about a package update / policy questions / GCC 9 error

2020-06-11 Thread Simo Sorce
On Thu, 2020-06-11 at 20:21 +0200, Björn Persson wrote: > Simo Sorce wrote: > > If you really want to avoid the warning instead of ignoring it, you > > should change the code this way: > > > > strncpy(t->name, name, MAX_TUBE_NAME_LEN-1); > > if (t->name[MAX_

Re: A few questions about a package update / policy questions / GCC 9 error

2020-06-10 Thread Simo Sorce
On Wed, 2020-06-10 at 14:16 -0400, Simo Sorce wrote: > On Wed, 2020-06-10 at 20:01 +0200, Dan Čermák wrote: > > "Nathanael D. Noblet" writes: > > > > > Hello, > > > > > > I maintain beanstalkd which is a message server of sorts. It recent

Re: A few questions about a package update / policy questions / GCC 9 error

2020-06-10 Thread Simo Sorce
ing_list_guidelines > > List Archives: > > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedorap

Re: System-Wide Change proposal: CompilerPolicy Change

2020-06-05 Thread Simo Sorce
ly about it :-) One way you could use, if it works better, is to import archives and then reply from there, not sure if this is any less painful then replying from hyperkitty. Another way is to subscribe to the full list instead of digest but have an aggressive archive policy in evolution

Re: Fedora 33 System-Wide Change proposal: CompilerPolicy Change

2020-06-05 Thread Simo Sorce
g > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https:

Re: Supporting hibernation in Workstation ed., draft 1

2020-06-03 Thread Simo Sorce
On Wed, 2020-06-03 at 15:31 -0600, Chris Murphy wrote: > On Wed, Jun 3, 2020 at 1:07 PM Simo Sorce wrote: > > On Tue, 2020-06-02 at 21:58 -0700, John M. Harris Jr wrote: > > > On Tuesday, June 2, 2020 9:45:45 PM MST Chris Murphy wrote: > > > > On Tue, Jun 2, 2020

Re: Supporting hibernation in Workstation ed., draft 1

2020-06-03 Thread Simo Sorce
t; > > -- > > Chris Murphy > > -- > John M. Harris, Jr. > > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://do

Re: FSL license

2020-06-01 Thread Simo Sorce
riction which rules it out. > > Thanks Tom. We'll see if we can speak to upstream about this. Ask them to use a standard open source license and not invent their own if they agree to drop the "non commercial" requirement. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___

Re: Is dist-git a good place for work?

2020-05-15 Thread Simo Sorce
ple if upstream force pushes, we still should have an audited command that saves the previous master as a branch and then allows a rebase). Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To u

Re: Is dist-git a good place for work?

2020-05-06 Thread Simo Sorce
n you have in dist-git + upstream objects count + these new branches metadata noise, form the pov of space used. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le

Re: Is dist-git a good place for work?

2020-05-05 Thread Simo Sorce
-- devel@lists.fedoraproject.org > > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >

Re: Feedback on default partitioning and encryption

2020-04-28 Thread Simo Sorce
ler cannot know whether additional user accounts > will be created in the future, so the installer does not know which > use-case it's installing for. ;) And people can change use over time. I do not see an easy way out here anyway, good luck! Simo. -- Simo Sorce RHEL Crypto Team

Re: Feedback on default partitioning and encryption

2020-04-28 Thread Simo Sorce
On Tue, 2020-04-28 at 13:18 -0600, Chris Murphy wrote: > On Tue, Apr 28, 2020 at 10:37 AM Simo Sorce wrote: > > I have a hard time commenting over the next 2 becuse it seem like the > > probelm is not just technical, but there is no clear vision of whether > > there is one

Re: Feedback on default partitioning and encryption

2020-04-28 Thread Simo Sorce
up with a single schema for "workstation" unless you narrow down the scope of workstation to a smaller set of use cases to the exclusion of the others. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproje

Re: CPE Git Forge Decision

2020-03-30 Thread Simo Sorce
ourselves into gitlab and the benevolence of the the gitlab company, and they ability to survive. When they will go away we'll be left with the pieces. But then it will be some future people that will have to deal with it. Good luck. /me absolut

Re: Effort to remove libdb

2020-01-16 Thread Simo Sorce
t Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- de

Re: List of long term FTBFS packages to be retired in February

2020-01-15 Thread Simo Sorce
___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject

Re: How to obsolede module?

2020-01-14 Thread Simo Sorce
s broke. The idea is to allow the sysadmin the ability to > decide if php-7.2 is right for them and when while allowing the > packager to get the newer version out sooner. This is fine, but then modules should have never been possible to install unintentionally, we already

Re: How to obsolede module?

2020-01-14 Thread Simo Sorce
unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.

Re: Fedora 32 System-Wide Change proposal: Drop Optical Media Release Criterion

2019-12-13 Thread Simo Sorce
USB booting" self-explanatorily tells you it is a small minority of basically broken hardware which should not block a whole release. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To

Re: Fedora 32 System-Wide Change proposal: Drop Optical Media Release Criterion

2019-12-13 Thread Simo Sorce
USB outlets, so it is unclear how this would make Fedora not installable. Any machine so old to have optical media but not USB is probably already not working due to other factors like being i686 only). Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc __

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

2019-12-12 Thread Simo Sorce
ovide acceptable > security in your setup, find another solution (such as a passphrase). You are making a blanket statement about the security of a solution without any analysis of the requirements, uniquely on a personal and arbitrary distaste for a technology, that is not really useful, please ref

Re: Please, IMHO, resolve in some way the Samba MIT kerberos problem.

2019-11-07 Thread Simo Sorce
onment long enough to > actually test. > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedorapro

Re: Modularity and the system-upgrade path

2019-10-11 Thread Simo Sorce
On Fri, 2019-10-11 at 09:56 +0200, Daniel Mach wrote: > On 10/7/19 8:55 PM, Simo Sorce wrote: > > I have to ask, > > given containers are so popular and can deal with any dependency > > without conflicting with system installed binaries, should we really > > continue

Re: FreeCAD required updates (PySide2 & Coin4)

2019-10-09 Thread Simo Sorce
y? > > How long would you wait if you were in my position? What should I have done > differently? > > FreeCAD has been in a terrible state in Fedora for years and after a crap > ton of work with getting PySIde2 into Fedora, updating the Coin stack I > would like to be able to ship

Re: Modularity and the system-upgrade path

2019-10-07 Thread Simo Sorce
On Mon, 2019-10-07 at 14:59 -0400, Stephen Gallagher wrote: > On Mon, Oct 7, 2019 at 2:56 PM Simo Sorce wrote: > > > > I have to ask, > > given containers are so popular and can deal with any dependency > > without conflicting with system installed binaries, sh

Re: Modularity and the system-upgrade path

2019-10-07 Thread Simo Sorce
pki-core:3.9" and > even later "pki-core:3.10". In this case the packages from > "pki-core:3.10" must have a safe upgrade path from both "pki-core:3.8" > and "pki-core:3.9" since we cannot guarantee or force our users to > update regularly and they migh

Re: Defining the future of the packager workflow in Fedora

2019-10-02 Thread Simo Sorce
adeoffs; I think the best is probably something closer to what > OpenEmbedded is doing with "layered" repos, not one gigantic dist-git > repo. > > It certainly seems to me the current Fedora setup is basically just > inertia from the first dist-cvs -> dist-git con

Re: Does anybody care about gettext?

2019-08-09 Thread Simo Sorce
On Fri, 2019-08-09 at 15:50 +0200, Miro Hrončok wrote: > Next time, I hope that FTBFS bugs for critical component are actually > actively > solved sooner than the retirement happens. We can try to be more aggressive > with > the reminders, but I don't know if that helps, because even

Re: HEADS UP: Source File Verification

2019-08-09 Thread Simo Sorce
On Thu, 2019-08-08 at 16:24 +0200, Björn Persson wrote: > Joe Orton wrote: > > If you don't enforce GPG verification at or before "fedpkg upload" there > > is no assurance that what hits the lookaside cache is trusted, so I > > agree - doing this at build time is a good example of not caring

Re: How do I remove GLIBCXX_ASSERTIONS?

2019-08-05 Thread Simo Sorce
On Fri, 2019-08-02 at 19:13 +0200, Björn 'besser82' Esser wrote: > Am Donnerstag, den 01.08.2019, 14:28 -0400 schrieb Steven A. Falco: > > The upstream KiCAD project has requested that I remove > > GLIBCXX_ASSERTIONS from the Fedora package, as described here: > >

Re: How do I remove GLIBCXX_ASSERTIONS?

2019-08-03 Thread Simo Sorce
ld find out what is causing those and fix the source of the bug, not hide it (it may cause memory corruption or worse down the road). Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-24 Thread Simo Sorce
e > agree :). This sounds like a useful change, can we make Fedora load this module by default in initrd before systemd starts? Will it help? Or is this module not adding into the entropy estimate as well ? Simo. -- Simo Sorce Sr. Principal Software Engineer

Re: announcing HTTPS pushing to dist-git/src.fedoraproject.org for packagers and non-packagers

2019-04-23 Thread Simo Sorce
On Mon, 2019-04-22 at 22:06 +0200, Patrick Uiterwijk wrote: > Hi Simo, > > On Mon, 22 Apr 2019 at 20:39, Simo Sorce wrote: > > > > Any reason why oidc is required instead of a simple GSSAPI (via > > mod_auth_gssapi) ? > > GSSAPI authentication won't re

Re: announcing HTTPS pushing to dist-git/src.fedoraproject.org for packagers and non-packagers

2019-04-22 Thread Simo Sorce
; devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives:

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-17 Thread Simo Sorce
nd loaded at kernel boot time ? Would this be a way to show upstream that this works and perhaps allow inclusion later on ? Simo. -- Simo Sorce Sr. Principal Software Engineer Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubsc

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-17 Thread Simo Sorce
e it is full it's full, and > it doesn't run empty anymore. > > > I think you're being harsh without really looking deeply into the problem. > > If > > we could set a sysctl to tell the kernel to use a TPM or increment entropy > > estimate when RDSEED is used, I'd agree we

Re: F30 Self-Contained Change proposal: libcrypt.so.1 (compatibility library for POSIX): Let encrypt, encrypt_r, setkey, setkey_r, and fcrypt return ENOSYS instead of performing any real operation

2019-01-15 Thread Simo Sorce
On Tue, 2019-01-15 at 14:51 +0100, Florian Weimer wrote: > * Simo Sorce: > > > On Tue, 2019-01-15 at 10:39 +0100, Florian Weimer wrote: > > > * Ben Cotton: > > > > > > > Remove real functionality from encrypt, encrypt_r, setkey, setkey_r, > > >

Re: F30 Self-Contained Change proposal: libcrypt.so.1 (compatibility library for POSIX): Let encrypt, encrypt_r, setkey, setkey_r, and fcrypt return ENOSYS instead of performing any real operation

2019-01-15 Thread Simo Sorce
YS" when invoked. > > encrypt rewrites its argument in place, so this will leave the argument > unencrypted. This does not seem a good idea, even if it's just DES. Maybe encrypt with AES and return an error anyway ? -- Simo Sorce Sr. Principal Software Engineer Red Hat, Inc

Re: authselect: what to do with systemd and nss-mdns that modify nsswith.conf

2018-12-12 Thread Simo Sorce
On Thu, 2018-12-06 at 17:49 +0100, Lennart Poettering wrote: > On Do, 06.12.18 11:25, Simo Sorce (s...@redhat.com) wrote: > > > > > Summary: I'd make things simple, and enable all four unconditionally > > > > and by default without any dynamic infrastructure, wi

Re: authselect: what to do with systemd and nss-mdns that modify nsswith.conf

2018-12-06 Thread Simo Sorce
are installed. The question is > *how* they should be enabled: either through the installed file or through > rpm scriptlets. Without those modules, too much stuff breaks, so disabling > them is not a realistic option. I wonder if we should think of a tighter system integration and subsume the

Re: Proposal: Faster composes by eliminating deltarpms and using zchunked rpms instead

2018-11-19 Thread Simo Sorce
oad as you go, as I have more b/w than storage, but I do not want to experiment with putting /var/cache on nfs ... Simo. -- Simo Sorce Sr. Principal Software Engineer Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscr

Re: Proposal: Faster composes by eliminating deltarpms and using zchunked rpms instead

2018-11-19 Thread Simo Sorce
On Mon, 2018-11-19 at 21:02 +, Jonathan Dieter wrote: > On Mon, 2018-11-19 at 15:18 -0500, Simo Sorce wrote: > > On Mon, 2018-11-19 at 19:58 +, Jonathan Dieter wrote: > > > > > That's an interesting thought. I was picturing using the zchunk > > >

Re: Proposal: Faster composes by eliminating deltarpms and using zchunked rpms instead

2018-11-19 Thread Simo Sorce
"OK". (If I understood your comment about "just downloading changed chunks). A couple more questions. I skimmed quickly at the format and I have two questions I did not immediately see an answer for. 1) why are you still supporting SHA-1 in a new format ? 2) w

Re: IBM buying RedHat

2018-10-28 Thread Simo Sorce
n at some point, but this is news for *everyone* at Red Hat except a handful (at the CXX level) so give us some time ... Simo. -- Simo Sorce Sr. Principal Software Engineer Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an em

Re: Fedora should replace mailing lists with Discourse

2018-10-19 Thread Simo Sorce
* have it archived. Simo. -- Simo Sorce Sr. Principal Software Engineer Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.or

Re: Fedora should replace mailing lists with Discourse

2018-10-18 Thread Simo Sorce
On Thu, 2018-10-18 at 12:12 -0700, Gerald B. Cox wrote: > On Thu, Oct 18, 2018 at 12:03 PM Simo Sorce wrote: > > > On Thu, 2018-10-18 at 11:51 -0700, Gerald B. Cox wrote: > > > On Thu, Oct 18, 2018 at 11:40 AM Simo Sorce wrote: > > > > > > > On Wed

Re: Fedora should replace mailing lists with Discourse

2018-10-18 Thread Simo Sorce
On Thu, 2018-10-18 at 11:51 -0700, Gerald B. Cox wrote: > On Thu, Oct 18, 2018 at 11:40 AM Simo Sorce wrote: > > > On Wed, 2018-10-17 at 11:02 -0700, Gerald B. Cox wrote: > > > On Wed, Oct 17, 2018 at 10:55 AM Samuel Sieb wrote: > > > > > > >

Re: resume= kernel cmdline arg by default on servers

2018-10-18 Thread Simo Sorce
is too dumb to reply to > > an email correctly? Your messages break the threading. > > No, but Android Mail sucks in very many ways. Replying by webmail. > Anyone know of a good Android email client? K9 Mail is the best, paired with OpenKeychain

Re: resume= kernel cmdline arg by default on servers

2018-10-18 Thread Simo Sorce
ut it can take a very long time to recover - gets worse > the longer you have been hibernating for too Happens all the time for me, it is not a good experience. Isn't there a way to save the instance from the hypervisor *and* on top of that emulate a quick S3 to the guest so that it will jus

  1   2   3   4   5   6   >