On 12/2/22 14:04, Vít Ondruch wrote:
Dne 02. 12. 22 v 8:00 Benson Muite napsal(a):
- rpms/ruby-ncurses
Taken
Why? It does not deserve to live, at least in its current (abandoned and
deprecated) form.
Thanks for the warning. Orphaned it.
Vít
Dne 02. 12. 22 v 8:00 Benson Muite napsal(a):
- rpms/ruby-ncurses
Taken
Why? It does not deserve to live, at least in its current (abandoned and
deprecated) form.
Vít
- rpms/ucx
Taken
___
devel mailing list --
- rpms/ruby-ncurses
Taken
- rpms/ucx
Taken
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
On Mon, 2022-11-28 at 15:00 -0800, Adam Williamson wrote:
> On Mon, 2022-11-28 at 19:24 +, Artur Frenszek-Iwicki wrote:
> > > - rpms/fpc
> > > - rpms/lazarus
> > I've been a co-admin on those, so I took 'em.
> >
> > Several of the orphaned packages are dependencies of stuff I
> > currently
On 28/11/2022 19:20, Mattia Verga via devel wrote:
- rpms/thefuck
Took it since I was a co-admin
- rpms/vim-latex
Took this as well
--
Arthur Bols
fas/irc: principis
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an
On Tue, 2022-11-29 at 10:04 -0600, Nick Bebout wrote:
> For some reason a few people weren't processed - I ran the script
> over them again and most were successful.
> For some reason, mmorsi causes the script to traceback (and zodbot
> errors trying to .fasinfo them as well). I processed mmorsi
Dne 28. 11. 22 v 19:20 Mattia Verga via devel napsal(a):
- rpms/python-copr-common
- rpms/python-flask-whooshee
Taken.
M.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
For some reason a few people weren't processed - I ran the script over them
again and most were successful.
For some reason, mmorsi causes the script to traceback (and zodbot errors
trying to .fasinfo them as well). I processed mmorsi by hand.
If anyone notices any others that got missed, please
Hello,
I'll take:
- rpms/keylime
Thank you,
Anderson
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
Il 29/11/22 11:16, Vít Ondruch ha scritto:
>
>
> Dne 29. 11. 22 v 11:05 Vít Ondruch napsal(a):
>>
>>
>> Dne 29. 11. 22 v 11:02 Vít Ondruch napsal(a):
>>>
>>>
>>> Dne 29. 11. 22 v 10:46 Vít Ondruch napsal(a):
I don't think that this went completely correct. I have just
claimed
On 28/11/2022 19:20, Mattia Verga via devel wrote:
- rpms/jdns
- rpms/tesseract
- rpms/zimlib
- rpms/pidgin-privacy-please
- rpms/yaml-cpp
Took these packages.
--
Sincerely,
Vitaly Zaitsev (vit...@easycoding.org)
___
devel mailing list --
On Tue, 29 Nov 2022 10:27:56 +
Paul Howarth wrote:
> On Mon, 28 Nov 2022 18:20:20 +
> Mattia Verga via devel wrote:
>
> > Il 28/11/22 18:36, Nick Bebout ha scritto:
> >
> > > I've removed a lot of ACLs. See attached log file.
> >
> > Thanks Nick.
> >
> > From your output I
On Mon, 28 Nov 2022 18:20:20 +
Mattia Verga via devel wrote:
> Il 28/11/22 18:36, Nick Bebout ha scritto:
>
> > I've removed a lot of ACLs. See attached log file.
>
> Thanks Nick.
>
> From your output I made a list of the orphaned packages which I think
> it's a bit more readable:
>
Dne 29. 11. 22 v 11:05 Vít Ondruch napsal(a):
Dne 29. 11. 22 v 11:02 Vít Ondruch napsal(a):
Dne 29. 11. 22 v 10:46 Vít Ondruch napsal(a):
I don't think that this went completely correct. I have just claimed
ownership of rubygem-em-socksify (so far so good). However, I
noticed, that
Dne 29. 11. 22 v 11:02 Vít Ondruch napsal(a):
Dne 29. 11. 22 v 10:46 Vít Ondruch napsal(a):
I don't think that this went completely correct. I have just claimed
ownership of rubygem-em-socksify (so far so good). However, I
noticed, that mmorsi, while removed from packager group (at least
Dne 29. 11. 22 v 0:00 Adam Williamson napsal(a):
On Mon, 2022-11-28 at 19:24 +, Artur Frenszek-Iwicki wrote:
- rpms/fpc
- rpms/lazarus
I've been a co-admin on those, so I took 'em.
Several of the orphaned packages are dependencies of stuff I
currently maintain.
I'll wait a week or two to
Dne 29. 11. 22 v 10:46 Vít Ondruch napsal(a):
I don't think that this went completely correct. I have just claimed
ownership of rubygem-em-socksify (so far so good). However, I noticed,
that mmorsi, while removed from packager group (at least being on the
list)
Just checked that he is
Dne 28. 11. 22 v 19:20 Mattia Verga via devel napsal(a):
Il 28/11/22 18:36, Nick Bebout ha scritto:
I've removed a lot of ACLs. See attached log file.
Thanks Nick.
From your output I made a list of the orphaned packages which I think
it's a bit more readable:
- rpms/rubygem-chronic
-
I don't think that this went completely correct. I have just claimed
ownership of rubygem-em-socksify (so far so good). However, I noticed,
that mmorsi, while removed from packager group (at least being on the
list) is still comaintainer of the package. I would assume that these
people should
On Mon, Nov 28, 2022 at 11:01 PM Adam Williamson
wrote:
> qemu -> ceph -> openssh -> libfido2 -> libcbor (unmaintained)
I'll pick up libcbor, as I am the packager for libfido2.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe
On Mon, 2022-11-28 at 19:24 +, Artur Frenszek-Iwicki wrote:
> > - rpms/fpc
> > - rpms/lazarus
> I've been a co-admin on those, so I took 'em.
>
> Several of the orphaned packages are dependencies of stuff I
> currently maintain.
> I'll wait a week or two to see if anyone else wants to take
On 11/28/22 1:20 PM, Mattia Verga via devel wrote:
Il 28/11/22 18:36, Nick Bebout ha scritto:
I've removed a lot of ACLs. See attached log file.
Thanks Nick.
From your output I made a list of the orphaned packages which I think
it's a bit more readable:
- container/cassandra
-
On Mon, Nov 28, 2022 at 8:33 PM Kalev Lember wrote:
> On Mon, Nov 28, 2022 at 7:20 PM Mattia Verga via devel <
> devel@lists.fedoraproject.org> wrote:
>
>> - rpms/sysprof
>>
>
> I took sysprof as I've been de facto maintaining it for years.
>
... and also baobab, geocode-glib,
On Mon, Nov 28, 2022 at 7:20 PM Mattia Verga via devel <
devel@lists.fedoraproject.org> wrote:
> - rpms/sysprof
>
I took sysprof as I've been de facto maintaining it for years.
--
Kalev
___
devel mailing list -- devel@lists.fedoraproject.org
To
> - rpms/fpc
> - rpms/lazarus
I've been a co-admin on those, so I took 'em.
Several of the orphaned packages are dependencies of stuff I currently maintain.
I'll wait a week or two to see if anyone else wants to take them.
A.FI.
___
devel mailing list
I took a few packages. I'm trying to also take bonnie++ but the take
request is returning a 500 error.
On Mon, Nov 28, 2022 at 12:35 PM Mattia Verga via devel <
devel@lists.fedoraproject.org> wrote:
> Il 28/11/22 19:20, Mattia Verga ha scritto:
> > From your output I made a list of the orphaned
Il 28/11/22 19:20, Mattia Verga ha scritto:
> From your output I made a list of the orphaned packages which I think
> it's a bit more readable:
>
> ...
> - rpms/celestia
>
Taken and added astro-sig as co-maintainer, I'll try to update it to the
latest version.
>
> ...
> -
Il 28/11/22 18:36, Nick Bebout ha scritto:
> I've removed a lot of ACLs. See attached log file.
Thanks Nick.
From your output I made a list of the orphaned packages which I think it's a
bit more readable:
- container/cassandra
- container/php
- modules/389-ds
- modules/timescaledb
-
I have removed these accounts from the packager group, and am currently
running a script to remove their ACLs. I will post on devel list when it
is complete (along with the packages that are orphaned)
On Sat, Nov 26, 2022 at 2:05 AM Mattia Verga via devel <
devel@lists.fedoraproject.org> wrote:
Il 24/11/22 09:38, Vít Ondruch ha scritto:
> @Ben isn't it the time to finish this round?
>
>
> Vít
>
>
It's being worked on in https://pagure.io/fedora-infrastructure/issue/11002
Mattia
___
devel mailing list -- devel@lists.fedoraproject.org
To
@Ben isn't it the time to finish this round?
Vít
Dne 18. 08. 22 v 23:28 Ben Cotton napsal(a):
Hello everyone!
I just completed the first run of FESCo's newly approved Inactive
Packager Policy[1]. Packagers that have been identified as inactive
have a ticket in the find-inactive-packagers
Hi,
On to, 15 syys 2022, Kevin Fenzi wrote:
> CentOS folks still use certs for their koji:
> https://wiki.centos.org/Authentication#TLS_certificate
> (and thats using the same account system/ipa servers as fedora).
>
> > I hope we can plan to work together on this improvement again, similar
> >
On Mon, Sep 19, 2022 at 05:58:36PM +0200, Vít Ondruch wrote:
>
> Dne 16. 09. 22 v 19:03 Kevin Fenzi napsal(a):
> > On Fri, Sep 16, 2022 at 10:03:35AM +0200, Vít Ondruch wrote:
> > > Isn't peer review much better and easier solution over all? We could also
> > > require signed commits I guess.
> >
Dne 16. 09. 22 v 19:03 Kevin Fenzi napsal(a):
On Fri, Sep 16, 2022 at 10:03:35AM +0200, Vít Ondruch wrote:
Isn't peer review much better and easier solution over all? We could also
require signed commits I guess.
I think it would slow things down quite a lot to require peer review of
every
On 9/19/22 04:52, Petr Pisar wrote:
> V Fri, Sep 16, 2022 at 01:56:03PM -0400, Todd Zullinger napsal(a):
>> Kevin Fenzi wrote:
>>> On Fri, Sep 16, 2022 at 10:03:35AM +0200, Vít Ondruch wrote:
Isn't peer review much better and easier solution over all? We could also
require signed commits
V Fri, Sep 16, 2022 at 01:56:03PM -0400, Todd Zullinger napsal(a):
> Kevin Fenzi wrote:
> > On Fri, Sep 16, 2022 at 10:03:35AM +0200, Vít Ondruch wrote:
> >> Isn't peer review much better and easier solution over all? We could also
> >> require signed commits I guess.
> >
> > I think it would
V Fri, Sep 16, 2022 at 05:30:13PM +, Tommy Nguyen napsal(a):
> With that being said, if a GPG key would be compromised, wouldn't it
> result in an error when trying to update the package? An end user would
> then report the bug, someone would see that the key does not match the
> signature in
Kevin Fenzi wrote:
> On Fri, Sep 16, 2022 at 10:03:35AM +0200, Vít Ondruch wrote:
>> Isn't peer review much better and easier solution over all? We could also
>> require signed commits I guess.
>
> I think it would slow things down quite a lot to require peer review of
> every commit.
>
> I'd
On Fri, 2022-09-16 at 17:16 +, Dan Čermák wrote:
> Hi,
>
> On September 16, 2022 5:03:03 PM UTC, Kevin Fenzi
> wrote:
> > On Fri, Sep 16, 2022 at 10:03:35AM +0200, Vít Ondruch wrote:
> > > Isn't peer review much better and easier solution over all? We
> > > could also
> > > require signed
Hi,
On September 16, 2022 5:03:03 PM UTC, Kevin Fenzi wrote:
>On Fri, Sep 16, 2022 at 10:03:35AM +0200, Vít Ondruch wrote:
>> Isn't peer review much better and easier solution over all? We could also
>> require signed commits I guess.
>
>I think it would slow things down quite a lot to require
On Fri, Sep 16, 2022 at 10:03:35AM +0200, Vít Ondruch wrote:
> Isn't peer review much better and easier solution over all? We could also
> require signed commits I guess.
I think it would slow things down quite a lot to require peer review of
every commit.
I'd personally like to avoid anything
On Fri, Sep 16, 2022 at 10:29:17AM +0300, Alexander Bokovoy wrote:
>
> One thing I want to get properly implemented in SSSD in upcoming FIDO2
> support is to allow admins to filter out certain types of public SSH
> keys associated with the user account. E.g. get a way for administrator
> to say
On Thu, 15 Sep 2022 11:57:53 -0700
Adam Williamson wrote:
> We have "critical path" groups for lots of desktops, including ones
> that aren't release-blocking: deepin, lxde, lxqt, and xfce. The logic
> here is approximately: things that are critical to those desktops are
> indeed critical to
Just very minor contribution to alrready very complex trhead.
- to remove packager status if they are not using it, is just wrong. OpenJDK was using it far years and it really did not proved itself. Now OpenJDK have policy, that once you earn any status, you remain with it. The downgrade or no
Isn't peer review much better and easier solution over all? We could
also require signed commits I guess.
Vít
Dne 15. 09. 22 v 20:36 Gary Buhrmaster napsal(a):
On Thu, Sep 15, 2022 at 5:55 PM Kevin Fenzi wrote:
On Thu, Sep 15, 2022 at 09:26:36AM +0300, Alexander Bokovoy wrote:
Proven
On to, 15 syys 2022, Kevin Fenzi wrote:
On Thu, Sep 15, 2022 at 09:26:36AM +0300, Alexander Bokovoy wrote:
Proven packagers seem to be a fair category to address. Also packagers
responsible for security-related bits of the distribution. Compilers?
Well, as others noted in this thread, any
On Thu, Sep 15, 2022 at 04:34:08PM -0400, Demi Marie Obenour wrote:
> On 9/15/22 13:55, Kevin Fenzi wrote:
> > On Thu, Sep 15, 2022 at 09:26:36AM +0300, Alexander Bokovoy wrote:
> >>
> >> Proven packagers seem to be a fair category to address. Also packagers
> >> responsible for security-related
On Thu, Sep 15, 2022 at 11:54:13AM -0700, Adam Williamson wrote:
> On Thu, 2022-09-15 at 10:55 -0700, Kevin Fenzi wrote:
> > On Thu, Sep 15, 2022 at 09:26:36AM +0300, Alexander Bokovoy wrote:
> > >
> > > Proven packagers seem to be a fair category to address. Also packagers
> > > responsible for
On 9/15/22 13:55, Kevin Fenzi wrote:
> On Thu, Sep 15, 2022 at 09:26:36AM +0300, Alexander Bokovoy wrote:
>>
>> Proven packagers seem to be a fair category to address. Also packagers
>> responsible for security-related bits of the distribution. Compilers?
>
> Well, as others noted in this thread,
On Thu, Sep 15, 2022 at 6:58 PM Adam Williamson
wrote:
> There's a kind of "surprising" property of the critical path list too -
> it contains some things you might not expect.
I was (initially) thinking of the critical-path-base list,
but you are right that the critical path is in the eyes of
On Thu, 2022-09-15 at 18:36 +, Gary Buhrmaster wrote:
> On Thu, Sep 15, 2022 at 5:55 PM Kevin Fenzi wrote:
> >
> > On Thu, Sep 15, 2022 at 09:26:36AM +0300, Alexander Bokovoy wrote:
> > >
> > > Proven packagers seem to be a fair category to address. Also packagers
> > > responsible for
On Thu, 2022-09-15 at 10:55 -0700, Kevin Fenzi wrote:
> On Thu, Sep 15, 2022 at 09:26:36AM +0300, Alexander Bokovoy wrote:
> >
> > Proven packagers seem to be a fair category to address. Also packagers
> > responsible for security-related bits of the distribution. Compilers?
>
> Well, as others
On Thu, Sep 15, 2022 at 5:55 PM Kevin Fenzi wrote:
>
> On Thu, Sep 15, 2022 at 09:26:36AM +0300, Alexander Bokovoy wrote:
> >
> > Proven packagers seem to be a fair category to address. Also packagers
> > responsible for security-related bits of the distribution. Compilers?
Perhaps any packager
On 9/14/22 03:51, Vitaly Zaitsev via devel wrote:
On 13/09/2022 23:50, Demi Marie Obenour wrote:
Another option is a TPM-based authenticator. Would this be acceptable?
No. TPM 2.0 chip is a *proprietary* black box. Some of them have known
critical security vulnerabilities[1].
OK, but so
On Thu, Sep 15, 2022 at 09:26:36AM +0300, Alexander Bokovoy wrote:
>
> Proven packagers seem to be a fair category to address. Also packagers
> responsible for security-related bits of the distribution. Compilers?
Well, as others noted in this thread, any packager has a lot of power.
They can
On 9/15/22 08:57, Stephen Smoogen wrote:
> On Wed, 14 Sept 2022 at 18:36, Simo Sorce wrote:
>
>> On Wed, 2022-09-14 at 15:11 -0700, Adam Williamson wrote:
>>> On Wed, 2022-09-14 at 10:25 -0500, Michael Catanzaro wrote:
On Wed, Sep 14 2022 at 06:58:12 AM +, Tommy Nguyen
wrote:
On Wed, 14 Sept 2022 at 18:36, Simo Sorce wrote:
> On Wed, 2022-09-14 at 15:11 -0700, Adam Williamson wrote:
> > On Wed, 2022-09-14 at 10:25 -0500, Michael Catanzaro wrote:
> > >
> > > On Wed, Sep 14 2022 at 06:58:12 AM +, Tommy Nguyen
> > > wrote:
> > > > I'm not entirely convinced. See
On ke, 14 syys 2022, Kevin Fenzi wrote:
On Wed, Sep 14, 2022 at 05:47:46PM +0300, Alexander Bokovoy wrote:
On ke, 14 syys 2022, Stephen Smoogen wrote:
> On Wed, 14 Sept 2022 at 05:28, Alexander Bokovoy
> wrote:
>
> >
> > Sadly, it cannot be just 'any' certificate, it has to be issued by a
> >
On Wed, 2022-09-14 at 15:49 -0700, Adam Williamson wrote:
> The hardcore way is to say "welp, too bad, your account's gone,
> create
> a new one and start over, including going through the maintainer
> process again", but that might be a bit *too* hardcore.
>
> This is a perennial issue, though,
On Wed, 2022-09-14 at 18:35 -0400, Simo Sorce wrote:
> On Wed, 2022-09-14 at 15:11 -0700, Adam Williamson wrote:
> > On Wed, 2022-09-14 at 10:25 -0500, Michael Catanzaro wrote:
> > >
> > > On Wed, Sep 14 2022 at 06:58:12 AM +, Tommy Nguyen
> > > wrote:
> > > > I'm not entirely convinced.
On Wed, 2022-09-14 at 15:11 -0700, Adam Williamson wrote:
> On Wed, 2022-09-14 at 10:25 -0500, Michael Catanzaro wrote:
> >
> > On Wed, Sep 14 2022 at 06:58:12 AM +, Tommy Nguyen
> > wrote:
> > > I'm not entirely convinced. See this paper:
> > > https://eprint.iacr.org/2020/1298.pdf
> >
>
On Wed, 2022-09-14 at 10:25 -0500, Michael Catanzaro wrote:
>
> On Wed, Sep 14 2022 at 06:58:12 AM +, Tommy Nguyen
> wrote:
> > I'm not entirely convinced. See this paper:
> > https://eprint.iacr.org/2020/1298.pdf
>
> I only read the abstract of this paper, but looks like the researchers
On Wed, Sep 14, 2022 at 05:47:46PM +0300, Alexander Bokovoy wrote:
> On ke, 14 syys 2022, Stephen Smoogen wrote:
> > On Wed, 14 Sept 2022 at 05:28, Alexander Bokovoy
> > wrote:
> >
> > >
> > > Sadly, it cannot be just 'any' certificate, it has to be issued by a
> > > certificate authority that
On 14/09/2022 17:26, Michael Catanzaro wrote:
If you want to protect against *both* threats, use a security key, but
you've already pushed back against requiring a hardware purchase.
I never click on links from emails, instant messengers, etc.
I'm using fkinit and my simple custom systemd
TLS client certificates is actually not a terrible idea. They're not
very popular anymore, but they're supported by all major browsers (I
think?) and they work.
On Wed, Sep 14 2022 at 02:08:32 PM +0200, Vitaly Zaitsev via devel
wrote:
On 14/09/2022 10:01, Demi Marie Obenour wrote:
Still,
On Wed, Sep 14 2022 at 06:58:12 AM +, Tommy Nguyen
wrote:
I'm not entirely convinced. See this paper:
https://eprint.iacr.org/2020/1298.pdf
I only read the abstract of this paper, but looks like the researchers
have found that FIDO is indeed unphishable. Seems their attack relies
on
On ke, 14 syys 2022, Stephen Smoogen wrote:
On Wed, 14 Sept 2022 at 05:28, Alexander Bokovoy
wrote:
Sadly, it cannot be just 'any' certificate, it has to be issued by a
certificate authority that is trusted by the KDC as well. For example,
by FreeIPA CA which is already ran by the Fedora
On Wed, 14 Sept 2022 at 05:28, Alexander Bokovoy
wrote:
>
> Sadly, it cannot be just 'any' certificate, it has to be issued by a
> certificate authority that is trusted by the KDC as well. For example,
> by FreeIPA CA which is already ran by the Fedora project infrastructure
> team. An
On 14/09/2022 10:01, Demi Marie Obenour wrote:
Still, even a pure software FIDO2 implementation is much better than
TOTP etc.
I don't think so. Malware can easily steal the private key. Simple TOTP
on a separate device is much better.
--
Sincerely,
Vitaly Zaitsev (vit...@easycoding.org)
On ke, 14 syys 2022, Demi Marie Obenour wrote:
On 9/14/22 03:55, Vitaly Zaitsev via devel wrote:
On 14/09/2022 08:46, Demi Marie Obenour wrote:
The only other
non-phishable authentication method is TLS client certificates and
I would be fine with those.
Fedora used to have TLS client
On 9/13/22 21:37, Tommy Nguyen wrote:
> On Tue, 2022-09-06 at 16:14 -0500, Jonathan Wright via devel wrote:
>> On Tue, Sep 6, 2022 at 3:52 PM Vitaly Zaitsev via devel <
>> devel@lists.fedoraproject.org> wrote:
>>
>>> On 06/09/2022 19:49, Michael Catanzaro wrote:
Of course, hardware
On 9/14/22 03:55, Vitaly Zaitsev via devel wrote:
> On 14/09/2022 08:46, Demi Marie Obenour wrote:
>> The only other
>> non-phishable authentication method is TLS client certificates and
>> I would be fine with those.
>
> Fedora used to have TLS client certificate authorization (in Koji), but
>
On 14/09/2022 08:46, Demi Marie Obenour wrote:
The only other
non-phishable authentication method is TLS client certificates and
I would be fine with those.
Fedora used to have TLS client certificate authorization (in Koji), but
this has been replaced by Kerberos.
since almost every laptop
On 13/09/2022 23:50, Demi Marie Obenour wrote:
Another option is a TPM-based authenticator. Would this be acceptable?
No. TPM 2.0 chip is a *proprietary* black box. Some of them have known
critical security vulnerabilities[1].
[1]:
On Wed, 2022-09-14 at 02:46 -0400, Demi Marie Obenour wrote:
> Because FIDO2 is not phishable. TOTP and HOTP are. The only other
> non-phishable authentication method is TLS client certificates and
> I would be fine with those.
I'm not entirely convinced. See this paper:
On 9/13/22 21:37, Tommy Nguyen wrote:
> On Tue, 2022-09-06 at 16:14 -0500, Jonathan Wright via devel wrote:
>> On Tue, Sep 6, 2022 at 3:52 PM Vitaly Zaitsev via devel <
>> devel@lists.fedoraproject.org> wrote:
>>
>>> On 06/09/2022 19:49, Michael Catanzaro wrote:
Of course, hardware
On Tue, 2022-09-06 at 16:14 -0500, Jonathan Wright via devel wrote:
> On Tue, Sep 6, 2022 at 3:52 PM Vitaly Zaitsev via devel <
> devel@lists.fedoraproject.org> wrote:
>
> > On 06/09/2022 19:49, Michael Catanzaro wrote:
> > > Of course, hardware authenticators would be even more secure, and
> > >
On 9/6/22 17:29, Alex Perez wrote:
> Jonathan,
>
> Your perspective on costs seems extremely developed-country-centric, and
> I'd like to suggest you check your (financial) privilege. I don't know
> where you're from; I'm from the US, but I am well aware of the reality
> of many open source
>From the audience:
In the past, Yubico has been generous in giving keys to packagers.
If they cannot give keys to all, then maybe we can get a few for those who
need them.
Some of us already have keys.
The barrier to becoming a packager is already high (that is good)
But we should decrease
On 9/5/22 16:54, Maxwell G via devel wrote:
> On Monday, September 5, 2022 Peter Robinson wrote:
>> it would probably be easier to join and become a packager by
>> packaging a random leaf package no one would use, then as a packager
>> pick up an random orphaned package that's in the core distro
On Wed, Sep 7, 2022 at 12:27 PM Petr Pisar wrote:
> Do people lose their tokens more often than forget their passwords?
Depends on the person, of course. However, it is
less common that one loses a token and does not
somewhat quickly notice it (especially if it is on their
mobile device, or
On Tue, Sep 6 2022 at 10:53:03 PM -0500, Maxwell G
wrote:
I have 2FA set up on my account and it works okay. You'd use `fkinit`
instead
of `kinit` that requires special setup[1] to work with 2FA. It
doesn't work
with the GOA kerberos integration. When authenticating with Fedora
online
V Wed, Sep 07, 2022 at 08:53:15AM -0400, Stephen Smoogen napsal(a):
> On Wed, 7 Sept 2022 at 08:27, Petr Pisar wrote:
> > Shouldn't we instead start with strengthening the credentials reset even
> > for password-only authentication? I.e. disallowing the reset. Or enabling
> > having multiple
Dne 07. 09. 22 v 5:53 Maxwell G via devel napsal(a):
On Tuesday, September 6, 2022 Michael Catanzaro wrote:
Currently I do not have any 2FA enabled
on my Fedora account
I have 2FA set up on my account and it works okay. You'd use `fkinit` instead
of `kinit` that requires special setup[1] to
On Wed, 7 Sept 2022 at 08:27, Petr Pisar wrote:
> V Wed, Sep 07, 2022 at 07:51:15AM -0400, Stephen Smoogen napsal(a):
> > On Wed, 7 Sept 2022 at 02:53, Adam Williamson <
> adamw...@fedoraproject.org>
> > wrote:
> >
> > > On Wed, 2022-09-07 at 08:41 +0200, Vitaly Zaitsev via devel wrote:
> > > >
On Wed, 2022-09-07 at 14:26 +0200, Petr Pisar wrote:
> > So I am going to say I am in agreement with Vitaly that FIDO2 is
> > not a
> > solution we could support at this time. At most we could support
> > HOTP via
> > yubikey but we would need to be able to make sure
> > 1. That we have some sort
V Wed, Sep 07, 2022 at 07:51:15AM -0400, Stephen Smoogen napsal(a):
> On Wed, 7 Sept 2022 at 02:53, Adam Williamson
> wrote:
>
> > On Wed, 2022-09-07 at 08:41 +0200, Vitaly Zaitsev via devel wrote:
> > > On 06/09/2022 23:14, Jonathan Wright wrote:
> > > > Fedora must be looked at as more than
On Wed, 7 Sept 2022 at 02:53, Adam Williamson
wrote:
> On Wed, 2022-09-07 at 08:41 +0200, Vitaly Zaitsev via devel wrote:
> > On 06/09/2022 23:14, Jonathan Wright wrote:
> > > Fedora must be looked at as more than just a "hobby project" even
> though
> > > it is a hobby for some.
> >
> > There
On Wed, 2022-09-07 at 08:41 +0200, Vitaly Zaitsev via devel wrote:
> On 06/09/2022 23:14, Jonathan Wright wrote:
> > Fedora must be looked at as more than just a "hobby project" even though
> > it is a hobby for some.
>
> There are many casual maintainers who maintain one or two packages. We
>
On 06/09/2022 23:14, Jonathan Wright wrote:
Fedora must be looked at as more than just a "hobby project" even though
it is a hobby for some.
There are many casual maintainers who maintain one or two packages. We
shouldn't force them to leave Fedora.
It's an OS that many rely on and $25 is
On 07/09/2022 05:54, Maxwell G via devel wrote:
As has already been said, that's not true. Google Authenticator is far from
the only software that supports the TOTP standard.
This is not about simple TOTP, but about FIDO2.
--
Sincerely,
Vitaly Zaitsev (vit...@easycoding.org)
On Tue, Sep 06, 2022 at 04:14:52PM -0500, Jonathan Wright via devel wrote:
> On Tue, Sep 6, 2022 at 3:52 PM Vitaly Zaitsev via devel <
> devel@lists.fedoraproject.org> wrote:
>
> > On 06/09/2022 19:49, Michael Catanzaro wrote:
> > > Of course, hardware authenticators would be even more secure,
On Tuesday, September 6, 2022 Vitaly Zaitsev via devel wrote:
> > mobile device
>
> Requires proprietary Google services.
As has already been said, that's not true. Google Authenticator is far from
the only software that supports the TOTP standard.
--
Maxwell G (@gotmax23)
Pronouns:
On Tuesday, September 6, 2022 Michael Catanzaro wrote:
> Currently I do not have any 2FA enabled
> on my Fedora account
I have 2FA set up on my account and it works okay. You'd use `fkinit` instead
of `kinit` that requires special setup[1] to work with 2FA. It doesn't work
with the GOA kerberos
On Tuesday, September 6, 2022 Vitaly Zaitsev via devel wrote:
> If
> you want to enforce such a policy, find sponsors and buy devices for all
> Fedora contributors.
I kind of agree with this. See what PyPi is doing[1]. I don't think anyone who
maintains one package should get one, but perhaps
Jonathan,
Your perspective on costs seems extremely developed-country-centric, and
I'd like to suggest you check your (financial) privilege. I don't know
where you're from; I'm from the US, but I am well aware of the reality
of many open source contributors from countries where the exchange rate
On Tue, Sep 6, 2022 at 3:52 PM Vitaly Zaitsev via devel <
devel@lists.fedoraproject.org> wrote:
> On 06/09/2022 19:49, Michael Catanzaro wrote:
> > Of course, hardware authenticators would be even more secure, and it
> > sure seems pretty reasonable to expect that people with commit access to
> >
On 06/09/2022 19:49, Michael Catanzaro wrote:
Of course, hardware authenticators would be even more secure, and it
sure seems pretty reasonable to expect that people with commit access to
Fedora packages are able to purchase a $25 or 30€ security key [1][2].
Having to pay even $25 for a hobby
On Tue, Sep 06, 2022 at 07:37:19PM +0200, Vitaly Zaitsev via devel wrote:
> On 06/09/2022 18:36, Kevin Fenzi wrote:
> > For an OTP generating app? I don't see why it would...
>
> No, for FIDO2 authentication.
https://github.com/ellerh/softfido
But not sure how usable it is. ;)
Also:
On ti, 06 syys 2022, Adam Williamson wrote:
On Tue, 2022-09-06 at 16:47 +, Tommy Nguyen wrote:
On Tue, 2022-09-06 at 18:18 +0200, Vitaly Zaitsev via devel wrote:
> On 06/09/2022 17:00, Gary Buhrmaster wrote:
> > mobile device
>
> Requires proprietary Google services.
>
> > computer
>
>
1 - 100 of 166 matches
Mail list logo
