Re: remove polkit from core?

2012-11-12 Thread Florian Weimer
visibility or amalgamation builds (that is, stuffing everything in a single C file; -flto could perhaps provide an equivalent). -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: remove polkit from core?

2012-11-13 Thread Florian Weimer
. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: LuaJIT - an alternative for current Python C bindings

2012-11-15 Thread Florian Weimer
the baseline overhead from the run-time system which is unavoidable, but that's fairly small for Python (apparently less than 2 MB of unshared RSS per process). -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org

Re: LuaJIT - an alternative for current Python C bindings

2012-11-16 Thread Florian Weimer
will fail with an attempt to redefine error. (Don't get me wrong, LuaJIT is a great piece of work.) -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Summary/Minutes for today's FESCo meeting (2012-12-19)

2012-12-21 Thread Florian Weimer
-distribution consistency shouldn't matter (as seen with git, for example). -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Results of a test mass rebuild of rawhide/x86_64 with gcc-4.8.0-0.1.fc19

2013-01-07 Thread Florian Weimer
On 01/07/2013 04:50 PM, Petr Pisar wrote: The pre-precessed code is: for (i = 0; i = LAST_FLAG; i++) { ((all_heap_codes *)(0x1000))-yap_flags_field[i] = 0; } I think the number of iterations (24) is one larger than the number of array elements (23). -- Florian Weimer / Red

Re: Proposed F19 Feature: Package Signature Checking During Installation

2013-01-09 Thread Florian Weimer
is the best way to secure the installation path. Theoretically, it is feasible, but it will always be brittle. Those who cannot use Secure Boot (because they lack the hardware or rely on kernel features disabled by Secure Boot) should have access to a secure installation path, too. -- Florian Weimer

Re: Proposed F19 Feature: Package Signature Checking During Installation

2013-01-09 Thread Florian Weimer
/1 -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Proposed F19 Feature: Package Signature Checking During Installation

2013-01-09 Thread Florian Weimer
On 01/09/2013 02:34 PM, Matthew Garrett wrote: On Wed, Jan 09, 2013 at 01:52:05PM +0100, Florian Weimer wrote: It just occurred to me that this has zero chance of working because an attacker can always take the already-signed boot path from the F18 installer and use that to boot a modified F19

Re: Proposed F19 Feature: Package Signature Checking During Installation

2013-01-09 Thread Florian Weimer
. I certainly welcome these efforts. At least one part of it (teaching anaconda to verify (downloaded) packages against included key material) will be required by any other solution. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https

Re: Proposed F19 Feature: Package Signature Checking During Installation

2013-01-10 Thread Florian Weimer
be a Firefox add-on, for example, to provide users with a trust root.) -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: comps' standard group spring cleaning?

2013-01-11 Thread Florian Weimer
, and some alternatives don't, at least by default. This conversion is required for protocol-compliant HTTP, and some web servers insist on CRLF line endings. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org

Re: Results of a test mass rebuild of rawhide/x86_64 with gcc-4.8.0-0.1.fc19

2013-01-14 Thread Florian Weimer
it is built next week and 3 are not yet fixed gcc issues. Does this mean that there were no build failures caused by C++ conformance fixes (accepts-invalid bugs)? That's pretty impressive. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org

Re: Proposed F19 Feature: BIND10 - next generation of the popular BIND9 DNS server rewritten from scratch

2013-01-16 Thread Florian Weimer
feature parity and things like DLZ modules have been ported from BIND 9. BIND 10 is completely different from BIND 9. It's not like a switch from BIND 9.7 to BIND 9.8, it's like going from BIND 8 to BIND 9. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel

Re: Proposed F19 Feature: Shared System Certificates

2013-01-24 Thread Florian Weimer
. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Proposed F19 Feature: MEMSTOMP

2013-01-25 Thread Florian Weimer
not work yet with separate debuginfo yet, I think. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Proposed F19 Feature: Shared System Certificates

2013-01-25 Thread Florian Weimer
to offload the entire certificate chain validation to a daemon, so that it's possible to get consistent behavior across crypto libraries and allow system administrators to specify more detailed policies (but please not as Javascript code). -- Florian Weimer / Red Hat Product Security Team

Re: Proposed F19 Feature: GLIBC 2.17

2013-01-28 Thread Florian Weimer
/Tips_and_Tricks/secure_getenv for code snippets to implement in the change in a backwards-compatible fashion. Unfortunately, glibc upstream insistent on renaming before making the symbol official. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https

Re: Proposed F19 Feature: Cinnamon as Default Desktop

2013-01-28 Thread Florian Weimer
hurt. The poll or the downloads themselves could set a cookie to override the predicted preferences. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Proposed F19 Feature: Shared System Certificates

2013-01-28 Thread Florian Weimer
On 01/28/2013 03:45 PM, Petr Pisar wrote: On 2013-01-25, Florian Weimer fwei...@redhat.com wrote: On 01/24/2013 12:30 PM, Stef Walter wrote: So yes, as noted in the 'Detailed Description' of the feature, long term we hope to follow this up with further work to make all the crypto libraries

Re: Proposed F19 Feature: GLIBC 2.17

2013-01-29 Thread Florian Weimer
On 01/28/2013 06:31 PM, Bill Nottingham wrote: Florian Weimer (fwei...@redhat.com) said: See http://sourceware.org/glibc/wiki/Tips_and_Tricks/secure_getenv for code snippets to implement in the change in a backwards-compatible fashion. Unfortunately, glibc upstream insistent on renaming before

Re: Proposed F19 Feature: GLIBC 2.17

2013-01-29 Thread Florian Weimer
mock-chroot[root@oldenburg tmp]# -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: [Bug 885474] make bails with *** INTERNAL: readdir: Bad file descriptor

2013-09-01 Thread Florian Weimer
pages on fsf.org I don't see an upstream tracker for this. Am I correct in assuming that it's Fedora specific? Unclear. The test case in the bug report works for me on Fedora 18 x86_64 (and Fedora 19, too). I suspect that before we can fix this, we need a better test case. -- Florian Weimer

Re: [Bug 885474] make bails with *** INTERNAL: readdir: Bad file descriptor

2013-09-02 Thread Florian Weimer
. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: COPR

2013-09-02 Thread Florian Weimer
. The networking stack is more robust than the file system stack. (Which puts the idea to use air-gapped machines and thumb drives for data transfer between them into an interesting light, by the way.) -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel

Re: Fedora/Redhat and perfect forward secrecy

2013-09-09 Thread Florian Weimer
(mod N) Diffie-Hellman? Yes, it is. And that's what is insanely slow? I don't get it, either. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http

Re: numatop: %{optflags} fail the 32bit build

2013-09-11 Thread Florian Weimer
and produce wrong code. In 64 bit mode, you should use the original version. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Packages requiring Xorg BackingStore true

2013-09-11 Thread Florian Weimer
://smani.fedorapeople.org/Xwin.c case Expose: if(last_event != Expose) { /* replot_(idev); */ XSetInputFocus(display,window,RevertToNone,CurrentTime); } break; As a first step, I would comment-in that replot_ call and see what happens. -- Florian Weimer / Red Hat Product Security

Re: Packages requiring Xorg BackingStore true

2013-09-11 Thread Florian Weimer
(), though. Can you provide more context? -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: numatop: %{optflags} fail the 32bit build

2013-09-12 Thread Florian Weimer
volatile (push %%ebx\n\t cpuid\n\t mov %%eax, (%0)\n\t mov %%ebx, 4(%0)\n\t mov %%ecx, 8(%0)\n\t mov %%edx, 12(%0)\n\t pop %%ebx : : S (r) : eax, ecx, edx, memory); } Obviously, this needs adjustments to the callers. -- Florian Weimer / Red Hat Product

Re: numatop: %{optflags} fail the 32bit build

2013-09-12 Thread Florian Weimer
On 09/12/2013 02:53 PM, Florian Weimer wrote: By the way, we could generate much better code if the registers were passed as an array or struct, so that they are in consecutive memory: struct regs { unsigned eax, ebx, ecx, edx; }; void cpuid(struct regs *r) { __asm volatile (push

Re: Package name conflict with retired package

2013-09-13 Thread Florian Weimer
in such situations? Does the old repository needs to be deleted before the new one is created? Please do not reuse package names for unrelated software. It is quite confusing and can interfere with all kinds of tracking/package mapping efforts. -- Florian Weimer / Red Hat Product Security Team -- devel

Re: numatop: %{optflags} fail the 32bit build

2013-09-13 Thread Florian Weimer
clobber as well (in the clobber section after yet another colon): What would it do ? A compiler memory barrier ? Correct. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code

Re: Intent to retire: wimax, wimax-tools

2013-09-20 Thread Florian Weimer
. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Sunday 13th of October: SSD cache test day

2013-10-14 Thread Florian Weimer
caching functionality step by step instructions are available for: Is there a write-up somewhere documenting what strategies are implemented by bcache to keep the SSD and the hard disk contents in sync even in the event of a sudden power loss? -- Florian Weimer / Red Hat Product Security Team

Re: prelink performance gains

2013-10-15 Thread Florian Weimer
benefits from prelinking today. People write those, unfortunately. I'm attaching a deliberately badly written script which should be fairly representative, alas. I can' benchmark it right now because the system isn't idle, but if someone else wants to have a go at it, be my guest. -- Florian

Re: prelink performance gains

2013-10-16 Thread Florian Weimer
6.5699 -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: prelink performance gains

2013-10-16 Thread Florian Weimer
On 10/15/2013 10:04 PM, Florian Weimer wrote: On 10/15/2013 09:10 PM, Chris Adams wrote: Once upon a time, Jan Kratochvil jan.kratoch...@redhat.com said: It depends, for example in this case prelink saves 33% of time (and battery): i=0;time while [ $i -lt 1000 ];do /usr/bin/gnome-open

Canonical copy of config.guess/config.sub

2013-10-22 Thread Florian Weimer
-supplied copy. But in order to do that, we need a canonical path. Right now, iterating over /usr/share/automake*/config.{guess,sub} looks most promising and would work on Debian as well. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https

Re: Sunday 13th of October: SSD cache test day

2013-10-25 Thread Florian Weimer
On 10/15/2013 09:13 PM, Rolf Fokkens wrote: On 10/14/2013 10:08 AM, Florian Weimer wrote: Is there a write-up somewhere documenting what strategies are implemented by bcache to keep the SSD and the hard disk contents in sync even in the event of a sudden power loss? This is good place to start

Re: [fedora-java] Headless JRE in Fedora

2013-10-28 Thread Florian Weimer
packages with adequate provides in RHEL, or there should be some RPM macro that expands to the proper dependency. It's probably not a good idea to have every package to cook up its own solution. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org

Re: Packages have proxy word.

2013-11-01 Thread Florian Weimer
* مصعب الزعبي: When any package have proxy word marked to (install or update) , error message will appear with http 403 error forbidden. A curious problem. Could you use the repositories on https://dl.fedoraproject.org/ instead? -- devel mailing list devel@lists.fedoraproject.org

Re: Packages have proxy word.

2013-11-01 Thread Florian Weimer
* مصعب الزعبي: Thank You for attention, Yes they are all downloadable, Good to know. But only if I use https. Yes, that is expected, considering yoru situation. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of

Re: OpenH264 in Fedora

2013-11-02 Thread Florian Weimer
* Gregory Maxwell: The intention is that any parties capable of obtaining and running the provided binaries (and they intended to be maximally inclusive of which platforms they build for) can have a fully licensed implementation of H.264 at no cost. I expect that the actual licensing terms

Re: OpenH264 in Fedora

2013-11-02 Thread Florian Weimer
* Michael Catanzaro: On Sat, 2013-11-02 at 20:45 +0100, Florian Weimer wrote: I expect that the actual licensing terms will only cover end users for their own personal, non-commercial use (the language used in the end user licensing terms for existing platform codecs in Windows and Flash

Re: gnome software shell search provider? [Re: Is Gnome Software ready for primetime?]

2013-11-04 Thread Florian Weimer
functions with a special prologue to support this: http://technet.microsoft.com/en-us/library/cc782258%28v=ws.10%29.aspx -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code

Consequences of library bundling (was: Re: OpenH264 in Fedora)

2013-11-06 Thread Florian Weimer
. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Draft Product Description for Fedora Workstation

2013-11-07 Thread Florian Weimer
interoperability whatsoever. Shouldn't this be a top priority for bundled applications? -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org

Consequences of library bundling (was: Re: OpenH264 in Fedora)

2013-11-07 Thread Florian Weimer
just a very difficult problem, no matter how you eventually ship your bits. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: OpenH264 in Fedora

2013-11-11 Thread Florian Weimer
* drago: Well you make it sound like that had any effect on the outcome but the slides say that Fedora and Debian simply do not matter. Debian would not have a practical problem with a H.264 requirement, so I'm not sure if it matters in this context. -- devel mailing list

Re: What is support status of PowerVR GPUs in Fedora? (Intel D2500 and gma500_gfx)

2013-11-14 Thread Florian Weimer
components are involved. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: File conflict when upgrading package

2013-11-18 Thread Florian Weimer
and st.type == directory then os.execute(rm -rf %{_datadir}/applications/%{name}.desktop) end Wow. Shouldn't RPM support this out of the box? -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Enabling -Werror=format-security by default

2013-11-21 Thread Florian Weimer
argument does not have to be parsed for format strings. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: F21 System Wide Change: Headless Java

2013-11-26 Thread Florian Weimer
this one. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Kernel event library bundling

2013-11-28 Thread Florian Weimer
libraries goal? -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: RPATH in various binaries

2013-11-29 Thread Florian Weimer
*this* RPATH would not work if it actually needed any of the JVM libraries. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: crypto consolidation status

2013-12-03 Thread Florian Weimer
directly by applications) 3. OpenSSL 4. libgcrypt I hope that both OpenJDK crypto providers are acceptable as well (one is a wrapper around NSS, the other one is a separate implementation, mostly in Java). -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel

Re: how to fix this qt code for format-security flag FTBFS

2013-12-04 Thread Florian Weimer
()); The original version relied on the operator char *() overload of QByteArray, but that isn't applied in a vararg context. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http

Re: FTBFS if -Werror=format-security flag is used

2013-12-05 Thread Florian Weimer
diagnostic. GCC could perhaps do better in some cases, but not without relying on the optimizers. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http

Re: FTBFS if -Werror=format-security flag is used

2013-12-05 Thread Florian Weimer
), it does not make much of a difference how the data is obtained about future build failures. Filing bugs seems reasonable for tracking purposes. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman

Re: FTBFS if -Werror=format-security flag is used

2013-12-06 Thread Florian Weimer
On 12/06/2013 12:59 PM, Dhiru Kholia wrote: Can you *really* pass a QByteArray object directly to printf (and similar functions)? Yes, as the format string argument, because the user-defined conversion comparison operator to const char * kicks in. -- Florian Weimer / Red Hat Product

Re: FTBFS if -Werror=format-security flag is used

2013-12-06 Thread Florian Weimer
On 12/06/2013 01:26 PM, Florian Weimer wrote: On 12/06/2013 12:59 PM, Dhiru Kholia wrote: Can you *really* pass a QByteArray object directly to printf (and similar functions)? Yes, as the format string argument, because the user-defined conversion comparison operator to const char * kicks

Re: mechanism to retain system library versions

2013-12-18 Thread Florian Weimer
of a solution? For Boost, building packages on all the Fedora releases you want to support should work because Boost usually offers source-based backwards compatibility. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https

Re: Creating SRPM without rpmbuild

2013-12-19 Thread Florian Weimer
allowed to install packages. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Inter-WG coordination: Stable application runtimes

2013-12-20 Thread Florian Weimer
. It's not what GCC happens to implement today anymore. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: polkit changes in f19

2013-02-04 Thread Florian Weimer
://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: how reload udev rules and systemd on F18

2013-02-08 Thread Florian Weimer
On 02/05/2013 07:43 PM, Sérgio Basto wrote: Any advises or opinions ? I think you haven't yet described the original problem you're trying to solve. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman

Re: Package shipping their own CA and security

2013-02-08 Thread Florian Weimer
. (This assumes that we own the certificate in question. Obviously, it won't do to download the certificate from the Internet, bake it in, and hope that it won't change until it expires. That's just not going to work.) -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel

Re: Package shipping their own CA and security

2013-02-08 Thread Florian Weimer
On 02/08/2013 12:58 PM, Reindl Harald wrote: Am 08.02.2013 12:54, schrieb Florian Weimer: On 02/08/2013 12:41 PM, Michael Scherer wrote: For a certificate, that's slightly more subtle. A certificate alone in a package cannot do much. If there is no private key, then it cannot be used out

Re: how reload udev rules and systemd on F18

2013-02-14 Thread Florian Weimer
a real use case here, after all (avoid an unnecessary reboot). -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Mass closing EOL bugs should not close bugs with pending updates

2013-02-18 Thread Florian Weimer
release if it still relevant there. You don't have to subscribe to any mailing list for that, just being the reporter or Cc: on the bug is sufficient. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman

Re: 64-bit stat (or not) in 32-bit Fedora binaries

2013-02-19 Thread Florian Weimer
and off_t in public header files because of that _FILE_OFFSET_BITS dependency. At least in such header files, using explicit 64-bit types (uint64_t, presumably) is the way to go. Admittedly, this has a certain yuck factor, but I don't see a way around that. -- Florian Weimer / Red Hat Product

Re: 64-bit stat (or not) in 32-bit Fedora binaries

2013-02-19 Thread Florian Weimer
. At least it results in a compile error and not corruption at run time, but it's still far from ideal. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: 64-bit stat (or not) in 32-bit Fedora binaries

2013-02-20 Thread Florian Weimer
| __fxstat /usr/bin/locale| __xstat /usr/bin/localedef | __fxstat /usr/bin/localedef | __lxstat /usr/bin/localedef | __xstat /usr/bin/rpcgen| __xstat /usr/bin/sprof | __fxstat (9 rows) -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel

Re: ghostscript changing license from GPLv3+ to AGPLv3+

2013-02-22 Thread Florian Weimer
name), or does this affect CUPS? Will CUPS be extended to allow downloading the Ghostscript source code? -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: 64-bit stat (or not) in 32-bit Fedora binaries

2013-04-03 Thread Florian Weimer
stat bumps the inode nr past 2^32 (line numbers work on F18/kernel 3.7-8-ish at least) Do you have something similar for readdir? Do you know what the kernel does in this case? It would be quite annoying if the result was a truncated or incomplete directory listing. -- Florian Weimer / Red

Re: Expanding the list of Hardened Packages

2013-04-04 Thread Florian Weimer
. I think a similar optimization would be possible for access to global variables because ld could compute the final layout of all global variables in the binary itself, just as in the non-PIE case. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel

Re: Expanding the list of Hardened Packages

2013-04-04 Thread Florian Weimer
are referenced from position-dependent code? -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: What to move to?

2013-04-16 Thread Florian Weimer
to rewrite working system components in C only to reduce memory usage. This is what happened (or is expected to happen) to some daemons written in Python. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman

Re: Expanding the list of Hardened Packages

2013-04-16 Thread Florian Weimer
. (*) As soon as cryptography is involved, mathematically rigorous results are the exception. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Bundled copies of the Porter stemmer library

2013-04-17 Thread Florian Weimer
-- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Bundled copies of the Porter stemmer library

2013-04-17 Thread Florian Weimer
. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Bundled copies of the Porter stemmer library

2013-04-19 Thread Florian Weimer
On 04/18/2013 04:32 PM, Petr Pisar wrote: On 2013-04-17, Florian Weimer fwei...@redhat.com wrote: Ugh, hit Send too soon. I found some packages which embed copies of the Porter stemmer library (PostgreSQL, tracker, pl, etc.). Should I file bugs once I have the full list, or should I apply

Re: F19 DVD over size - what to drop?

2013-05-06 Thread Florian Weimer
. It's not entirely trivial because we'd need overrides (or ways to inject key material) for additional repositories added with Kickstart. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Expanding the list of Hardened Packages

2013-05-08 Thread Florian Weimer
backporting both patches. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: F19 DVD over size - what to drop?

2013-05-10 Thread Florian Weimer
driver signatures are alike because they do not embed a cleartext developer name. (Not that UEFI firmware has Authenticode prompts which show the certificate on the driver.) -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https

Re: Expanding the list of Hardened Packages

2013-05-10 Thread Florian Weimer
. Just like strcpy, and we all know how well that worked in practice. That being said, my recent experience *writing* C++03 code has been rather positive. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman

Re: Bundled copies of the Porter stemmer library

2013-05-10 Thread Florian Weimer
On 04/17/2013 02:48 PM, Florian Weimer wrote: I found some packages which embed copies of the Porter stemmer library (PostgreSQL, tracker, pl, etc.). Should I file bugs once I have the full list, or should I apply for a bundling exception? FYI, I'm deferring dealing with this until I've got

Re: What to move to?

2013-05-13 Thread Florian Weimer
On 04/18/2013 01:08 AM, Björn Persson wrote: Florian Weimer wrote: Yes, Ada has some nice features. At least there are real arrays, but they are somewhat cumbersome to work with, compared to Java, Python or, well, C pointers. There are two aspects: preservation of array bounds in slices (so

Re: why do have shared libs 755 perms?

2013-05-13 Thread Florian Weimer
provides. Most of the shared libraries in /lib{,64} *do* have a non-zero .e_entry. ( readelf -h *.so | grep 'Entry point' ) It seems all PIE executables are actually ET_DYN objects with an entry point. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel

Re: Mission Impossible #1: qt without gtk

2013-05-13 Thread Florian Weimer
- wise (only pulls in glib2) ... which Qt depends on for its event loop anyway. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

C++ library design (was: Re: Expanding the list of Hardened Packages)

2013-05-17 Thread Florian Weimer
On 05/17/2013 07:17 AM, Ben Boeckel wrote: While we're dredging up old threads ;) . On Fri, 10 May, 2013 at 12:29:16 GMT, Florian Weimer wrote: There is some fairly horrible stuff, like std::copy: http://en.cppreference.com/w/cpp/algorithm/copy You can pass a std::vectorT::iterator (say

Unpacking SRPMs

2013-05-17 Thread Florian Weimer
the %prep stage. Unpacking SRPMs seems to be fairly common operation. Has something like this already been implemented? -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Unpacking SRPMs

2013-05-17 Thread Florian Weimer
On 05/17/2013 09:36 PM, Adam Williamson wrote: On Fri, 2013-05-17 at 16:37 +0200, Florian Weimer wrote: I'd like some scriptable way to unpack SRPMs up and including to the %prep stage. Ideally, the results would end up in a directory I specify, and intermediate directories which only contain

Re: Systemd tip: service conditionals

2013-05-21 Thread Florian Weimer
On 05/21/2013 02:08 PM, Simone Caronni wrote: If there's a way to check if Secure Boot is enabled that would be great. Why do you want to do that? That's almost always wrong, just like checking for the AD bit in DNS responses. -- Florian Weimer / Red Hat Product Security Team -- devel

Re: Systemd tip: service conditionals

2013-05-22 Thread Florian Weimer
On 05/21/2013 08:48 PM, Simone Caronni wrote: Hello, On 21 May 2013 17:43, Florian Weimer fwei...@redhat.com mailto:fwei...@redhat.com wrote: On 05/21/2013 02:08 PM, Simone Caronni wrote: If there's a way to check if Secure Boot is enabled that would be great. Why do

Re: Unpacking SRPMs

2013-05-22 Thread Florian Weimer
On 05/17/2013 04:46 PM, Daniel P. Berrange wrote: On Fri, May 17, 2013 at 04:37:13PM +0200, Florian Weimer wrote: I'd like some scriptable way to unpack SRPMs up and including to the %prep stage. Ideally, the results would end up in a directory I specify, and intermediate directories which

Re: Software Management call for RFEs

2013-05-23 Thread Florian Weimer
indexing. And right now, accessing the actual source code is computationally expensive. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Software Management call for RFEs

2013-05-23 Thread Florian Weimer
functions at run time and don't have to ship separate DSOs anymore. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Software Management call for RFEs

2013-05-23 Thread Florian Weimer
guarantee you can fix critical bugs for all users who are potentially affected by them. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

  1   2   3   4   5   6   7   8   9   >