Re: F26 proposed release tooling changes
Thanks to everyone for reviewing and for your interest at least in the planned Kerberos changes :) I'm going to close the feedback period now and ask if you have any other questions or requests that you contact me directly so I don't miss it. We'll begin the process of filing changes, etc next week. Cheers! - Original Message - > From: "Amanda Carter"> To: devel@lists.fedoraproject.org > Sent: Monday, October 24, 2016 2:04:40 PM > Subject: F26 proposed release tooling changes > > Heads up about the release tooling changes we're proposing for F26. Note that > this list may exclude work to be completed for modularity but that will be > added to the same page at a later date. If there's anything that seems to be > missing or mis-prioritized please let me know. I'd like feedback on this > list by the end of the week. Next week we'll start getting ready to deliver > these changes. > > https://fedoraproject.org/wiki/ReleaseEngineering/PriorityPipeline#F26_Proposed_Tools_Changes > > Thanks! > > -- > Amanda Carter > > -- Amanda Carter ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: F26 proposed release tooling changes
On to, 27 loka 2016, Jan Kurik wrote: I am not very familiar with the Fedora Infrastructure, I am just curios whether the kerberos is going to be somehow synchronized with FAS ? In short: yes. However, please wait for official announcement by Fedora Infrastructure for the actual details. -- / Alexander Bokovoy ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: F26 proposed release tooling changes
I am not very familiar with the Fedora Infrastructure, I am just curios whether the kerberos is going to be somehow synchronized with FAS ? Jan On Wed, Oct 26, 2016 at 7:50 PM, Charalampos Stratakiswrote: > kerberos support for Fedora infra would be an amazing step forward. > > Charalampos Stratakis > Associate Software Engineer > Python Maintenance Team, Red Hat > > > - Original Message - > From: "Amanda Carter" > To: devel@lists.fedoraproject.org > Sent: Monday, October 24, 2016 8:04:40 PM > Subject: F26 proposed release tooling changes > > Heads up about the release tooling changes we're proposing for F26. Note that > this list may exclude work to be completed for modularity but that will be > added to the same page at a later date. If there's anything that seems to be > missing or mis-prioritized please let me know. I'd like feedback on this list > by the end of the week. Next week we'll start getting ready to deliver these > changes. > > https://fedoraproject.org/wiki/ReleaseEngineering/PriorityPipeline#F26_Proposed_Tools_Changes > > Thanks! > > -- > Amanda Carter > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org -- Jan Kuřík Platform & Fedora Program Manager Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: F26 proposed release tooling changes
kerberos support for Fedora infra would be an amazing step forward. Charalampos Stratakis Associate Software Engineer Python Maintenance Team, Red Hat - Original Message - From: "Amanda Carter"To: devel@lists.fedoraproject.org Sent: Monday, October 24, 2016 8:04:40 PM Subject: F26 proposed release tooling changes Heads up about the release tooling changes we're proposing for F26. Note that this list may exclude work to be completed for modularity but that will be added to the same page at a later date. If there's anything that seems to be missing or mis-prioritized please let me know. I'd like feedback on this list by the end of the week. Next week we'll start getting ready to deliver these changes. https://fedoraproject.org/wiki/ReleaseEngineering/PriorityPipeline#F26_Proposed_Tools_Changes Thanks! -- Amanda Carter ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: F26 proposed release tooling changes
On Wed, Oct 26, 2016 at 12:39 AM, Alexander Bokovoywrote: > We implemented HTTPS proxying of the Kerberos protocol, based on > MS-KKDCP specification. It is in MIT Kerberos 1.13+. Oh, fantastic! I didn't know that standard, or that MIT Kerberos supported it. - Ken ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: F26 proposed release tooling changes
On ti, 25 loka 2016, Ken Dreyer wrote: On Tue, Oct 25, 2016 at 3:00 PM, Dennis Gilmorewrote: On martes, 25 de octubre de 2016 2:42:15 PM CDT Ken Dreyer wrote: Hi Amanda, I'm curious about this change: "Kerberos support in koji, fedpkg, OSBS " Is koji.fedoraproject.org is going to eventually stop supporting TLS authentication, and we'll have a Fedora-project-wide Kerberos infrastructure instead? there will be kerberos auth for koji and lookaise cache, if it will be project wide or not I am not sure that is decided yet. Thanks Dennis. I'm curious about this because most organizations do not expose their KDCs directly to the internet. As I understand it, it's possible for a passive attacker to sniff the TGT exchange and brute-force a password, whereas this attack scenario is not possible with Koji's current HTTPS client cert authentication. We implemented HTTPS proxying of the Kerberos protocol, based on MS-KKDCP specification. It is in MIT Kerberos 1.13+. -- / Alexander Bokovoy ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: F26 proposed release tooling changes
On Tue, Oct 25, 2016 at 3:00 PM, Dennis Gilmorewrote: > On martes, 25 de octubre de 2016 2:42:15 PM CDT Ken Dreyer wrote: >> Hi Amanda, >> >> I'm curious about this change: "Kerberos support in koji, fedpkg, OSBS " >> >> Is koji.fedoraproject.org is going to eventually stop supporting TLS >> authentication, and we'll have a Fedora-project-wide Kerberos >> infrastructure instead? > > there will be kerberos auth for koji and lookaise cache, if it will be project > wide or not I am not sure that is decided yet. Thanks Dennis. I'm curious about this because most organizations do not expose their KDCs directly to the internet. As I understand it, it's possible for a passive attacker to sniff the TGT exchange and brute-force a password, whereas this attack scenario is not possible with Koji's current HTTPS client cert authentication. - Ken ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: F26 proposed release tooling changes
On martes, 25 de octubre de 2016 2:42:15 PM CDT Ken Dreyer wrote: > Hi Amanda, > > I'm curious about this change: "Kerberos support in koji, fedpkg, OSBS " > > Is koji.fedoraproject.org is going to eventually stop supporting TLS > authentication, and we'll have a Fedora-project-wide Kerberos > infrastructure instead? there will be kerberos auth for koji and lookaise cache, if it will be project wide or not I am not sure that is decided yet. Dennis > - Ken > > On Mon, Oct 24, 2016 at 12:04 PM, Amanda Carterwrote: > > Heads up about the release tooling changes we're proposing for F26. Note > > that this list may exclude work to be completed for modularity but that > > will be added to the same page at a later date. If there's anything that > > seems to be missing or mis-prioritized please let me know. I'd like > > feedback on this list by the end of the week. Next week we'll start > > getting ready to deliver these changes. > > > > https://fedoraproject.org/wiki/ReleaseEngineering/PriorityPipeline#F26_Pro > > posed_Tools_Changes > > > > Thanks! > > > > -- > > Amanda Carter > > ___ > > devel mailing list -- devel@lists.fedoraproject.org > > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org signature.asc Description: This is a digitally signed message part. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: F26 proposed release tooling changes
Hi Amanda, I'm curious about this change: "Kerberos support in koji, fedpkg, OSBS " Is koji.fedoraproject.org is going to eventually stop supporting TLS authentication, and we'll have a Fedora-project-wide Kerberos infrastructure instead? - Ken On Mon, Oct 24, 2016 at 12:04 PM, Amanda Carterwrote: > Heads up about the release tooling changes we're proposing for F26. Note that > this list may exclude work to be completed for modularity but that will be > added to the same page at a later date. If there's anything that seems to be > missing or mis-prioritized please let me know. I'd like feedback on this list > by the end of the week. Next week we'll start getting ready to deliver these > changes. > > https://fedoraproject.org/wiki/ReleaseEngineering/PriorityPipeline#F26_Proposed_Tools_Changes > > Thanks! > > -- > Amanda Carter > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org