Re: F26 proposed release tooling changes

2016-10-28 Thread Amanda Carter 
Thanks to everyone for reviewing and for your interest at least in the planned 
Kerberos changes :) I'm going to close the feedback period now and ask if you 
have any other questions or requests that you contact me directly so I don't 
miss it. We'll begin the process of filing changes, etc next week.

Cheers!

- Original Message -
> From: "Amanda Carter" 
> To: devel@lists.fedoraproject.org
> Sent: Monday, October 24, 2016 2:04:40 PM
> Subject: F26 proposed release tooling changes
> 
> Heads up about the release tooling changes we're proposing for F26. Note that
> this list may exclude work to be completed for modularity but that will be
> added to the same page at a later date. If there's anything that seems to be
> missing or mis-prioritized please let me know. I'd like feedback on this
> list by the end of the week. Next week we'll start getting ready to deliver
> these changes.
> 
> https://fedoraproject.org/wiki/ReleaseEngineering/PriorityPipeline#F26_Proposed_Tools_Changes
> 
> Thanks!
> 
> --
> Amanda Carter
> 
> 

-- 
Amanda Carter
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: F26 proposed release tooling changes

2016-10-27 Thread Alexander Bokovoy 

On to, 27 loka 2016, Jan Kurik wrote:

I am not very familiar with the Fedora Infrastructure, I am just
curios whether the kerberos is going to be somehow synchronized with
FAS ?
In short: yes. 


However, please wait for official announcement by Fedora Infrastructure
for the actual details.

--
/ Alexander Bokovoy
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: F26 proposed release tooling changes

2016-10-27 Thread Jan Kurik 
I am not very familiar with the Fedora Infrastructure, I am just
curios whether the kerberos is going to be somehow synchronized with
FAS ?

Jan

On Wed, Oct 26, 2016 at 7:50 PM, Charalampos Stratakis
 wrote:
> kerberos support for Fedora infra would be an amazing step forward.
>
> Charalampos Stratakis
> Associate Software Engineer
> Python Maintenance Team, Red Hat
>
>
> - Original Message -
> From: "Amanda Carter" 
> To: devel@lists.fedoraproject.org
> Sent: Monday, October 24, 2016 8:04:40 PM
> Subject: F26 proposed release tooling changes
>
> Heads up about the release tooling changes we're proposing for F26. Note that 
> this list may exclude work to be completed for modularity but that will be 
> added to the same page at a later date. If there's anything that seems to be 
> missing or mis-prioritized please let me know. I'd like feedback on this list 
> by the end of the week. Next week we'll start getting ready to deliver these 
> changes.
>
> https://fedoraproject.org/wiki/ReleaseEngineering/PriorityPipeline#F26_Proposed_Tools_Changes
>
> Thanks!
>
> --
> Amanda Carter
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org



-- 
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: F26 proposed release tooling changes

2016-10-26 Thread Charalampos Stratakis 
kerberos support for Fedora infra would be an amazing step forward.

Charalampos Stratakis
Associate Software Engineer
Python Maintenance Team, Red Hat


- Original Message -
From: "Amanda Carter" 
To: devel@lists.fedoraproject.org
Sent: Monday, October 24, 2016 8:04:40 PM
Subject: F26 proposed release tooling changes

Heads up about the release tooling changes we're proposing for F26. Note that 
this list may exclude work to be completed for modularity but that will be 
added to the same page at a later date. If there's anything that seems to be 
missing or mis-prioritized please let me know. I'd like feedback on this list 
by the end of the week. Next week we'll start getting ready to deliver these 
changes.

https://fedoraproject.org/wiki/ReleaseEngineering/PriorityPipeline#F26_Proposed_Tools_Changes

Thanks!

-- 
Amanda Carter
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: F26 proposed release tooling changes

2016-10-26 Thread Ken Dreyer 
On Wed, Oct 26, 2016 at 12:39 AM, Alexander Bokovoy  wrote:
> We implemented HTTPS proxying of the Kerberos protocol, based on
> MS-KKDCP specification. It is in MIT Kerberos 1.13+.

Oh, fantastic! I didn't know that standard, or that MIT Kerberos supported it.

- Ken
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: F26 proposed release tooling changes

2016-10-26 Thread Alexander Bokovoy 

On ti, 25 loka 2016, Ken Dreyer wrote:

On Tue, Oct 25, 2016 at 3:00 PM, Dennis Gilmore  wrote:

On martes, 25 de octubre de 2016 2:42:15 PM CDT Ken Dreyer wrote:

Hi Amanda,

I'm curious about this change: "Kerberos support in koji, fedpkg, OSBS "

Is koji.fedoraproject.org is going to eventually stop supporting TLS
authentication, and we'll have a Fedora-project-wide Kerberos
infrastructure instead?


there will be kerberos auth for koji and lookaise cache, if it will be project
wide or not I am not sure that is decided yet.


Thanks Dennis.

I'm curious about this because most organizations do not expose their
KDCs directly to the internet. As I understand it, it's possible for a
passive attacker to sniff the TGT exchange and brute-force a password,
whereas this attack scenario is not possible with Koji's current HTTPS
client cert authentication.

We implemented HTTPS proxying of the Kerberos protocol, based on
MS-KKDCP specification. It is in MIT Kerberos 1.13+.

--
/ Alexander Bokovoy
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: F26 proposed release tooling changes

2016-10-25 Thread Ken Dreyer 
On Tue, Oct 25, 2016 at 3:00 PM, Dennis Gilmore  wrote:
> On martes, 25 de octubre de 2016 2:42:15 PM CDT Ken Dreyer wrote:
>> Hi Amanda,
>>
>> I'm curious about this change: "Kerberos support in koji, fedpkg, OSBS "
>>
>> Is koji.fedoraproject.org is going to eventually stop supporting TLS
>> authentication, and we'll have a Fedora-project-wide Kerberos
>> infrastructure instead?
>
> there will be kerberos auth for koji and lookaise cache, if it will be project
> wide or not I am not sure that is decided yet.

Thanks Dennis.

I'm curious about this because most organizations do not expose their
KDCs directly to the internet. As I understand it, it's possible for a
passive attacker to sniff the TGT exchange and brute-force a password,
whereas this attack scenario is not possible with Koji's current HTTPS
client cert authentication.

- Ken
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: F26 proposed release tooling changes

2016-10-25 Thread Dennis Gilmore 
On martes, 25 de octubre de 2016 2:42:15 PM CDT Ken Dreyer wrote:
> Hi Amanda,
> 
> I'm curious about this change: "Kerberos support in koji, fedpkg, OSBS "
> 
> Is koji.fedoraproject.org is going to eventually stop supporting TLS
> authentication, and we'll have a Fedora-project-wide Kerberos
> infrastructure instead?

there will be kerberos auth for koji and lookaise cache, if it will be project 
wide or not I am not sure that is decided yet.

Dennis
> - Ken
> 
> On Mon, Oct 24, 2016 at 12:04 PM, Amanda Carter  wrote:
> > Heads up about the release tooling changes we're proposing for F26. Note
> > that this list may exclude work to be completed for modularity but that
> > will be added to the same page at a later date. If there's anything that
> > seems to be missing or mis-prioritized please let me know. I'd like
> > feedback on this list by the end of the week. Next week we'll start
> > getting ready to deliver these changes.
> > 
> > https://fedoraproject.org/wiki/ReleaseEngineering/PriorityPipeline#F26_Pro
> > posed_Tools_Changes
> > 
> > Thanks!
> > 
> > --
> > Amanda Carter
> > ___
> > devel mailing list -- devel@lists.fedoraproject.org
> > To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> 
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org



signature.asc
Description: This is a digitally signed message part.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: F26 proposed release tooling changes

2016-10-25 Thread Ken Dreyer 
Hi Amanda,

I'm curious about this change: "Kerberos support in koji, fedpkg, OSBS "

Is koji.fedoraproject.org is going to eventually stop supporting TLS
authentication, and we'll have a Fedora-project-wide Kerberos
infrastructure instead?

- Ken


On Mon, Oct 24, 2016 at 12:04 PM, Amanda Carter  wrote:
> Heads up about the release tooling changes we're proposing for F26. Note that 
> this list may exclude work to be completed for modularity but that will be 
> added to the same page at a later date. If there's anything that seems to be 
> missing or mis-prioritized please let me know. I'd like feedback on this list 
> by the end of the week. Next week we'll start getting ready to deliver these 
> changes.
>
> https://fedoraproject.org/wiki/ReleaseEngineering/PriorityPipeline#F26_Proposed_Tools_Changes
>
> Thanks!
>
> --
> Amanda Carter
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org