Re: increasing the size of boot partition

On Mon, 2025-10-13 at 23:37 -0400, Chris Murphy wrote: > > On Mon, Oct 13, 2025, at 2:19 PM, Simo Sorce wrote: > > > The difference is that Windows and Mac have a single file system to > > deal with on their OSs, and likely qualification tests to ensure the > > boot-lo

Re: Very early heads-up: upcoming OpenSSL 4.0

lt at the same time openssl 4.0 lands, because otherwise symbols would be missing It would also require to back out the symbol versioning changes. I am not against or in favor, but given the intention to break binary compatibility with 4.0 a soname change is not a bad idea. My 2c, Simo. -- Simo Sor

Re: Very early heads-up: upcoming OpenSSL 4.0

there should be no ambiguity about which symbol to load? That said, I am not sure they are changing all symbol versions in the new .so.4 file, perhaps they should reset all symbols versions to 4.0.0? Simo. -- Simo Sorce Distinguished Engineer RHEL Crypto Team Red Hat, Inc -- __

Re: AI-generated content in Fedora packages: do we have rules?

On Fri, 2025-07-18 at 18:57 +0200, Florian Weimer wrote: > * Simo Sorce: > > > On Fri, 2025-07-18 at 16:17 +0200, Florian Weimer wrote: > > > Also keep in mind that for many application domains (compression, some > > > security protocols), code produced by mod

Re: AI-generated content in Fedora packages: do we have rules?

come to the same conclusion. Either way I do not think Fedora should generally express legal opinion on very much unsettled legal matters. -- Simo Sorce Distinguished Engineer RHEL Crypto Team Red Hat, Inc -- ___ devel mailing list -- devel@lists.fed

Re: AI-generated content in Fedora packages: do we have rules?

lain here why code would not be allowed and why specific to some domains? Simo. -- Simo Sorce Distinguished Engineer RHEL Crypto Team Red Hat, Inc -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to

Re: AI-generated content in Fedora packages: do we have rules?

er it copyright- able, how different they can or cannot be, and a litany of other tests that each court may think differently of, even within the same jurisdiction. And this is the same whether a human wrote it or an AI did. Ultimately the questions are: 1. can you effectively police it? 2. How

Re: AI-generated content in Fedora packages: do we have rules?

On Fri, 2025-07-18 at 13:47 +0200, Emmanuel Seyman wrote: > * Simo Sorce [17/07/2025 19:24] : > > > > Can we talk about what the risk of that is? > > Are we talking 30%, 3%, 0.3% 0.003% .. ? > > At Flock 2024, Tom Calloway explained to a group of us that if you start &

Re: AI-generated content in Fedora packages: do we have rules?

On Thu, 2025-07-17 at 15:26 -0700, Adam Williamson wrote: > On Thu, 2025-07-17 at 15:18 -0400, Simo Sorce wrote: > > In my opinion the situation is simple, as already several courts > > hinted, the output of an AI cannot be copyrighted, and that makes sense > > given Copyright

Re: AI-generated content in Fedora packages: do we have rules?

e, as already several courts hinted, the output of an AI cannot be copyrighted, and that makes sense given Copyright hinges on protecting human creativity and AIs clearly are not human. So Fedora could make a decision that the default license for AI generated code is just "Public Domain".

Re: Remove openh264?

On Thu, 2025-05-29 at 15:58 -0500, Chris Adams wrote: > Once upon a time, Simo Sorce said: > > On Thu, 2025-05-29 at 16:29 -0400, pgnd wrote: > > > here, addition of `--no-best` is sufficient > > > > > >dnf config-manager setopt fedora-cisco-openh264.en

Re: Remove openh264?

as I do a simple "dnf update" it tries to replace noopenh264 with openh264 again ... from "fedora-multimedia" ... hmmm -- Simo Sorce Distinguished Engineer RHEL Crypto Team Red Hat, Inc -- ___ devel mailing list -- devel@lists.fedora

Re: rpmautospec and mass rebuilds

complicated and easier to get > wrong. It certainly seems to me like %autochangelog without > %autorelease is a case that should be accounted for in related tooling. > -- > Adam Williamson (he/him/his) > Fedora QA > Fedora Chat: @adamwill:fed

Re: rpm-ostree/bootc uid/gid drift problem

is what bootc/ostree encourage now) > > Stated conversely, I would say it's a pretty universal problem with anything > trying to ship systems that have dynamic UIDs owning content they want to > ship in the image, which describes some Fedora RPMs today, as well as 3rd > party

Re: Inadvertent mass-rebuild triggered soname bump in libnfs

the rebuild script's logic a bit more complex (it needs to > perform several queries into Koji to figure out what the latest build's git > commit is), but I think that's worth the cause. The code ELN uses to do > this is built into ELNBuildSync[1] if anyone wants to adapt it

Re: strawman proposal: homed directories for users

On Fri, 2024-10-11 at 09:43 +0200, Lennart Poettering wrote: > On Do, 10.10.24 17:22, Simo Sorce (s...@redhat.com) wrote: > > > On Thu, 2024-10-10 at 17:29 +0200, Lennart Poettering wrote: > > > On Mi, 09.10.24 11:12, Simo Sorce (s...@redhat.com) wrote: > > > > &

Re: strawman proposal: homed directories for users

On Thu, 2024-10-10 at 17:29 +0200, Lennart Poettering wrote: > On Mi, 09.10.24 11:12, Simo Sorce (s...@redhat.com) wrote: > > > > > This was again a reference to the fact that IPA folks aren't willing > to restrict their allocations to some reasonable UID range, as >

Re: strawman proposal: homed directories for users

On Tue, 2024-10-08 at 17:57 +0200, Lennart Poettering wrote: > On Mo, 07.10.24 12:59, Simo Sorce (s...@redhat.com) wrote: > > > > The homed approach would make other things possible too. For example, > > > sharing of /home in dual-boot scenarios. Right now a manual setu

Re: strawman proposal: homed directories for users

On Tue, 2024-10-08 at 08:22 -0500, Michael Catanzaro wrote: > On Mon, Oct 7 2024 at 12:59:46 PM -04:00:00, Simo Sorce > wrote: > > Changing a default like this is not something to do lightly IMHO. > > I'm interested in systemd-homed because we currently have no other &

Re: strawman proposal: homed directories for users

files and directories that should be reserved to other users? What happen if you want to change the user to be a corporate directory provided one? Can you configure autologin for those uses cases (like kiosks or a home entertainment system) where that makes sense to do ? Is this tied to a speci

Re: 2FA policy for provenpackagers is now active

> network.negotiate-auth.delegation-uris NEVER set this, it causes your browser to give away your Kerberos TGT, something you DO NOT WANT to do, ever!. HTH, Simo. -- Simo Sorce Distinguished Engineer RHEL Crypto Team Red Hat, Inc -- ___ devel mailing

Re: Three steps we could take to make supply chain attacks a bit harder

weren't up to a couple years ago), they are cached for a period of time, so they may look stable in busy projects where you have regular downloads that keep the cache alive, but they are *regenerated* from the tag for seldom downloaded tarballs. And when that happens then hashes chan

Re: Orphaning all my packages

On Tue, 2023-10-03 at 23:13 +0200, Leon Fauster via devel wrote: > Am 03.10.23 um 21:29 schrieb Simo Sorce: > > On Tue, 2023-10-03 at 20:55 +0200, Leon Fauster via devel wrote: > > > Am 03.10.23 um 20:46 schrieb Sérgio Basto: > > > > On Tue, 2023-10-03 at 13:13

Re: Orphaning all my packages

On Tue, 2023-10-03 at 20:55 +0200, Leon Fauster via devel wrote: > Am 03.10.23 um 20:46 schrieb Sérgio Basto: > > On Tue, 2023-10-03 at 13:13 -0500, Michael Catanzaro wrote: > > > On Tue, Oct 3 2023 at 01:19:20 PM -0400, Simo Sorce > > > wrote: > > > >

Re: Orphaning all my packages

n gitlab as part of CentOS Stream. If that is not enough for you, that's fine, just do not spread false information. Thanks, Simo. -- Simo Sorce, DE @ RHEL Crypto Team, Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject

Re: Adding Passim as a Fedora 40 feature?

On Wed, 2023-08-30 at 09:11 +0100, Peter Robinson wrote: > On Mon, Aug 28, 2023 at 9:50 PM Simo Sorce wrote: > > > > On Mon, 2023-08-28 at 15:14 -0500, Chris Adams wrote: > > > Once upon a time, Richard Hughes said: > > > > On Mon, 28 Aug 2023 at 16:27, L

Re: Adding Passim as a Fedora 40 feature?

On Tue, 2023-08-29 at 20:07 +0100, Richard Hughes wrote: > On Tue, 29 Aug 2023 at 18:54, Simo Sorce wrote: > > That depends on how you are going to handle re-installs of peers in the > > network where the certificate will start mismatching ... > > In event of a mismatch I wa

Re: Adding Passim as a Fedora 40 feature?

error, and they download the whole thing. This means it is up to you to decide how many delta files to keep for how long. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an

Re: Adding Passim as a Fedora 40 feature?

On Mon, 2023-08-28 at 22:07 +0100, Richard Hughes wrote: > On Mon, 28 Aug 2023 at 21:50, Simo Sorce wrote: > > It could be improved by using TOFU, so that the window of impersonation > > is small, but requires clients to cache an association and then has > > weird failure m

Re: Adding Passim as a Fedora 40 feature?

-shared key instead of certificates for authentication, will be faster, and will give you the "fake-secure" TLS tunnel without the self-signed cert headache I think ... (not endorsing this option, just mentioning it). HTH, Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc

Re: F39 proposal: BiggerESP (Self-Contained Change proposal)

d as a "recovery" partition if you update the contents of the second partition only after successful reboot after update of the first... Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraprojec

Re: F39 proposal: BiggerESP (Self-Contained Change proposal)

On Wed, 2023-05-10 at 18:46 +0200, Lennart Poettering wrote: > On Mi, 10.05.23 11:20, Simo Sorce (s...@redhat.com) wrote: > > > It sounds reasonable for sure. > > The only concern is, given Microsoft creates at most 500MB ESP > > partitions, are we sure all UEFI systems

Re: F39 proposal: BiggerESP (Self-Contained Change proposal)

On Wed, 2023-05-10 at 12:00 -0400, Neal Gompa wrote: > On Wed, May 10, 2023 at 11:12 AM Simo Sorce wrote: > > > > On Tue, 2023-05-09 at 12:37 -0400, Neal Gompa wrote: > > > On Tue, May 9, 2023 at 12:31 PM Lennart Poettering > > > wrote: > > > > >

Re: F39 proposal: BiggerESP (Self-Contained Change proposal)

#x27;t we reduce the number of kernels by having *only* one UKI and a rescue one that can be used to restore the previous working UKI from /root if the active one fails? Or perhaps just have always 2 UKI (current, and former working). Do we actually need a separate dedicated rescue UKI? Can

Re: F39 proposal: BiggerESP (Self-Contained Change proposal)

ges and the bare minimum init image needed to unlock and mount the root partition. There is no point in building a more complex system than that and load tons of garbage drivers in the EFI. Booting is a staged system, and should be kept as simple as possible to avoid duplication (which means su

Re: It’s time to transform the Fedora devel list into something new

t; subscribed to... In theory we could make it simpler by sending back a message that requires just a click to subscribe/authorize the email by a real user, if they intend to do so, on their first email to a mailing list. We could also allow posting to other mailing lists if the email address is subscrib

Re: It’s time to transform the Fedora devel list into something new

need to discuss what is really needed. Numbers shouldn't be priority number one, unless there are other underlying issues. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To un

Re: It’s time to transform the Fedora devel list into something new

On Fri, 2023-04-21 at 14:27 -0400, Matthew Miller wrote: > On Fri, Apr 21, 2023 at 11:37:20AM -0400, Simo Sorce wrote: > > So I registered the account, added the email I want to get > > notifications at, and selected a few topics. > > > > First impressions. > >

Re: It’s time to transform the Fedora devel list into something new

ml part. *however* the images are not embedded in the email, so all that information is unavailable offline or for archival (and in my configuration requires to actively pull images as I configured my client to not pull 3rd party content automatically for privacy and security reasons).

Re: It’s time to transform the Fedora devel list into something new

time to transform the Fedora devel list into something new > === -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of C

Re: Future of encryption in Fedora

On Thu, 2023-04-06 at 12:56 -0400, Owen Taylor wrote: > On Thu, Apr 6, 2023 at 12:32 PM Simo Sorce wrote: > > > On Mon, 2023-04-03 at 16:18 -0500, Michael Catanzaro wrote: > > > On Mon, Apr 3 2023 at 01:41:48 PM -0700, Brian C. Lane > > > wrote: > > >

Re: Future of encryption in Fedora

updates. > > There is a notification bell in the right sidebar. Click it. ;) > Or we can simply ignore that discussion until it lands in devel with a change proposal. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list --

Re: Changes to Bugzilla API key requirements

n we are all dead, so while we wait for something better, we will have to use the least worst. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.

Re: TSS maintainer volunteer

ontact the current maintainer first. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedor

Re: Orphaned packages looking for new maintainers

_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue -- Simo Sorce RHEL Crypto Team Red Hat, Inc __

Re: Unannounced? lua-libs soname change

oname breakage should not happen in stable releases... liblua should be rebuilt to provide the older so name and if not possible with the new code, reverted back via epoch change or some patching -- Simo Sorce RHEL Crypto Team Red Hat, Inc

Re: static USERMODEHELPER_PATH

ied to and require handling timeouts and then handling the case a user space process was slow and ignoring late replies. Not sure this is really a good point given waiting indefinitely for a user space program that hangs for some reason seems worse to me. When I had t

Re: F38 proposal: Unified Kernel Support Phase 1 (System-Wide Change proposal)

orted likewise will use the old kernel + custom initrd, you just disable secure boot. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedor

Re: F38 proposal: Unified Kernel Support Phase 1 (System-Wide Change proposal)

chose your HW carefully you may even be able to register your own public keys, generate and sign your own built UKIs and re- enable SecureBoot after that... your choice! Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing li

Re: F38 proposal: Unified Kernel Support Phase 1 (System-Wide Change proposal)

trd when I have a pretty standard configuration that requires really no special drivers... the only issue probably being the use of LVM for the root filesystem, which I hope we'll have a way to deal with (but I can do without on the laptop). Simo. -- Simo Sorce RHEL Crypto Team Red Hat, In

Re: musings on rust packaging [was Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)]

s.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-in

Re: musings on rust packaging [was Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)]

ematic crate's new version. Multiply this by N packages using M different versions of the problematic crate. Although vendored crates can be tracked (this i much better than copy/pasting), with additional tooling, the distribution remains on the hook for solving the same problem in N p

Re: HEADS-UP: Upcoming retirement of long-term-unused packages for Rust crates

ial timing attacks. The only caveat is if the "pure rust" implementation actually embeds assembly optimization for modular arithmetic that are explicitly addressing constant time computation. I am not aware of that being the case in any rust libraries yet. Simo. -- Simo Sorce RHEL Cr

Re: FF 107.0 scratch builds - just for fun

On Sun, 2022-11-20 at 19:24 -0500, Demi Marie Obenour wrote: > On 11/20/22 17:40, Simo Sorce wrote: > > On Sun, 2022-11-20 at 17:22 -0500, Demi Marie Obenour wrote: > > > On 11/20/22 07:24, Bojan Smojver via devel wrote: > > > > Now that nss 3.85 has been built, I tho

Re: FF 107.0 scratch builds - just for fun

ed in koji, because nss was too old at the time. > > Has switching to bundled NSS been considered? For browsers anything > that holds up an update is very, *very* bad. Casually handling crypto libraries is very, *very* worse. Simo. --

Re: F38 proposal: Reproducible builds: Clamp build mtimes to $SOURCE_DATE_EPOCH (System-Wide Change proposal)

to fake > > them? > > Simply changing rpmbuild to set timestamp to 0 for all contained files, or > > removing the time attribute from the RPM format completely? > > This is what ostree has done since its inception. And it broke some software, I know because i had to fix it.

Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

either. > > If someone with known crypto-clue would send patches they would be > looked at, *I* have no prejudice about x509 because I also have no clue > about it. Ditto for Signify, which often gets brought up in these > discussions. > > And yet, that all is largel

Re: OpenSSL and ECC patents (was Re: Mesa in F37- vaapi support disabled for h264/h265/vc1)

just not a very high priority item because the hobbling works fine but we will get there, and hopefully we'll get to a point where we do not need to disable as much stuff either. But no promises right now, resources are what they are and we are not aware of actual issues caused by hobbling. Sim

Re: Inactive packagers to be removed after the F37 release

roll 2 separate keys (if Feodra Infra will allow that), but not everyone has the means to do that. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@list

Re: rpm with sequoia pgp

ight be a slightly better choice in some cases for container images because it is much smaller than OpenSSL. Finally nettle could even be statically built into sequoia (together with gmp) if we need even smaller footprint or we are concerned about potential rpm breakage during upgrades. I am

Re: F37 proposal: Deprecate openssl1.1 package (System-Wide Change)

OpenSSL 1.1 in Fedora 50. > Are you going to maintain it till Fedora 50 in the meantime? Simo. > -- > Miro Hrončok > -- > Phone: +420777974800 > IRC: mhroncok > ___ > devel mailing list -- devel@lists.fedoraproject.org >

Re: "The system is going down for suspend NOW!" broadcast messages

executes that command and then > patch it. It could be e.g. systemd/logind. Is this an upstream change? Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send

Re: F37 Change: Deprecate Legacy BIOS (System-Wide Change proposal)

On Thu, 2022-04-07 at 15:26 -0400, Neal Gompa wrote: > On Thu, Apr 7, 2022 at 3:16 PM Simo Sorce wrote: > > > > On Thu, 2022-04-07 at 16:16 +0200, Zbigniew Jędrzejewski-Szmek wrote: > > > On Thu, Apr 07, 2022 at 10:58:29AM +0200, Peter Boy wrote: > > > > &g

Re: F37 Change: Deprecate Legacy BIOS (System-Wide Change proposal)

loud providers and virtualization software > in a testable way, and then switch to UEFI as the default in as many > places as possible. Then we can talk about dropping support for BIOS, > taking into account how many users are still left with BIOS-only > hardware. FWMOIW this sounds li

Re: F37 Change: Deprecate Legacy BIOS (System-Wide Change proposal)

plore > alternative boot loader like  systemd-boot (mainly for x86-64 > architecture and useful for desktop and workstation) and  rEFi (?) to > further reduce the code burden. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -

Re: F37 Change: Deprecate Legacy BIOS (System-Wide Change proposal)

, but users > have to reboot after installing the nvidia drivers anyway, so clicking > to accept the key isn't too much of a hurdle to jump through at that > point. There is potentially an even easier solution. Ideally dkms (or whatever) could simply generate a key, sign the mo

Re: F37 Change: Support FIDO Device Onboarding (Self-Contained Change proposal)

conduct/ > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure -- Simo Sorce

Re: F37 Change: Support FIDO Device Onboarding (Self-Contained Change proposal)

ail to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fed

Re: Problem with SSL in Fedora 36

On Mon, 2022-03-14 at 16:35 +, José Abílio Matos wrote: > On Monday, 14 March 2022 11.04.56 WET Simo Sorce wrote: > > Have you tried setting crypto policies to LEGACY in case the server is > > old and supports only bad cryptography? > > > > Simo. > > How

Re: Problem with SSL in Fedora 36

es/list/devel@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send

Re: RHEL moving to issues.redhat.com only long term

On Sat, 2022-03-12 at 10:15 +0100, Florian Weimer wrote: > * Simo Sorce: > > > On Fri, 2022-03-11 at 13:52 +, Peter Robinson wrote: > > > > On Thu, Mar 10, 2022 at 9:45 AM Colin Walters > > > > wrote: > > > > > Long term if Bugzilla slo

Re: RHEL moving to issues.redhat.com only long term

the need for, IMO. And just to be clear I am both a *heavy* Jira and Bugzilla user (including writing automation for both and other stuff via bots) for work, so I think I can say I know what I am talking about. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc __

Re: RHEL moving to issues.redhat.com only long term

On Thu, 2022-03-10 at 19:28 +0100, Dominik 'Rathann' Mierzejewski wrote: > On Thursday, 10 March 2022 at 17:51, Simo Sorce wrote: > [...] > > Also I always resented that I need two separate accounts to deal with > > Fedora packages, > > It's been

Re: RHEL moving to issues.redhat.com only long term

place it means we can easily connect commits/PRs/MRs to the issues meaning our issue tracker a lot more useful, and will allow us to have better content also in our updates, where today associating an update to an issue (a bz) is not happening as well as it could. HTH, Simo. -- Simo Sorce RH

Re: Landing a larger-than-release change (distrusting SHA-1 signatures)

ect/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure

Re: F37 Change: Encourage Dropping Unused / Leaf Packages on i686 (Self-Contained Change proposal)

g the Steam flatpak you mentioned. It works well, and > I don't need 32-bit libs on my host system at all, which is nice.) Wouldn't wine problem be solved by providing the 32bit version as a flatpak if still needed for some corner cases? Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc

Re: Do we have any policy for disabling inactive users

a build over an exceedingly long period of time > (say 5 years?) as a starting point. Some may be backups for others, and do not normally create builds but collaborate to the maintenance via patches. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc __

Re: Package notes feature causing build paths to be embedded

On Thu, 2022-02-03 at 22:02 +, Luca Boccassi wrote: > > On 03. 02. 22 16:36, Simo Sorce wrote: > > > > I've just tried to build python-gssapi with notes enabled after > > krb5 was fixed > > and it builds fine. > > > > See https://src.fedoraproj

Re: Package notes feature causing build paths to be embedded

On Thu, 2022-02-03 at 16:22 +0100, Petr Pisar wrote: > V Thu, Feb 03, 2022 at 09:26:09AM -0500, Simo Sorce napsal(a): > > On Thu, 2022-02-03 at 15:15 +0100, Petr Pisar wrote: > > > V Thu, Feb 03, 2022 at 08:56:20AM -0500, Simo Sorce napsal(a): > > > > On Thu, 2022

Re: Package notes feature causing build paths to be embedded

On Thu, 2022-02-03 at 15:15 +0100, Petr Pisar wrote: > V Thu, Feb 03, 2022 at 08:56:20AM -0500, Simo Sorce napsal(a): > > On Thu, 2022-02-03 at 10:09 +0100, Florian Weimer wrote: > > > * Richard W. M. Jones: > > > > > > > Thinking about this a bit m

Re: Package notes feature causing build paths to be embedded

der. While it is nice to discuss future options, do we have a way to fix FTBFS's in rawhide _now_ ? My time is limited and I want to upgrade one of my packages and this is blocking me. Is opening a FESCO ticket the only way ? Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc

Package notes issues with python wheel building

/builddir/build/BUILD/.package_note-krb5-1.19.2-4.fc36.1.x86_64.ld: No such file or directory How do I solve this? I need to update to a new version of python-gssapi but I cvan't build it right now. Simo. -- Simo Sorce RHEL Crypto Team Red Hat

Re: F36 Change proposal: No ifcfg by default (Self-Contained Change)

ore is needed and get over the "dbus steals my knowledge" issue. Steve, what would it take for auditd to trust systemd's information? Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedorap

Re: F36 Change proposal: No ifcfg by default (Self-Contained Change)

audit daemon will not have the magic markers in the kernel side and will instead be the systemd process. This breaks the audit log chain, as there is no way to audit that systemd is operating on behalf of that user. The audit trail chain is broken by the systemcl -> systemd jump. This is

Re: F36 Change proposal: No ifcfg by default (Self-Contained Change)

On Thu, 2022-01-06 at 20:01 +, Zbigniew Jędrzejewski-Szmek wrote: > On Thu, Jan 06, 2022 at 01:17:01PM -0500, Simo Sorce wrote: > > On Thu, 2022-01-06 at 18:02 +, Zbigniew Jędrzejewski-Szmek wrote: > > > On Thu, Jan 06, 2022 at 08:48:52AM -0800, Adam Williamson wrote: &g

Re: F36 Change proposal: No ifcfg by default (Self-Contained Change)

. In this case the "who" is the user, not the script. The problem of going through systemctl is that the "who" is lost because all the audit system can see is that systemd started the action. Basically the communication between systemctl and systemd masks the identity of the u

Re: IMA signing questions

g > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.o

Re: cmake on Rawhide is broken

ttps://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https:

Re: F36 Change: Users are administrators by default in the installer GUI. (Self-Contained Change proposal)

ode of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam on the lis

Re: deltarpm usefulness?

x27;t know or care. md5 used as a checksum to only detect network transmission issues is not a problem, and is not under the purview of the FIPS certification. As mentioned above the actual packages are still finally reassembled and the signature checked, so that is what matters in terms of security (

Re: openswan/libreswan VPNs and NetworkManager

n, it's just the NM treat all of these implementation the same and handles them all with a single plugin. It's be nice if NM renamed it's plugin to something that just uses the name IPsec, it would avoid a lot of confusion. HTH, Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc __

Re: F36 Change: Drop NIS(+) support from PAM (System-Wide Change proposal)

is indefensible, don't go there. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fed

Re: crypto-policies and a certain usage of SHA-1

or years after they are transmitted, including credentials. A weak session key will allow store and later decryption of communications, therefore retrieval of sensitive data. HTH, Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailin

Re: Boot menu always displayed again?

: > V Wed, Sep 08, 2021 at 09:01:42AM -0400, Simo Sorce napsal(a): > > If I try to do this I get an error: > > # grub2-editenv - set menu_auto_hide=1 > > grub2-editenv: error: environment block too small. > > > > What the issue here ? > > Perhaps /boot/grub2/gr

Re: Donate 1 minute of your time to test upgrades from F34 to F35

nstalled package perl-Mozilla-LDAP-1.5.3- 35.fc33.x86_64 - package perl-libs-4:5.32.1-471.module_f35+12589+8a7d3254.x86_64 is filtered out by modular filtering - package perl-libs-4:5.32.1-471.module_f35+12574+98410e7f.x86_64 is filtered out by modular filtering (try to add '--skip-broken

Re: Boot menu always displayed again?

On Wed, 2021-09-08 at 15:23 +0200, Petr Pisar wrote: > V Wed, Sep 08, 2021 at 09:01:42AM -0400, Simo Sorce napsal(a): > > If I try to do this I get an error: > > # grub2-editenv - set menu_auto_hide=1 > > grub2-editenv: error: environment block too small. > &g

Re: Boot menu always displayed again?

___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelin

Re: Is OpenSSL 3.0 still planned for Fedora 35?

On Tue, 2021-08-03 at 07:52 -0400, Neal Gompa wrote: > On Tue, Aug 3, 2021 at 7:10 AM Simo Sorce wrote: > > > > On Tue, 2021-08-03 at 06:50 -0400, Neal Gompa wrote: > > > On Tue, Aug 3, 2021 at 5:59 AM Simo Sorce wrote: > > > > > > > > On

Re: Is OpenSSL 3.0 still planned for Fedora 35?

On Tue, 2021-08-03 at 06:50 -0400, Neal Gompa wrote: > On Tue, Aug 3, 2021 at 5:59 AM Simo Sorce wrote: > > > > On Mon, 2021-08-02 at 17:43 -0400, Neal Gompa wrote: > > > On Mon, Aug 2, 2021 at 5:39 PM Stephen Gallagher > > > wrote: > > > > >

Re: Is OpenSSL 3.0 still planned for Fedora 35?

On Mon, 2021-08-02 at 17:43 -0400, Neal Gompa wrote: > On Mon, Aug 2, 2021 at 5:39 PM Stephen Gallagher wrote: > > > > On Mon, Aug 2, 2021 at 11:11 AM Simo Sorce wrote: > > > > > > I think at this stage it may be safer to defer to F36, and land OpenSSL >

  1   2   3   4   5   6   7   8   >