From thinklinux.ssh at gmail.com Sun Mar 1 18:50:36 2009 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Mon, 2 Mar 2009 00:20:36 +0530 Subject: opengroupware evaluation In-Reply-To: References: <64677a960902271610t5ea52e5eh3462d3c86fba2ec7@mail.gmail.com> <64677a960902271720x21265b4fpf6dad222fc46a669@mail.gmail.com> Message-ID: 2009/2/28 Mike McGrath : > On Fri, 27 Feb 2009, TJ Davis wrote: > >> Thanks, I have applied for sysadmin-test. >> > > Right now susmit has lead on this but I'm not sure what his time > constraints are over the next couple of weeks. ?If he's busy I'll just > make sure you guys all have access and can hammer away at it a couple of > hours at a time. No, I can commit time right now. I was away a couple of days, I read up the documentations. If I get a couple of more people, it will be nice. :) -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= From david at gnsa.us Sun Mar 1 19:21:41 2009 From: david at gnsa.us (David Nalley) Date: Sun, 1 Mar 2009 14:21:41 -0500 Subject: opengroupware evaluation In-Reply-To: References: <64677a960902271610t5ea52e5eh3462d3c86fba2ec7@mail.gmail.com> <64677a960902271720x21265b4fpf6dad222fc46a669@mail.gmail.com> Message-ID: On Sun, Mar 1, 2009 at 1:50 PM, susmit shannigrahi wrote: > 2009/2/28 Mike McGrath : >> On Fri, 27 Feb 2009, TJ Davis wrote: >> >>> Thanks, I have applied for sysadmin-test. >>> >> >> Right now susmit has lead on this but I'm not sure what his time >> constraints are over the next couple of weeks. ?If he's busy I'll just >> make sure you guys all have access and can hammer away at it a couple of >> hours at a time. > > No, I can commit time right now. > I was away a couple of days, I read up the documentations. > If I get a couple of more people, it will be nice. :) > So I'll note that when looking at this recently I see that Skyrix/Inverse released Scalable OGo (It was a custom solution at one point which was OGo without the document management system/crm-like components.) I've managed a few hundred user instance of OGo, but SOGo was made to handle tens of thousands of users, and it looks a bit simpler. I also fear that OGo is approaching stagnation, it could just be that it has reached maturity and changes aren't that big of a deal.. While the changelog rss feed showed 5 or so commits, it looks like a lot of the other things are slow - nothing more recent than FC3 instructions or packages. Apparently back in the RHEL3 time frame Harald Hoyer was maintaining some RPM packages, but the spec files/srpms seem to have disappeared. Take a look at scalable ogo: http://scalableogo.org From mmcgrath at redhat.com Mon Mar 2 00:52:10 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Sun, 1 Mar 2009 18:52:10 -0600 (CST) Subject: opengroupware evaluation In-Reply-To: References: <64677a960902271610t5ea52e5eh3462d3c86fba2ec7@mail.gmail.com> <64677a960902271720x21265b4fpf6dad222fc46a669@mail.gmail.com> Message-ID: On Sun, 1 Mar 2009, David Nalley wrote: > On Sun, Mar 1, 2009 at 1:50 PM, susmit shannigrahi > wrote: > > 2009/2/28 Mike McGrath : > >> On Fri, 27 Feb 2009, TJ Davis wrote: > >> > >>> Thanks, I have applied for sysadmin-test. > >>> > >> > >> Right now susmit has lead on this but I'm not sure what his time > >> constraints are over the next couple of weeks. ?If he's busy I'll just > >> make sure you guys all have access and can hammer away at it a couple of > >> hours at a time. > > > > No, I can commit time right now. > > I was away a couple of days, I read up the documentations. > > If I get a couple of more people, it will be nice. :) > > > > So I'll note that when looking at this recently I see that > Skyrix/Inverse released Scalable OGo (It was a custom solution at one > point which was OGo without the document management system/crm-like > components.) I've managed a few hundred user instance of OGo, but SOGo > was made to handle tens of thousands of users, and it looks a bit > simpler. I also fear that OGo is approaching stagnation, it could just > be that it has reached maturity and changes aren't that big of a > deal.. While the changelog rss feed showed 5 or so commits, it looks > like a lot of the other things are slow - nothing more recent than FC3 > instructions or packages. Apparently back in the RHEL3 time frame > Harald Hoyer was maintaining some RPM packages, but the spec > files/srpms seem to have disappeared. > > Take a look at scalable ogo: > http://scalableogo.org > What are your concerns about ogo stagnation? Does sogo have more momentum or is it just a new fork? -Mike From cocof1b2 at gmail.com Mon Mar 2 02:19:19 2009 From: cocof1b2 at gmail.com (whisper shade) Date: Mon, 2 Mar 2009 10:19:19 +0800 Subject: introduce Message-ID: <94f30de40903011819s21132b59x38a90e0e2deeaf9d@mail.gmail.com> Hi everyone: Very glad to join the Fedora Infrasstructure grouplist and say hello to everybody. I have been used RHEL and Fedora more than 2 years. Most time is to set up peripheral equipment and make it do a good job in linux system. Last year, I learned the linux programming and socket programming, and have experience with bash and C. So I want to join a team, do my best to contribute to Fedora project and improve my knowledge. Thanks to all. --Fengbao -------------- next part -------------- An HTML attachment was scrubbed... URL: From david at gnsa.us Mon Mar 2 04:35:23 2009 From: david at gnsa.us (David Nalley) Date: Sun, 1 Mar 2009 23:35:23 -0500 Subject: opengroupware evaluation In-Reply-To: References: <64677a960902271610t5ea52e5eh3462d3c86fba2ec7@mail.gmail.com> <64677a960902271720x21265b4fpf6dad222fc46a669@mail.gmail.com> Message-ID: 2009/3/1 Mike McGrath : > What are your concerns about ogo stagnation? ?Does sogo have more > momentum or is it just a new fork? > I see the following potential things which lead me to believe that OGo is stagnated or close to it: September of 2007 appears to be the last time the website was updated for OGo. The -users list had 36 messages in February, 16 in January, none in December and 8 in November. Moreover of the two projects OGo is far more complex. Latest packages for the Fedora/RHEL world include FC[1-3], RH9 and RHEL3. Contrast that with Scalable OGo The users mailing list had 123 messages in February and 85 in January. (and I didn't look further) Website last updated 2009-01-30 Packages exist for RHEL5 Scalable OGo was really a project that Skyrix (the company behind OGo) took on as project work for a customer and eventually released as open source. So yes it's technically a fork, but not in the bad sense of the word. Moreover the fact that SOGo doesn't have the public file storage and document management system aspect which means it's less complex for us. Regardless it does seem to have more momentum. That said I merely toss that out there for consideration. Others are doing the work, and I don't want to bikeshed this, so feel free to ignore me. From mmcgrath at redhat.com Mon Mar 2 19:43:56 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 2 Mar 2009 13:43:56 -0600 (CST) Subject: introduce In-Reply-To: <94f30de40903011819s21132b59x38a90e0e2deeaf9d@mail.gmail.com> References: <94f30de40903011819s21132b59x38a90e0e2deeaf9d@mail.gmail.com> Message-ID: On Mon, 2 Mar 2009, whisper shade wrote: > Hi everyone: > ??? Very glad to join the Fedora Infrasstructure grouplist and say hello to everybody. > I have been used RHEL and Fedora more than 2 years. Most time is to set up peripheral > equipment and make it do a good job in linux system. Last year, I learned the linux programming > and socket programming, and have experience with bash and C. So I want to join a team, do my > best to contribute to Fedora project and improve my knowledge. > Welcome, have you seen our getting started page? http://fedoraproject.org/wiki/Infrastructure/GettingStarted -Mike From mmcgrath at redhat.com Mon Mar 2 19:45:23 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 2 Mar 2009 13:45:23 -0600 (CST) Subject: opengroupware evaluation In-Reply-To: References: <64677a960902271610t5ea52e5eh3462d3c86fba2ec7@mail.gmail.com> <64677a960902271720x21265b4fpf6dad222fc46a669@mail.gmail.com> Message-ID: On Sun, 1 Mar 2009, David Nalley wrote: > 2009/3/1 Mike McGrath : > > > What are your concerns about ogo stagnation? ?Does sogo have more > > momentum or is it just a new fork? > > > > I see the following potential things which lead me to believe that OGo > is stagnated or close to it: > September of 2007 appears to be the last time the website was updated for OGo. > The -users list had 36 messages in February, 16 in January, none in > December and 8 in November. > Moreover of the two projects OGo is far more complex. Latest packages > for the Fedora/RHEL world include FC[1-3], RH9 and RHEL3. > > Contrast that with Scalable OGo > The users mailing list had 123 messages in February and 85 in January. > (and I didn't look further) > Website last updated 2009-01-30 > Packages exist for RHEL5 > > > Scalable OGo was really a project that Skyrix (the company behind OGo) > took on as project work for a customer and eventually released as open > source. So yes it's technically a fork, but not in the bad sense of > the word. Moreover the fact that SOGo doesn't have the public file > storage and document management system aspect which means it's less > complex for us. Regardless it does seem to have more momentum. That > said I merely toss that out there for consideration. Others are doing > the work, and I don't want to bikeshed this, so feel free to ignore > me. > WORKSFORME, lets set it up. No harm in taking a look at it. -Mike From thinklinux.ssh at gmail.com Mon Mar 2 20:00:14 2009 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Tue, 3 Mar 2009 01:30:14 +0530 Subject: opengroupware evaluation In-Reply-To: References: <64677a960902271610t5ea52e5eh3462d3c86fba2ec7@mail.gmail.com> <64677a960902271720x21265b4fpf6dad222fc46a669@mail.gmail.com> Message-ID: > WORKSFORME, lets set it up. ?No harm in taking a look at it. I had a question, should I do it the puppet way or locally on publictest15 ? -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= Sent from: Calcutta Wb India. From mmcgrath at redhat.com Mon Mar 2 20:26:12 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 2 Mar 2009 14:26:12 -0600 (CST) Subject: opengroupware evaluation In-Reply-To: References: <64677a960902271610t5ea52e5eh3462d3c86fba2ec7@mail.gmail.com> <64677a960902271720x21265b4fpf6dad222fc46a669@mail.gmail.com> Message-ID: On Tue, 3 Mar 2009, susmit shannigrahi wrote: > > WORKSFORME, lets set it up. ?No harm in taking a look at it. > I had a question, should I do it the puppet way or locally on publictest15 ? > For now all local on pt15. First we just want to see if these apps will do what we want to. If they will then we'll look closer at getting them into puppet and ultimately into production. -Mike From dimitris at glezos.com Mon Mar 2 22:00:00 2009 From: dimitris at glezos.com (Dimitris Glezos) Date: Tue, 3 Mar 2009 00:00:00 +0200 Subject: Reviewers needed: Packaging Transifex Message-ID: <6d4237680903021400k2ef5492bh9e1e8a319fcba6a2@mail.gmail.com> Our goal about Fedora 11 translations is have Transifex on our production servers by March 10th. We're packaging it in yum to make things as easy as possible for the Infrastructure team. Transifex's dependencies are in desperate need for some reviewers. https://bugzilla.redhat.com/show_bug.cgi?id=488151 -d -- Dimitris Glezos Jabber ID: glezos at jabber.org, GPG: 0xA5A04C3B http://dimitris.glezos.com/ "He who gives up functionality for ease of use loses both and deserves neither." (Anonymous) -- From cocof1b2 at gmail.com Tue Mar 3 05:57:36 2009 From: cocof1b2 at gmail.com (whisper shade) Date: Tue, 3 Mar 2009 13:57:36 +0800 Subject: introduce Message-ID: <94f30de40903022157y4a396830y42765d91c3784efa@mail.gmail.com> Hello, Mike: I have seen the getting started page and applied for the sysadmin group. A question is that how can I reply a email like the format of yours? e.g. The symbol '>' set to the head of the previous email. -Fengbao -------------- next part -------------- An HTML attachment was scrubbed... URL: From Axel.Thimm at ATrpms.net Tue Mar 3 10:19:40 2009 From: Axel.Thimm at ATrpms.net (Axel Thimm) Date: Tue, 3 Mar 2009 12:19:40 +0200 Subject: opengroupware evaluation In-Reply-To: References: Message-ID: <20090303101940.GA13502@victor.nirvana> Hi, On Thu, Feb 19, 2009 at 11:03:22AM -0600, Mike McGrath wrote: > I'd like one of our volunteers to install opengroupware on a publictest > server for our evaluation. > > https://fedorahosted.org/fedora-infrastructure/ticket/1197 > > This is going to take between 5 and 15 hours a week. Don't volunteer > unless you can commit that much time to it. I've tried to setup ogo a couple of times, and it is cumbersome work. I also tried to package it and push it into Fedora, but that's non-trivial, from the use of non-FHSable gnustep-make to an own foundation library to non-compliant init scripts in sope etc. The gnustep-make package for example needs to currently "decide" at build time whether to support ogo or the rest of gnustep-* packages in the review queue. :( I dont know about sogo, I hope things have improved (at least the binary packages' versions show updates needed for bridging the gap between gnustep-* and ogo), and the evaluation will show the status, but from what I've looked up recently it looks like bedework is also a good candidate for a Fedora calendaring system. http://www.bedework.org/bedework/ Please consider giving bedework a try as well. -- Axel.Thimm at ATrpms.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Tue Mar 3 14:09:42 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 3 Mar 2009 08:09:42 -0600 (CST) Subject: introduce In-Reply-To: <94f30de40903022157y4a396830y42765d91c3784efa@mail.gmail.com> References: <94f30de40903022157y4a396830y42765d91c3784efa@mail.gmail.com> Message-ID: On Tue, 3 Mar 2009, whisper shade wrote: > Hello, Mike: > ??? I have seen the getting started page and applied for the sysadmin group. A question is that how can I reply a email > like the format of yours? > e.g.? The symbol '>' set to the head of the previous email. > Set up your email client to not send html emails, text only. -Mike From mmcgrath at redhat.com Tue Mar 3 14:52:12 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 3 Mar 2009 08:52:12 -0600 (CST) Subject: opengroupware evaluation In-Reply-To: <20090303101940.GA13502@victor.nirvana> References: <20090303101940.GA13502@victor.nirvana> Message-ID: On Tue, 3 Mar 2009, Axel Thimm wrote: > Hi, > > On Thu, Feb 19, 2009 at 11:03:22AM -0600, Mike McGrath wrote: > > I'd like one of our volunteers to install opengroupware on a publictest > > server for our evaluation. > > > > https://fedorahosted.org/fedora-infrastructure/ticket/1197 > > > > This is going to take between 5 and 15 hours a week. Don't volunteer > > unless you can commit that much time to it. > > I've tried to setup ogo a couple of times, and it is cumbersome > work. I also tried to package it and push it into Fedora, but that's > non-trivial, from the use of non-FHSable gnustep-make to an own > foundation library to non-compliant init scripts in sope etc. The > gnustep-make package for example needs to currently "decide" at build > time whether to support ogo or the rest of gnustep-* packages in the > review queue. :( > > I dont know about sogo, I hope things have improved (at least the > binary packages' versions show updates needed for bridging the gap > between gnustep-* and ogo), and the evaluation will show the status, > but from what I've looked up recently it looks like bedework is also a > good candidate for a Fedora calendaring system. > > http://www.bedework.org/bedework/ > > Please consider giving bedework a try as well. Thanks, that looks pretty slick too. I'll add it to our list to look at. -Mike From cybersonic0 at gmail.com Tue Mar 3 18:01:20 2009 From: cybersonic0 at gmail.com (CyberS0nic) Date: Tue, 3 Mar 2009 15:01:20 -0300 Subject: Introduction Message-ID: <5890f2ce0903031001q4bf09d99o3a1af5fffb5eaf66@mail.gmail.com> Hy guys, I'm very glad to joint at Fedora Infrastructure Team. My name is Carlos Eduardo Maiolino and I'm a system administrator since 2001/2002, and I works with Fedora since 2005. I would like to contribute with Fedora project providing servers and tools, tracking bugs of these same servers, etc. If anyone wants to contact me with other instructions, follow below my contacts. Thanks -- Att. Carlos Eduardo Maiolino CyberS0nic http://www.projetofedora.org ------------------------- Contacts IRC: CyberS0nic AT irc.freenode.net ICQ: 142852055 msn: cybersonic0 at gmail.com gtalk: cybersonic0 From Axel.Thimm at ATrpms.net Tue Mar 3 18:35:42 2009 From: Axel.Thimm at ATrpms.net (Axel Thimm) Date: Tue, 3 Mar 2009 20:35:42 +0200 Subject: bedeford (was: opengroupware evaluation) In-Reply-To: References: <20090303101940.GA13502@victor.nirvana> Message-ID: <20090303183542.GA26593@victor.nirvana> On Tue, Mar 03, 2009 at 08:52:12AM -0600, Mike McGrath wrote: > > Please consider giving bedework a try as well. > > Thanks, that looks pretty slick too. I'll add it to our list to look at. BTW according to our fedora-devel archives there was a guy on fedora-devel, Trever L. Adams, whom I Cc'd, who mentioned wanting to package up bedework. He periodically mentioned this in the last 12 months and maybe all he needs is a little help with java packaging. Trever, are you still interested in packaging bedeford for Fedora? The current needs in infrastructure will certainly make many more people help and assist in any such efforts. -- Axel.Thimm at ATrpms.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From thinklinux.ssh at gmail.com Tue Mar 3 18:43:32 2009 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Wed, 4 Mar 2009 00:13:32 +0530 Subject: opengroupware evaluation In-Reply-To: References: <20090303101940.GA13502@victor.nirvana> Message-ID: On Tue, Mar 3, 2009 at 8:22 PM, Mike McGrath wrote: > On Tue, 3 Mar 2009, Axel Thimm wrote: > >> Hi, >> >> On Thu, Feb 19, 2009 at 11:03:22AM -0600, Mike McGrath wrote: >> > I'd like one of our volunteers to install opengroupware on a publictest >> > server for our evaluation. Update: 1. OGO seems to be so very messy. 2. I am halfway configuring SOGo. 3. It is easy, but a few issues with configuration including apache conf and mod_proxy. But no big issue. 4. Downloaded bedework, will give it a go when SOGo is done. Will update again soon. Thanks. -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= Sent from: Calcutta Wb India. From jlaska at redhat.com Tue Mar 3 18:45:12 2009 From: jlaska at redhat.com (James Laska) Date: Tue, 03 Mar 2009 13:45:12 -0500 Subject: Improving QA test result submission and organization Message-ID: <1236105912.5415.460.camel@flatline.devel.redhat.com> Greetings, As you may know, the Fedora QA plans and tracks test execution against Fedora milestones using the wiki. While the wiki has proven quite valuable for content-driven test documentation (e.g. test plans and test cases), recording test results has it's drawbacks. First, in our current implementation, it relies on careful mediawiki table edits. The table edits are too easy to mess up and aren't tremendously inviting to new contributors. * https://fedoraproject.org/wiki/QA:Fedora_11_Alpha_Install_Test_Results * https://fedoraproject.org/wiki/QA/Test_Days/2009-02-19 * https://fedoraproject.org/wiki/QA/Test_Days/2009-02-12 Second, the wiki-based implementation lacks ability to sort, query and organize test results. We can use categories for organizing plans and cases, but this mechanism isn't suitable for results. As a long-term solution, we'd be looking to a web application. However, in the short term (now to F12) with limited resources, we're interested in what off-the-shelf components we can use to help provide a better QA assessment. One solution that fits nicely with the current mediawiki setup is the semantic extension to mediawiki. The laptop.org testers are using this currently and were kind enough to share their findings (https://www.redhat.com/archives/fedora-test-list/2009-February/msg00756.html). One important note from the laptop.org folks was that enabling the semantic mediawiki extension could introduce a performance impact to the wiki. I'm in the process of setting up a private mediawiki+semantic instance as a proof of concept. But a few questions for the infrastructure team ... * I'm curious if others in fedora-infrastructure@ have experience with the semantic extension? * Is there a defined process for reviewing mediawiki extensions for the fedoraproject wiki? * Should the semantic performance impact be significant, is hosting a separate Fedora QA mediawiki (with semantic enabled) a possibility? Thanks, James -- ========================================== James Laska -- jlaska at redhat.com Quality Engineering -- Red Hat, Inc. ========================================== -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From mmcgrath at redhat.com Tue Mar 3 19:10:30 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 3 Mar 2009 13:10:30 -0600 (CST) Subject: Improving QA test result submission and organization In-Reply-To: <1236105912.5415.460.camel@flatline.devel.redhat.com> References: <1236105912.5415.460.camel@flatline.devel.redhat.com> Message-ID: On Tue, 3 Mar 2009, James Laska wrote: > > I'm in the process of setting up a private mediawiki+semantic instance > as a proof of concept. But a few questions for the infrastructure > team ... > > * I'm curious if others in fedora-infrastructure@ have experience > with the semantic extension? I personally don't. > * Is there a defined process for reviewing mediawiki extensions > for the fedoraproject wiki? Needs to be packaged for Fedora then open a ticket. > * Should the semantic performance impact be significant, is > hosting a separate Fedora QA mediawiki (with semantic enabled) a > possibility? > That is possible, for example we have a smolt wiki seperate from the normal mediawiki install. The question of performance is, does it only impact pages deciding to use semantic or everything? We have lots of way to test the actual impact of using it. -Mike From mmcgrath at redhat.com Tue Mar 3 19:24:31 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 3 Mar 2009 13:24:31 -0600 (CST) Subject: Introduction In-Reply-To: <5890f2ce0903031001q4bf09d99o3a1af5fffb5eaf66@mail.gmail.com> References: <5890f2ce0903031001q4bf09d99o3a1af5fffb5eaf66@mail.gmail.com> Message-ID: On Tue, 3 Mar 2009, CyberS0nic wrote: > Hy guys, I'm very glad to joint at Fedora Infrastructure Team. > > My name is Carlos Eduardo Maiolino and I'm a system administrator > since 2001/2002, and I works with Fedora since 2005. > > I would like to contribute with Fedora project providing servers and > tools, tracking bugs of these same servers, etc. > > If anyone wants to contact me with other instructions, follow below my contacts. > > Thanks > Welcome Carlos, it was good to meet you in IRC earlier. -Mike From jlaska at redhat.com Tue Mar 3 21:19:13 2009 From: jlaska at redhat.com (James Laska) Date: Tue, 03 Mar 2009 16:19:13 -0500 Subject: Improving QA test result submission and organization In-Reply-To: References: <1236105912.5415.460.camel@flatline.devel.redhat.com> Message-ID: <1236115153.5415.709.camel@flatline.devel.redhat.com> On Tue, 2009-03-03 at 13:10 -0600, Mike McGrath wrote: > > * Should the semantic performance impact be significant, is > > hosting a separate Fedora QA mediawiki (with semantic > enabled) a > > possibility? > > > > That is possible, for example we have a smolt wiki seperate from the > normal mediawiki install. The question of performance is, does it > only > impact pages deciding to use semantic or everything? We have lots of > way to test the actual impact of using it. Good question. The feedback I have so far is it affects everything. Thanks, James -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From mmcgrath at redhat.com Tue Mar 3 21:57:35 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 3 Mar 2009 15:57:35 -0600 (CST) Subject: Improving QA test result submission and organization In-Reply-To: <1236115153.5415.709.camel@flatline.devel.redhat.com> References: <1236105912.5415.460.camel@flatline.devel.redhat.com> <1236115153.5415.709.camel@flatline.devel.redhat.com> Message-ID: On Tue, 3 Mar 2009, James Laska wrote: > On Tue, 2009-03-03 at 13:10 -0600, Mike McGrath wrote: > > > * Should the semantic performance impact be significant, is > > > hosting a separate Fedora QA mediawiki (with semantic > > enabled) a > > > possibility? > > > > > > > That is possible, for example we have a smolt wiki seperate from the > > normal mediawiki install. The question of performance is, does it > > only > > impact pages deciding to use semantic or everything? We have lots of > > way to test the actual impact of using it. > > Good question. The feedback I have so far is it affects everything. > I just did some speed tests against the laptop.org instance you linked to. At this point I don't think thats a blocker but we may find something out later. -Mike From ricky at fedoraproject.org Wed Mar 4 10:30:49 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Wed, 4 Mar 2009 05:30:49 -0500 Subject: Zabbix down Message-ID: <20090304103049.GA23570@sphe.res.cmu.edu> Just to let everybody know, I confirmed a code execution vulnerability on our zabbix install, so I've taken it down until we can apply fixes for it: http://seclists.org/fulldisclosure/2009/Mar/0032.html Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Wed Mar 4 14:34:40 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 4 Mar 2009 08:34:40 -0600 (CST) Subject: Zabbix down In-Reply-To: <20090304103049.GA23570@sphe.res.cmu.edu> References: <20090304103049.GA23570@sphe.res.cmu.edu> Message-ID: On Wed, 4 Mar 2009, Ricky Zhou wrote: > Just to let everybody know, I confirmed a code execution vulnerability > on our zabbix install, so I've taken it down until we can apply fixes > for it: > > http://seclists.org/fulldisclosure/2009/Mar/0032.html > Thanks Ricky, I think it might be good for us to throw our zabbix install behind http basic auth like what we've done for cacti just so someone doesn't happen upon it in a vulnerable state. -Mike From jeff at ocjtech.us Wed Mar 4 14:43:45 2009 From: jeff at ocjtech.us (Jeffrey Ollie) Date: Wed, 4 Mar 2009 08:43:45 -0600 Subject: Zabbix down In-Reply-To: References: <20090304103049.GA23570@sphe.res.cmu.edu> Message-ID: <935ead450903040643k799917d2x90c2a4e672caeb19@mail.gmail.com> On Wed, Mar 4, 2009 at 8:34 AM, Mike McGrath wrote: > On Wed, 4 Mar 2009, Ricky Zhou wrote: > >> Just to let everybody know, I confirmed a code execution vulnerability >> on our zabbix install, so I've taken it down until we can apply fixes >> for it: >> >> http://seclists.org/fulldisclosure/2009/Mar/0032.html >> > > Thanks Ricky, I think it might be good for us to throw our zabbix install > behind http basic auth like what we've done for cacti just so someone > doesn't happen upon it in a vulnerable state. I'm working on a new Zabbix package as well. -- Jeff Ollie From mmcgrath at redhat.com Wed Mar 4 17:31:40 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 4 Mar 2009 11:31:40 -0600 (CST) Subject: FAS freeze Message-ID: If you're not toshio or myself please leave the account system stuff alone in puppet until further notice. We're in the process of a multi-part migration (both an FAS update and a conversion to an fas module) and changes would muddy things up :) I hope to have it all cleaned up soon. If you do need to make a change coordinate it with me or toshio. -Mike From a.badger at gmail.com Wed Mar 4 20:32:22 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Wed, 04 Mar 2009 12:32:22 -0800 Subject: FAS freeze In-Reply-To: References: Message-ID: <49AEE556.2050305@gmail.com> Mike McGrath wrote: > If you're not toshio or myself please leave the account system stuff alone > in puppet until further notice. We're in the process of a multi-part > migration (both an FAS update and a conversion to an fas module) and > changes would muddy things up :) > > I hope to have it all cleaned up soon. If you do need to make a change > coordinate it with me or toshio. > Just a note on this, The new fas version is currently running on: https://admin.stg.fedoraproject.org/accounts It's using a copy of the database from a few days ago. We might resync the data at any point. Feel free to do some testing that things work there. I'm primarily testing that the CSRF protection is working but there's been other changes as well. So please report any bugs you find to me. (abadger1999 in #fedora-admin on irc.freenode.net or send email to me or the list.) -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From laxathom at fedoraproject.org Wed Mar 4 20:52:51 2009 From: laxathom at fedoraproject.org (Xavier Lamien) Date: Wed, 4 Mar 2009 21:52:51 +0100 Subject: FAS freeze In-Reply-To: <49AEE556.2050305@gmail.com> References: <49AEE556.2050305@gmail.com> Message-ID: <62bc09df0903041252g47c5740bpd7c5c126eb4a1d41@mail.gmail.com> 2009/3/4 Toshio Kuratomi : > Mike McGrath wrote: >> If you're not toshio or myself please leave the account system stuff alone >> in puppet until further notice. ?We're in the process of a multi-part >> migration (both an FAS update and a conversion to an fas module) and >> changes would muddy things up :) >> >> I hope to have it all cleaned up soon. ?If you do need to make a change >> coordinate it with me or toshio. >> > Just a note on this, > > The new fas version is currently running on: > ?https://admin.stg.fedoraproject.org/accounts it seems redirect to admin.fedoraproject.org/accouns and same version as production has 0.8.4.7 -- Xavier.t Lamien -- http://fedoraproject.org/wiki/XavierLamien GPG-Key ID: F3903DEB Fingerprint: 0F2A 7A17 0F1B 82EE FCBF 1F51 76B7 A28D F390 3DEB From a.badger at gmail.com Wed Mar 4 21:08:00 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Wed, 04 Mar 2009 13:08:00 -0800 Subject: FAS freeze In-Reply-To: <62bc09df0903041252g47c5740bpd7c5c126eb4a1d41@mail.gmail.com> References: <49AEE556.2050305@gmail.com> <62bc09df0903041252g47c5740bpd7c5c126eb4a1d41@mail.gmail.com> Message-ID: <49AEEDB0.4070109@gmail.com> Xavier Lamien wrote: > 2009/3/4 Toshio Kuratomi : >> Mike McGrath wrote: >>> If you're not toshio or myself please leave the account system stuff alone >>> in puppet until further notice. We're in the process of a multi-part >>> migration (both an FAS update and a conversion to an fas module) and >>> changes would muddy things up :) >>> >>> I hope to have it all cleaned up soon. If you do need to make a change >>> coordinate it with me or toshio. >>> >> Just a note on this, >> >> The new fas version is currently running on: >> https://admin.stg.fedoraproject.org/accounts > > it seems redirect to admin.fedoraproject.org/accouns > and same version as production has 0.8.4.7 > Trailing slash tripped me up. This should work: https://admin.stg.fedoraproject.org/accounts/ -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From damian.myerscough at gmail.com Wed Mar 4 21:34:33 2009 From: damian.myerscough at gmail.com (Damian Myerscough) Date: Wed, 04 Mar 2009 21:34:33 +0000 Subject: FAS freeze In-Reply-To: <49AEE556.2050305@gmail.com> References: <49AEE556.2050305@gmail.com> Message-ID: <49AEF3E9.3070805@gmail.com> Hello Toshio, I was messing with the FAS system and when I do the following: https://admin.fedoraproject.org/accounts/user/list?search= I get a 500 internal error "The server encountered an unexpected condition which prevented it from fulfilling the request". I know no one would normally run this query but I wonder why it is causing a 500 internal error, is it possible to have a look at the logs? Toshio Kuratomi wrote: > Mike McGrath wrote: >> If you're not toshio or myself please leave the account system stuff alone >> in puppet until further notice. We're in the process of a multi-part >> migration (both an FAS update and a conversion to an fas module) and >> changes would muddy things up :) >> >> I hope to have it all cleaned up soon. If you do need to make a change >> coordinate it with me or toshio. >> > Just a note on this, > > The new fas version is currently running on: > https://admin.stg.fedoraproject.org/accounts > > It's using a copy of the database from a few days ago. We might resync > the data at any point. > > Feel free to do some testing that things work there. I'm primarily > testing that the CSRF protection is working but there's been other > changes as well. So please report any bugs you find to me. > > (abadger1999 in #fedora-admin on irc.freenode.net or send email to me or > the list.) > > -Toshio > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list -- Regards, Damian Myerscough From a.badger at gmail.com Wed Mar 4 22:05:34 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Wed, 04 Mar 2009 14:05:34 -0800 Subject: FAS freeze In-Reply-To: <49AEF3E9.3070805@gmail.com> References: <49AEE556.2050305@gmail.com> <49AEF3E9.3070805@gmail.com> Message-ID: <49AEFB2E.2010807@gmail.com> Damian Myerscough wrote: > Hello Toshio, > > I was messing with the FAS system and when I do the following: > > https://admin.fedoraproject.org/accounts/user/list?search= > > > I get a 500 internal error "The server encountered an unexpected > condition which prevented it from fulfilling the request". I know no one > would normally run this query but I wonder why it is causing a 500 > internal error, is it possible to have a look at the logs? > The error seems to be taking place inside TurboGears... I don't think we have an opportunity to catch it although there might be either a config option or a special decorator we could use to catch this kind of error. The reason it causes errors is that the URL is malformed... There's more in that string that has to be escaped. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From cchandler7 at student.gsu.edu Thu Mar 5 16:50:06 2009 From: cchandler7 at student.gsu.edu (Clifford Chandler) Date: Thu, 5 Mar 2009 16:50:06 +0000 Subject: Introduction Message-ID: <1B30B51E5569F143A7851FEAB8A60FD30FB8B34979@BL2PRD0101MB003.prod.exchangelabs.com> Hello everyone, My name is Cliff Chandler, and I'm a student at GA State University. I'm really looking forward to being involved with Fedora. I've been using Fedora since Fedora 6, and I've been gradually using it more and more, and now I nearly depend on it. At school I do all my programming in Java, so I've become quite proficient at that, however in my free time, I prefer to write in C and play with OpenGL and SDL. As for web development, I am comfortable with HTML/CSS, PHP (and SQL when a database is needed), and basic JavaScript. Python seems to be more important every day, so I've just started with that as well. I've checked out the infrastructure/getting started page (this message is to the infrastructure-list as well as the websites-list), but any more guidance is appreciated. -Cliff From a.badger at gmail.com Thu Mar 5 17:34:22 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Thu, 05 Mar 2009 09:34:22 -0800 Subject: Introduction In-Reply-To: <1B30B51E5569F143A7851FEAB8A60FD30FB8B34979@BL2PRD0101MB003.prod.exchangelabs.com> References: <1B30B51E5569F143A7851FEAB8A60FD30FB8B34979@BL2PRD0101MB003.prod.exchangelabs.com> Message-ID: <49B00D1E.4020505@gmail.com> Clifford Chandler wrote: > Hello everyone, > My name is Cliff Chandler, and I'm a student at GA State University. I'm really looking forward to being involved with Fedora. I've been using Fedora since Fedora 6, and I've been gradually using it more and more, and now I nearly depend on it. At school I do all my programming in Java, so I've become quite proficient at that, however in my free time, > I prefer to write in C and play with OpenGL and SDL. As for web development, I am comfortable with HTML/CSS, PHP (and SQL when a database is needed), and basic JavaScript. Python seems to be more important every day, so I've just started with that as well. I've checked out the infrastructure/getting started page (this message is to the infrastructure-list as well as the websites-list), but any more guidance is appreciated. > Hi Cliff! If you're looking to program in C, Fedora does a lot of work upstream on a lot of programs written in C. Offering to look into bugs and do debugging of issues in C programs in fedora-devel-list is one, Fedora-centric way to get involved there. Working with upstreams directly to code new features that Fedora wants is another way. If you're looking to do more things directly related to Fedora, the web team and infrastructure could both use your talents in web development. Infrastructure concentrates more on programming the web applications that we run (the accounts system, package database, koji build system, bodhi updates, mirrormanager, smolt, and others). These are all written in python using the TurboGears web framework. There's work for people interested in working with HTML, CSS, JavaScript and Python here. ricky, ianweller, and mizmo can better fill you in on what they could put you to work doing in websites. If you're on IRC we all tend to hang out on irc.freenode.net, #fedora-admin (infrastructure) and #fedora-websites I'm abadger1999 if you have questions about getting started in an initial project. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From mmcgrath at redhat.com Thu Mar 5 20:27:32 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 5 Mar 2009 14:27:32 -0600 (CST) Subject: Change Freeze and an exception Message-ID: Hey guys, just a reminder the beta release is to be released at the end of the month. The change freeze will start on the 10th and be lifted on March 25th. Also during this freeze we're going to be working with the translations team to deploy a new tx instance. Based on what I know the risk to the beta release is fairly low. At worst we'll see some downtime on our webapps for a small period of time. Still, it's a risk and we'll be treating tx like everything else and asking for changes every time we have them... but be prepared, there could be many. -Mike From mmcgrath at redhat.com Thu Mar 5 23:08:54 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 5 Mar 2009 17:08:54 -0600 (CST) Subject: Outstanding tickets Message-ID: If you have one of the tickets below please do clean it up :) Some are over a year old. 1 boodle 1 bretm 1 elections-members 1 fchiulli 1 ggruener 1 ivazquez 1 jcollie_jsmith 1 jkeating 1 mdomsch 1 onekopaka 1 owner 1 santosp 1 skvidal 1 sspreitzer 1 steved 1 susmit 1 ynemoy 2 damian 2 glezos 2 laxathom 2 mmahut 2 web-members 2 webmaster 4 huzaifas 4 ianweller 4 jcollie 4 lmacken 4 sysadmin-noc-members 6 notting 6 toshio 10 ausil 10 mmcgrath 10 santosp_ricky_mmcgrath 14 nigelj 14 ricky 14 sysadmin-hosted-members 39 nobody -Mike From duffy at fedoraproject.org Tue Mar 3 22:18:50 2009 From: duffy at fedoraproject.org (=?iso-8859-1?Q?M=E1ir=EDn_Duffy?=) Date: Tue, 3 Mar 2009 14:18:50 -0800 (PST) Subject: Wordpress? Message-ID: <914074.47996.qm@web50906.mail.re2.yahoo.com> Hey folks, I was wondering if anyone had interest in setting up a Wordpress MU install for Fedora's infrastructure? Gerold Kassube on the marketing team had this cool idea to set up a blog per Fedora foundation (freedom, friends, features, first) and the multiuser capabilities of wordpress seem ideal to drive the project. Let me know if you have any interest in this. It would be really, really useful for Fedora's marketing. Thanks, ~m From herlo1 at gmail.com Fri Mar 6 01:30:56 2009 From: herlo1 at gmail.com (Clint Savage) Date: Thu, 5 Mar 2009 18:30:56 -0700 Subject: Wordpress? In-Reply-To: <914074.47996.qm@web50906.mail.re2.yahoo.com> References: <914074.47996.qm@web50906.mail.re2.yahoo.com> Message-ID: On Tue, Mar 3, 2009 at 3:18 PM, M?ir?n Duffy wrote: > > Hey folks, > > I was wondering if anyone had interest in setting up a Wordpress MU install for Fedora's infrastructure? > > Gerold Kassube on the marketing team had this cool idea to set up a blog per Fedora foundation (freedom, friends, features, first) and the multiuser capabilities of wordpress seem ideal to drive the project. > > Let me know if you have any interest in this. It would be really, really useful for Fedora's marketing. > > Thanks, > ~m I'd like you to sell me on the reason for four different blogs (essentially what WP-MU gives) as I've set up WP-MU before and it's pretty easy... My concern is that it would be just as easy to create topics in one blog and just customize pages to pull based upon topic. Pretty easy to do actually. So anyway, if you can make a good argument for MU, I'd love to help. Clint From mmcgrath at redhat.com Fri Mar 6 01:42:39 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 5 Mar 2009 19:42:39 -0600 (CST) Subject: Wordpress? In-Reply-To: References: <914074.47996.qm@web50906.mail.re2.yahoo.com> Message-ID: On Thu, 5 Mar 2009, Clint Savage wrote: > On Tue, Mar 3, 2009 at 3:18 PM, M?ir?n Duffy wrote: > > > > Hey folks, > > > > I was wondering if anyone had interest in setting up a Wordpress MU install for Fedora's infrastructure? > > > > Gerold Kassube on the marketing team had this cool idea to set up a blog per Fedora foundation (freedom, friends, features, first) and the multiuser capabilities of wordpress seem ideal to drive the project. > > > > Let me know if you have any interest in this. It would be really, really useful for Fedora's marketing. > > > > Thanks, > > ~m > > I'd like you to sell me on the reason for four different blogs > (essentially what WP-MU gives) as I've set up WP-MU before and it's > pretty easy... > > My concern is that it would be just as easy to create topics in one > blog and just customize pages to pull based upon topic. Pretty easy > to do actually. > > So anyway, if you can make a good argument for MU, I'd love to help. > actually MU was picked a long time ago, just no one has had time to set it up. -Mike From herlo1 at gmail.com Fri Mar 6 02:29:30 2009 From: herlo1 at gmail.com (Clint Savage) Date: Thu, 5 Mar 2009 19:29:30 -0700 Subject: Wordpress? In-Reply-To: References: <914074.47996.qm@web50906.mail.re2.yahoo.com> Message-ID: 2009/3/5 Mike McGrath : > On Thu, 5 Mar 2009, Clint Savage wrote: > >> On Tue, Mar 3, 2009 at 3:18 PM, M?ir?n Duffy wrote: >> > >> > Hey folks, >> > >> > I was wondering if anyone had interest in setting up a Wordpress MU install for Fedora's infrastructure? >> > >> > Gerold Kassube on the marketing team had this cool idea to set up a blog per Fedora foundation (freedom, friends, features, first) and the multiuser capabilities of wordpress seem ideal to drive the project. >> > >> > Let me know if you have any interest in this. It would be really, really useful for Fedora's marketing. >> > >> > Thanks, >> > ~m >> >> I'd like you to sell me on the reason for four different blogs >> (essentially what WP-MU gives) as I've set up WP-MU before and it's >> pretty easy... >> >> My concern is that it would be just as easy to create topics in one >> blog and just customize pages to pull based upon topic. ?Pretty easy >> to do actually. >> >> So anyway, if you can make a good argument for MU, I'd love to help. >> > > actually MU was picked a long time ago, just no one has had time to set it > up. > > ? ? ? ?-Mike > _______________________________________________ Mike, Do you have a link to the mailing list thread? I'd like to read up on it. I like MU, don't get me wrong, just wonder why it was chosen. Clint From sundaram at fedoraproject.org Fri Mar 6 09:13:14 2009 From: sundaram at fedoraproject.org (Rahul Sundaram) Date: Fri, 06 Mar 2009 14:43:14 +0530 Subject: [fedora-india] [RFC] #fedora-india IRC sessions In-Reply-To: References: Message-ID: <49B0E92A.8090900@fedoraproject.org> Shakthi Kannan wrote: > Hi, > > I would like to know what would be convenient times to have IRC > tutorial sessions on #fedora-india. > > 1. Do people prefer to learn/experiment new things in the afternoon, > or evenings during weekends? In the past, we have done it in weekends or late evenings because many students wanted it that way and colleges regularly block IRC. > 2. Is there any way of creating polls in fedoraproject.org/wiki to get > feedback for such queries? We have a infrastructure for elections at https://admin.fedoraproject.org/voting but that is probably a overkill for simple polls. CC'ing Fedora infrastructure list to see if we have a better system for this but meanwhile you can do this via fedoraforum.org if necessary. > The sessions in #fedora-classroom (UTC) occur quite late nights (IST). True. Kevin Fenzi (CC'ed) is leading this effort. Maybe we can do it other timings as well? Rahul From sundaram at fedoraproject.org Fri Mar 6 10:05:11 2009 From: sundaram at fedoraproject.org (Rahul Sundaram) Date: Fri, 06 Mar 2009 15:35:11 +0530 Subject: Wordpress? In-Reply-To: References: <914074.47996.qm@web50906.mail.re2.yahoo.com> Message-ID: <49B0F557.2080608@fedoraproject.org> Clint Savage wrote: > > Mike, > > Do you have a link to the mailing list thread? I'd like to read up on > it. I like MU, don't get me wrong, just wonder why it was chosen. We wanted it for a Fedora News site. Refer https://fedorahosted.org/fedora-infrastructure/ticket/178 Rahul From kevin at tummy.com Fri Mar 6 16:04:21 2009 From: kevin at tummy.com (Kevin Fenzi) Date: Fri, 6 Mar 2009 09:04:21 -0700 Subject: [fedora-india] [RFC] #fedora-india IRC sessions In-Reply-To: <49B0E92A.8090900@fedoraproject.org> References: <49B0E92A.8090900@fedoraproject.org> Message-ID: <20090306090421.6f05d2dc@ohm.scrye.com> On Fri, 06 Mar 2009 14:43:14 +0530 Rahul Sundaram wrote: ...snip... > > The sessions in #fedora-classroom (UTC) occur quite late nights > > (IST). > > True. Kevin Fenzi (CC'ed) is leading this effort. Maybe we can do it > other timings as well? We move times each session. Take a look at the times of the previous sessions on: https://fedoraproject.org/wiki/Classroom Each month moves to another timeblock until we cycle through them all. This is specifically so we can make sure and have classes available at least at sometime that matches a students schedule. ;) > Rahul kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From thinklinux.ssh at gmail.com Sun Mar 8 12:29:22 2009 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Sun, 8 Mar 2009 17:59:22 +0530 Subject: With every git push I get a "Returned mail: see transcript for details" Message-ID: Hi, Just for your information, every time I do a git push, I am getting this (almost certainly everyone else is getting it too!!! Just to let you know. :) Thanks. ? ----- The following addresses had permanent fatal errors ----- ? ?(reason: 550 Host unknown) ? ----- Transcript of session follows ----- 550 5.1.2 ... Host unknown (Name server: dark-hill.co.uk: host not found) Original-Recipient: rfc822;sysadmin-members at fedoraproject.org Final-Recipient: RFC822; dfurlong at dark-hill.co.uk Action: failed Status: 5.1.2 Remote-MTA: DNS; dark-hill.co.uk Diagnostic-Code: SMTP; 550 Host unknown Last-Attempt-Date: Sun, 8 Mar 2009 08:21:09 -0400 -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= Sent from: Calcutta Wb India. From bretm at redhat.com Mon Mar 9 15:12:15 2009 From: bretm at redhat.com (Bret McMillan) Date: Mon, 09 Mar 2009 11:12:15 -0400 Subject: Wordpress? In-Reply-To: <49B0F557.2080608@fedoraproject.org> References: <914074.47996.qm@web50906.mail.re2.yahoo.com> <49B0F557.2080608@fedoraproject.org> Message-ID: <49B531CF.8000409@redhat.com> Rahul Sundaram wrote: > Clint Savage wrote: >> >> Mike, >> >> Do you have a link to the mailing list thread? I'd like to read up on >> it. I like MU, don't get me wrong, just wonder why it was chosen. > > We wanted it for a Fedora News site. Refer > > https://fedorahosted.org/fedora-infrastructure/ticket/178 At this point, I think we're blocked on a theme (outside my skillset). I think jonrob was going to look at this time-permitting. If we've made progress on this front, I can help w/ the puppetization, if that's still outstanding. --Bret From duffy at redhat.com Mon Mar 9 15:28:15 2009 From: duffy at redhat.com (=?ISO-8859-1?Q?M=E1ir=ED=ADn_Duffy?=) Date: Mon, 09 Mar 2009 11:28:15 -0400 Subject: Wordpress? In-Reply-To: <49B531CF.8000409@redhat.com> References: <914074.47996.qm@web50906.mail.re2.yahoo.com> <49B0F557.2080608@fedoraproject.org> <49B531CF.8000409@redhat.com> Message-ID: <49B5358F.9010801@redhat.com> Bret McMillan wrote: > Rahul Sundaram wrote: >> Clint Savage wrote: >>> >>> Mike, >>> >>> Do you have a link to the mailing list thread? I'd like to read up on >>> it. I like MU, don't get me wrong, just wonder why it was chosen. >> >> We wanted it for a Fedora News site. Refer >> >> https://fedorahosted.org/fedora-infrastructure/ticket/178 > > At this point, I think we're blocked on a theme (outside my skillset). I > think jonrob was going to look at this time-permitting. > > If we've made progress on this front, I can help w/ the puppetization, > if that's still outstanding. If you can get an instance up I can poke with, I can write the theme. ~m From mmcgrath at redhat.com Mon Mar 9 17:58:58 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 9 Mar 2009 12:58:58 -0500 (CDT) Subject: With every git push I get a "Returned mail: see transcript for details" In-Reply-To: References: Message-ID: That was wibbit, I hope he's ok, haven't seen him around in a while and hist email no longer works. I've removed him from the sysadmin group, I guess he can always re-apply if he gets some time and comes back. -Mike On Sun, 8 Mar 2009, susmit shannigrahi wrote: > Hi, > > Just for your information, every time I do a git push, I am getting > this (almost certainly everyone else is getting it too!!! > Just to let you know. :) > > Thanks. > > > ? ----- The following addresses had permanent fatal errors ----- > > ? ?(reason: 550 Host unknown) > > ? ----- Transcript of session follows ----- > 550 5.1.2 ... Host unknown (Name server: > dark-hill.co.uk: host not found) > > Original-Recipient: rfc822;sysadmin-members at fedoraproject.org > Final-Recipient: RFC822; dfurlong at dark-hill.co.uk > Action: failed > Status: 5.1.2 > Remote-MTA: DNS; dark-hill.co.uk > Diagnostic-Code: SMTP; 550 Host unknown > Last-Attempt-Date: Sun, 8 Mar 2009 08:21:09 -0400 > > > -- > Regards, > Susmit. > > ============================================= > ssh > 0x86DD170A > http://www.fedoraproject.org/wiki/user:susmit > ============================================= > Sent from: Calcutta Wb India. > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > From a.badger at gmail.com Tue Mar 10 10:53:04 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Tue, 10 Mar 2009 03:53:04 -0700 Subject: Password Reset In-Reply-To: <20090310111719.8ce27cfe.mschwendt@gmail.com> References: <20090310111719.8ce27cfe.mschwendt@gmail.com> Message-ID: <49B64690.6000207@gmail.com> Michael Schwendt wrote: > On Tue, 10 Mar 2009 02:26:07 +0100, Kevin wrote: > >> Another unfortunate side effect of that password expiration: mail to >> username at fedoraproject.org bounces for those people who haven't renewed >> their password in time. This is also a security risk because it means >> people can commit bad things to their packages without them noticing. (I >> just got such a bounce for the commit message for a rebuild for broken >> dependencies.) > > Just for the record, two hours ago I got a delivery failure notification > for 14 users expanded from the packager sponsors' group alias. IMO there > is an additional problem [unless the accounts for all these well-known > names have been disabled]. > The following patch should remove inactive accounts from group aliases. If this looks right I'll request a change freeze exception tommorrow. If anyone wants to look before I get up, output from old and new (with the patch) fasClient is on bastion:~toshio/aliases.{old,new} -Toshio diff --git a/client/fasClient b/client/fasClient index ee83eae..8203e90 100644 --- a/client/fasClient +++ b/client/fasClient @@ -500,6 +500,10 @@ class MakeShellAccounts(AccountSystem): for membership in self.memberships[name]: role_type = membership['role_type'] person = self.all_people[membership['person_id']]['username'] + if person not in sorted_emails: + # If the person isn't in sorted_emails, their account has + # been inactivated. Don't add them to the group aliases + continue try: members['members'].append(person) except KeyError: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From mmcgrath at redhat.com Tue Mar 10 14:24:31 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 10 Mar 2009 09:24:31 -0500 (CDT) Subject: Change request Message-ID: We're in the change freeze, I have two changes I would like to make: 1) an update to django-contact-form-0.3-3.el5.hg97559a887345 2) An addition of /site_media/ Proxy Pass on translate.fp.o Risk: low, neither 1) nor 2) is in use already and is only adding functionality. Roll back is easy. 2+1's? -Mike From skvidal at fedoraproject.org Tue Mar 10 14:26:12 2009 From: skvidal at fedoraproject.org (Seth Vidal) Date: Tue, 10 Mar 2009 10:26:12 -0400 (EDT) Subject: Change request In-Reply-To: References: Message-ID: On Tue, 10 Mar 2009, Mike McGrath wrote: > We're in the change freeze, I have two changes I would like to make: > > > 1) an update to django-contact-form-0.3-3.el5.hg97559a887345 Does this update pull anything else in? > > 2) An addition of /site_media/ Proxy Pass on translate.fp.o > > Risk: low, neither 1) nor 2) is in use already and is only adding > functionality. Roll back is easy. > > 2+1's? otherwise +1 -sv From ricky at fedoraproject.org Tue Mar 10 14:37:01 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Tue, 10 Mar 2009 10:37:01 -0400 Subject: Change request In-Reply-To: References: Message-ID: <20090310143701.GB28918@sphe.res.cmu.edu> On 2009-03-10 09:24:31 AM, Mike McGrath wrote: > 1) an update to django-contact-form-0.3-3.el5.hg97559a887345 +1 > 2) An addition of /site_media/ Proxy Pass on translate.fp.o +1 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Tue Mar 10 14:54:59 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 10 Mar 2009 09:54:59 -0500 (CDT) Subject: Change request In-Reply-To: References: Message-ID: On Tue, 10 Mar 2009, Seth Vidal wrote: > > > On Tue, 10 Mar 2009, Mike McGrath wrote: > > > We're in the change freeze, I have two changes I would like to make: > > > > > > 1) an update to django-contact-form-0.3-3.el5.hg97559a887345 > > Does this update pull anything else in? > Nope. > > > > 2) An addition of /site_media/ Proxy Pass on translate.fp.o > > > > Risk: low, neither 1) nor 2) is in use already and is only adding > > functionality. Roll back is easy. > > > > 2+1's? > > otherwise +1 > -Mike From mmcgrath at redhat.com Tue Mar 10 15:38:23 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 10 Mar 2009 10:38:23 -0500 (CDT) Subject: change request Message-ID: I need to install transifex-extras on app1 (same deal as before) Low risk. It does pull in bzr, bzrtools pysvn, python-paramiko. 2 +1's? -Mike From katzj at redhat.com Tue Mar 10 15:42:24 2009 From: katzj at redhat.com (Jeremy Katz) Date: Tue, 10 Mar 2009 11:42:24 -0400 Subject: change request In-Reply-To: References: Message-ID: <20090310154224.GC5249@redhat.com> On Tuesday, March 10 2009, Mike McGrath said: > I need to install transifex-extras on app1 (same deal as before) Low > risk. It does pull in bzr, bzrtools pysvn, python-paramiko. > > 2 +1's? +1 Jeremy From a.badger at gmail.com Tue Mar 10 15:43:03 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Tue, 10 Mar 2009 08:43:03 -0700 Subject: change request In-Reply-To: References: Message-ID: <49B68A87.80601@gmail.com> Mike McGrath wrote: > I need to install transifex-extras on app1 (same deal as before) Low > risk. It does pull in bzr, bzrtools pysvn, python-paramiko. > > 2 +1's? > +1 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From a.badger at gmail.com Tue Mar 10 16:35:11 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Tue, 10 Mar 2009 09:35:11 -0700 Subject: Change request: fasClient Message-ID: <49B696BF.5000104@gmail.com> I'd like to apply the following patch to the fasClient on bastion. I'll spin a new fasClient package with it applied but we probably won't update fas-clients on all the machines until after the change freeze. The patch changes how the email aliases are generated. The server is removing accounts that are marked inactive from having individual aliases. This change causes fasClient to eliminate those email addresses from the group aliases as well. Possible impact: We could break break email alias generation What it fixes: Currently group email aliases have many undeliverable addresses. Mitigating factors: - Tested this on fas1.stg. A brief look at the alias lists seems to be correct (only people who are inactive are left out). - This change will only be on bastion so it's easy to back out a change by copying fasClient from another machine. Can I get two +1's ? -Toshio diff --git a/client/fasClient b/client/fasClient index ee83eae..8203e90 100644 --- a/client/fasClient +++ b/client/fasClient @@ -500,6 +500,10 @@ class MakeShellAccounts(AccountSystem): for membership in self.memberships[name]: role_type = membership['role_type'] person = self.all_people[membership['person_id']]['username'] + if person not in sorted_emails: + # If the person isn't in sorted_emails, their account has + # been inactivated. Don't add them to the group aliases + continue try: members['members'].append(person) except KeyError: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From mmcgrath at redhat.com Tue Mar 10 16:43:51 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 10 Mar 2009 11:43:51 -0500 (CDT) Subject: Change request: fasClient In-Reply-To: <49B696BF.5000104@gmail.com> References: <49B696BF.5000104@gmail.com> Message-ID: On Tue, 10 Mar 2009, Toshio Kuratomi wrote: > I'd like to apply the following patch to the fasClient on bastion. I'll > spin a new fasClient package with it applied but we probably won't > update fas-clients on all the machines until after the change freeze. > > The patch changes how the email aliases are generated. The server is > removing accounts that are marked inactive from having individual > aliases. This change causes fasClient to eliminate those email > addresses from the group aliases as well. > > Possible impact: We could break break email alias generation > What it fixes: Currently group email aliases have many undeliverable > addresses. > Mitigating factors: > - Tested this on fas1.stg. A brief look at the alias lists seems to > be correct (only people who are inactive are left out). > - This change will only be on bastion so it's easy to back out a > change by copying fasClient from another machine. > > Can I get two +1's ? > > -Toshio > > diff --git a/client/fasClient b/client/fasClient > index ee83eae..8203e90 100644 > --- a/client/fasClient > +++ b/client/fasClient > @@ -500,6 +500,10 @@ class MakeShellAccounts(AccountSystem): > for membership in self.memberships[name]: > role_type = membership['role_type'] > person = > self.all_people[membership['person_id']]['username'] > + if person not in sorted_emails: > + # If the person isn't in sorted_emails, their > account has > + # been inactivated. Don't add them to the group > aliases > + continue > try: > members['members'].append(person) > except KeyError: +1 -Mike From ricky at fedoraproject.org Tue Mar 10 17:38:47 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Tue, 10 Mar 2009 13:38:47 -0400 Subject: Change request: fasClient In-Reply-To: <49B696BF.5000104@gmail.com> References: <49B696BF.5000104@gmail.com> Message-ID: <20090310173847.GC28918@sphe.res.cmu.edu> On 2009-03-10 09:35:11 AM, Toshio Kuratomi wrote: > I'd like to apply the following patch to the fasClient on bastion. I'll > spin a new fasClient package with it applied but we probably won't > update fas-clients on all the machines until after the change freeze. > > The patch changes how the email aliases are generated. The server is > removing accounts that are marked inactive from having individual > aliases. This change causes fasClient to eliminate those email > addresses from the group aliases as well. > > Possible impact: We could break break email alias generation > What it fixes: Currently group email aliases have many undeliverable > addresses. > Mitigating factors: > - Tested this on fas1.stg. A brief look at the alias lists seems to > be correct (only people who are inactive are left out). > - This change will only be on bastion so it's easy to back out a > change by copying fasClient from another machine. > > Can I get two +1's ? +1 - I completely missed this case when removing disabled users from email_list. Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Tue Mar 10 18:11:28 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 10 Mar 2009 13:11:28 -0500 (CDT) Subject: Change request Message-ID: I'd like to upgrade transifex on app1. this will not impact the live transifex install. Just the new one on app1. -Mike From a.badger at gmail.com Tue Mar 10 18:28:06 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Tue, 10 Mar 2009 11:28:06 -0700 Subject: Change request In-Reply-To: References: Message-ID: <49B6B136.3020203@gmail.com> Mike McGrath wrote: > I'd like to upgrade transifex on app1. this will not impact the live > transifex install. Just the new one on app1. > +1 -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From dennis at ausil.us Tue Mar 10 18:35:09 2009 From: dennis at ausil.us (Dennis Gilmore) Date: Tue, 10 Mar 2009 13:35:09 -0500 Subject: Change request In-Reply-To: References: Message-ID: <200903101335.17005.dennis@ausil.us> On Tuesday 10 March 2009 01:11:28 pm Mike McGrath wrote: > I'd like to upgrade transifex on app1. this will not impact the live > transifex install. Just the new one on app1. > +1 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From mmcgrath at redhat.com Tue Mar 10 22:53:04 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 10 Mar 2009 17:53:04 -0500 (CDT) Subject: change request Message-ID: for translate website: diff --git a/configs/web/translate.fedoraproject.org.conf b/configs/web/translate.fedoraproject.org.conf index 7bcb9c5..407b799 100644 --- a/configs/web/translate.fedoraproject.org.conf +++ b/configs/web/translate.fedoraproject.org.conf @@ -10,6 +10,7 @@ RewriteEngine On RewriteRule ^/submit(.*) https://translate.fedoraproject.org/submit$1 [R=301,L] + RewriteRule ^/tx(.*) https://translate.fedoraproject.org/tx$1 [R=301,L] include "conf.d/translate.fedoraproject.org/*.conf" @@ -21,6 +22,7 @@ RewriteEngine On RewriteRule ^/submit(.*) https://translate.fedoraproject.org/submit$1 [R=301,L] + RewriteRule ^/tx(.*) https://translate.fedoraproject.org/tx$1 [R=301,L] include "conf.d/translate.fedoraproject.org/*.conf" From dennis at ausil.us Tue Mar 10 23:07:10 2009 From: dennis at ausil.us (Dennis Gilmore) Date: Tue, 10 Mar 2009 18:07:10 -0500 Subject: change request In-Reply-To: References: Message-ID: <200903101807.13459.dennis@ausil.us> On Tuesday 10 March 2009 05:53:04 pm Mike McGrath wrote: > for translate website: > > diff --git a/configs/web/translate.fedoraproject.org.conf > b/configs/web/translate.fedoraproject.org.conf > index 7bcb9c5..407b799 100644 > --- a/configs/web/translate.fedoraproject.org.conf > +++ b/configs/web/translate.fedoraproject.org.conf > @@ -10,6 +10,7 @@ > > RewriteEngine On > RewriteRule ^/submit(.*) > https://translate.fedoraproject.org/submit$1 [R=301,L] > + RewriteRule ^/tx(.*) https://translate.fedoraproject.org/tx$1 > [R=301,L] > > include "conf.d/translate.fedoraproject.org/*.conf" > > @@ -21,6 +22,7 @@ > > RewriteEngine On > RewriteRule ^/submit(.*) > https://translate.fedoraproject.org/submit$1 [R=301,L] > + RewriteRule ^/tx(.*) https://translate.fedoraproject.org/tx$1 > [R=301,L] > > include "conf.d/translate.fedoraproject.org/*.conf" > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list +1 Dennis -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From nigjones at redhat.com Tue Mar 10 23:11:51 2009 From: nigjones at redhat.com (Nigel Jones) Date: Tue, 10 Mar 2009 19:11:51 -0400 (EDT) Subject: change request In-Reply-To: Message-ID: <15813306.181236726702786.JavaMail.nigjones@njones.bne.redhat.com> +1 ----- "Mike McGrath" wrote: > for translate website: > > diff --git a/configs/web/translate.fedoraproject.org.conf > b/configs/web/translate.fedoraproject.org.conf > index 7bcb9c5..407b799 100644 > --- a/configs/web/translate.fedoraproject.org.conf > +++ b/configs/web/translate.fedoraproject.org.conf > @@ -10,6 +10,7 @@ > > RewriteEngine On > RewriteRule ^/submit(.*) > https://translate.fedoraproject.org/submit$1 [R=301,L] > + RewriteRule ^/tx(.*) https://translate.fedoraproject.org/tx$1 > [R=301,L] > > include "conf.d/translate.fedoraproject.org/*.conf" > > @@ -21,6 +22,7 @@ > > RewriteEngine On > RewriteRule ^/submit(.*) > https://translate.fedoraproject.org/submit$1 [R=301,L] > + RewriteRule ^/tx(.*) https://translate.fedoraproject.org/tx$1 > [R=301,L] > > include "conf.d/translate.fedoraproject.org/*.conf" > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list From ricky at fedoraproject.org Tue Mar 10 23:13:09 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Tue, 10 Mar 2009 19:13:09 -0400 Subject: change request In-Reply-To: References: Message-ID: <20090310231309.GD28918@sphe.res.cmu.edu> On 2009-03-10 05:53:04 PM, Mike McGrath wrote: > for translate website: > > diff --git a/configs/web/translate.fedoraproject.org.conf > b/configs/web/translate.fedoraproject.org.conf > index 7bcb9c5..407b799 100644 > --- a/configs/web/translate.fedoraproject.org.conf > +++ b/configs/web/translate.fedoraproject.org.conf > @@ -10,6 +10,7 @@ > > RewriteEngine On > RewriteRule ^/submit(.*) > https://translate.fedoraproject.org/submit$1 [R=301,L] > + RewriteRule ^/tx(.*) https://translate.fedoraproject.org/tx$1 > [R=301,L] > > include "conf.d/translate.fedoraproject.org/*.conf" > > @@ -21,6 +22,7 @@ > > RewriteEngine On > RewriteRule ^/submit(.*) > https://translate.fedoraproject.org/submit$1 [R=301,L] > + RewriteRule ^/tx(.*) https://translate.fedoraproject.org/tx$1 > [R=301,L] > > include "conf.d/translate.fedoraproject.org/*.conf" +1 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Wed Mar 11 01:41:33 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 10 Mar 2009 20:41:33 -0500 (CDT) Subject: Password resets Message-ID: So holy crap does the planet hate it when you ask people to reset their passwords. In particular though, they hated the following: 1. Kittens 2. "Password Expiration" is confusing and does not imply "account expiration". Some may have ignored the warning because they did not understand what the consequences were. 3. Mail aliases going away. This one's legit and accounts for the only data loss we actually had. 4. fedorapeople space going away and not coming back automatically. [1] requires the killing of all kittens [2] just requires a better email to go out, possibly with a link to a wiki page. It'd be good for this to be translated. [3] requires another "account" type or at least fasClient to be smart enough to know how old the 'inactive' account is. I'd suggest a month or so. [4] requires us to restore whatever is in /home/fedora.bak/$username.$timestamp at the time the account becomes active again. We won't leave $username.fedorapeople.org up for security / liability reasons. But we will make it transparent to the user that it looks like their stuff never went away. I'm going to disable password reset/account expiration until at least 3 of the 4 above are done. Please hate me a little less now. Thoughts? -Mike From dimitris at glezos.com Wed Mar 11 03:28:47 2009 From: dimitris at glezos.com (Dimitris Glezos) Date: Wed, 11 Mar 2009 05:28:47 +0200 Subject: change request Message-ID: <6d4237680903102028o7d5690f4j6766e3ff3c8977a4@mail.gmail.com> Deployment of tx to app1 brought some more issues on the surface. We'd like to install a new tx RPM. It doesn't bring any new deps in, just fixes a few inner workings and DB tweaks. +1/-1s? -d PS: Hoping these change requests won't be many more. :/ -- Dimitris Glezos Jabber ID: glezos at jabber.org, GPG: 0xA5A04C3B http://dimitris.glezos.com/ "He who gives up functionality for ease of use loses both and deserves neither." (Anonymous) -- From mmcgrath at redhat.com Wed Mar 11 03:29:46 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 10 Mar 2009 22:29:46 -0500 (CDT) Subject: change request In-Reply-To: <6d4237680903102028o7d5690f4j6766e3ff3c8977a4@mail.gmail.com> References: <6d4237680903102028o7d5690f4j6766e3ff3c8977a4@mail.gmail.com> Message-ID: On Wed, 11 Mar 2009, Dimitris Glezos wrote: > Deployment of tx to app1 brought some more issues on the surface. We'd > like to install a new tx RPM. > > It doesn't bring any new deps in, just fixes a few inner workings and DB tweaks. > > +1/-1s? > +1 from me. > > PS: Hoping these change requests won't be many more. :/ > no worries, I prepared everyone earlier that we'd have lots for transifex during the beta freeze. -Mike From ricky at fedoraproject.org Wed Mar 11 03:33:10 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Tue, 10 Mar 2009 23:33:10 -0400 Subject: change request In-Reply-To: References: <6d4237680903102028o7d5690f4j6766e3ff3c8977a4@mail.gmail.com> Message-ID: <20090311033310.GE28918@sphe.res.cmu.edu> On 2009-03-10 10:29:46 PM, Mike McGrath wrote: > On Wed, 11 Mar 2009, Dimitris Glezos wrote: > > > Deployment of tx to app1 brought some more issues on the surface. We'd > > like to install a new tx RPM. > > > > It doesn't bring any new deps in, just fixes a few inner workings and DB tweaks. > > > > +1/-1s? > > > > +1 from me. +1 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From ianweller at gmail.com Wed Mar 11 03:53:50 2009 From: ianweller at gmail.com (Ian Weller) Date: Tue, 10 Mar 2009 22:53:50 -0500 Subject: Password resets In-Reply-To: References: Message-ID: <20090311035350.GC5154@gmail.com> On Tue, Mar 10, 2009 at 08:41:33PM -0500, Mike McGrath wrote: > So holy crap does the planet hate it when you ask people to reset their > passwords. In particular though, they hated the following: > > 1. Kittens > > 2. "Password Expiration" is confusing and does not imply "account > expiration". Some may have ignored the warning because they did not > understand what the consequences were. > > 3. Mail aliases going away. This one's legit and accounts for the only > data loss we actually had. > > 4. fedorapeople space going away and not coming back automatically. > > [1] requires the killing of all kittens > > [2] just requires a better email to go out, possibly with a link to a wiki > page. It'd be good for this to be translated. > > [3] requires another "account" type or at least fasClient to be smart > enough to know how old the 'inactive' account is. I'd suggest a month or > so. > > [4] requires us to restore whatever is in > /home/fedora.bak/$username.$timestamp at the time the account becomes > active again. We won't leave $username.fedorapeople.org up for security / > liability reasons. But we will make it transparent to the user that it > looks like their stuff never went away. > > I'm going to disable password reset/account expiration until at least 3 of > the 4 above are done. > Well I'm gonna safely assume that we won't kill all the kittens in time for the next one... :) -- Ian Weller http://ianweller.org GnuPG fingerprint: E51E 0517 7A92 70A2 4226 B050 87ED 7C97 EFA8 4A36 "Technology is a word that describes something that doesn't work yet." ~ Douglas Adams -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From smooge at gmail.com Wed Mar 11 14:01:15 2009 From: smooge at gmail.com (Stephen John Smoogen) Date: Wed, 11 Mar 2009 08:01:15 -0600 Subject: Password resets In-Reply-To: References: Message-ID: <80d7e4090903110701y5cfcd3d5v9b0b9e92e132fda7@mail.gmail.com> On Tue, Mar 10, 2009 at 7:41 PM, Mike McGrath wrote: > So holy crap does the planet hate it when you ask people to reset their > passwords. ?In particular though, they hated the following: > > 1. Kittens Personally I thought people were having kittens for all the 'problems' occurring. Maybe we should set up an adoption agency? The main thing with password changes is that a segment of the society does not like them . They will quote spafford, etc etc about how its wrong to change passwords and with some members of our faculty do a virtual sit-out in protest. In general I hand them some lemons and tell them to make lemonade. [But that is why I am probably going to see our HR rep about..] Normally our policy for accounts is the following: 15 day email saying your account will be locked, and then deleted 15 days after lock. 7 day email saying your account will be locked, and then deleted 15 days after lock. 1 day email saying your account will be locked. and then 1 day email saying your account is locked and will be deleted in 15 days. 7 day email saying... you get the picture If a person does not get the message within that time frame... well that is life. If we are going to schedule these for a precise period (say first week of March, September (if 180 day timeframe)) a mail can go out to the list also. -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" From mmcgrath at redhat.com Wed Mar 11 14:42:58 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 11 Mar 2009 09:42:58 -0500 (CDT) Subject: change request Message-ID: diff --git a/configs/web/translate.fedoraproject.org/transifex.conf b/configs/web/translate.fedoraproject.org/transife index 940b314..43292bf 100644 --- a/configs/web/translate.fedoraproject.org/transifex.conf +++ b/configs/web/translate.fedoraproject.org/transifex.conf @@ -5,6 +5,7 @@ ProxyPass /submit http://transifexCluster/submit ProxyPassReverse /submit http://transifexCluster/submit RewriteEngine On +RewruteRule ^/tx$ https://translate.fedoraproject.org/tx/ [R,L] RewriteRule ^/tx(.*) http://app1/tx$1 [P] RewriteRule ^/site_media(.*) http://app1/site_media$1 [P] -Mike From gvarisco at redhat.com Wed Mar 11 14:44:30 2009 From: gvarisco at redhat.com (Gianluca Varisco) Date: Wed, 11 Mar 2009 15:44:30 +0100 Subject: change request In-Reply-To: References: Message-ID: <49B7CE4E.6080406@redhat.com> Mike McGrath wrote: > diff --git a/configs/web/translate.fedoraproject.org/transifex.conf > b/configs/web/translate.fedoraproject.org/transife > index 940b314..43292bf 100644 > --- a/configs/web/translate.fedoraproject.org/transifex.conf > +++ b/configs/web/translate.fedoraproject.org/transifex.conf > @@ -5,6 +5,7 @@ ProxyPass /submit http://transifexCluster/submit > ProxyPassReverse /submit http://transifexCluster/submit > > RewriteEngine On > +RewruteRule ^/tx$ https://translate.fedoraproject.org/tx/ [R,L] > RewriteRule ^/tx(.*) http://app1/tx$1 [P] > RewriteRule ^/site_media(.*) http://app1/site_media$1 [P] > > s/Rewrute/Rewrite/ Despite that, looks OK to me: +1 ;-) -- Gianluca Varisco, RHCE | Office: +39 02 9737 4652 Red Hat Italia | Fax: +39 02 669 3111 Via Antonio Da Recanate 1 | Mobile: +39 333 574 0934 20124 Milano | eMail: gvarisco at redhat.com From mmcgrath at redhat.com Wed Mar 11 14:53:24 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 11 Mar 2009 09:53:24 -0500 (CDT) Subject: change request In-Reply-To: <49B7CE4E.6080406@redhat.com> References: <49B7CE4E.6080406@redhat.com> Message-ID: On Wed, 11 Mar 2009, Gianluca Varisco wrote: > Mike McGrath wrote: > > diff --git a/configs/web/translate.fedoraproject.org/transifex.conf > > b/configs/web/translate.fedoraproject.org/transife > > index 940b314..43292bf 100644 > > --- a/configs/web/translate.fedoraproject.org/transifex.conf > > +++ b/configs/web/translate.fedoraproject.org/transifex.conf > > @@ -5,6 +5,7 @@ ProxyPass /submit http://transifexCluster/submit > > ProxyPassReverse /submit http://transifexCluster/submit > > > > RewriteEngine On > > +RewruteRule ^/tx$ https://translate.fedoraproject.org/tx/ [R,L] > > RewriteRule ^/tx(.*) http://app1/tx$1 [P] > > RewriteRule ^/site_media(.*) http://app1/site_media$1 [P] > > > > > > s/Rewrute/Rewrite/ > > Despite that, looks OK to me: +1 ;-) > Thanks, thats why we do these things :) Fixed. -Mike From a.badger at gmail.com Wed Mar 11 15:33:23 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Wed, 11 Mar 2009 08:33:23 -0700 Subject: change request In-Reply-To: References: <49B7CE4E.6080406@redhat.com> Message-ID: <49B7D9C3.1060909@gmail.com> Mike McGrath wrote: > On Wed, 11 Mar 2009, Gianluca Varisco wrote: > >> Mike McGrath wrote: >>> diff --git a/configs/web/translate.fedoraproject.org/transifex.conf >>> b/configs/web/translate.fedoraproject.org/transife >>> index 940b314..43292bf 100644 >>> --- a/configs/web/translate.fedoraproject.org/transifex.conf >>> +++ b/configs/web/translate.fedoraproject.org/transifex.conf >>> @@ -5,6 +5,7 @@ ProxyPass /submit http://transifexCluster/submit >>> ProxyPassReverse /submit http://transifexCluster/submit >>> >>> RewriteEngine On >>> +RewruteRule ^/tx$ https://translate.fedoraproject.org/tx/ [R,L] >>> RewriteRule ^/tx(.*) http://app1/tx$1 [P] >>> RewriteRule ^/site_media(.*) http://app1/site_media$1 [P] >>> >>> >> s/Rewrute/Rewrite/ >> >> Despite that, looks OK to me: +1 ;-) >> > > Thanks, thats why we do these things :) Fixed. > +1 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From a.badger at gmail.com Wed Mar 11 17:09:46 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Wed, 11 Mar 2009 10:09:46 -0700 Subject: Password resets In-Reply-To: References: Message-ID: <49B7F05A.8080307@gmail.com> Mike McGrath wrote: > So holy crap does the planet hate it when you ask people to reset their > passwords. In particular though, they hated the following: > > 1. Kittens > > 2. "Password Expiration" is confusing and does not imply "account > expiration". Some may have ignored the warning because they did not > understand what the consequences were. > > 3. Mail aliases going away. This one's legit and accounts for the only > data loss we actually had. > > 4. fedorapeople space going away and not coming back automatically. Possible implementation here: https://fedorahosted.org/fedora-infrastructure/ticket/1244#comment:1 > 5. Password resets could be introducing less secure passwords. This one's hard for me to quantify. If you use a strong password the first time, what's the likelihood that each reset will bring some number of users to use an insecure password? What's the likelihood of someone using an insecure password to use a more secure password next time (? This can be partially mitigated by using a password strength checker but it was pointed out to me that a strength checker 1) doesn't catch things like BIRTHDATE + WIFESNAME + FIRSTPET 2) Strength checkers often aren't as devious as someone trying to crack passwords. #2 is a bug in the strength checker but we're likely to have to continuously work on the upstream software in order to keep things secure. Without the reward of knowing how much security we're gaining. #1... I don't have a solution for. > > I'm going to disable password reset/account expiration until at least 3 of > the 4 above are done. > > Please hate me a little less now. Thoughts? > Would not doing a password expiration but just an account expiration be okay? I think that we can cover a pretty broad swathe of contributors with something that ties into people logging into fas (because we use json to log people in to web services including the wiki and they need to login to get a certificate to use koji/lookaside). We'd just have to expire accounts on a longer interval than the ssl certs... like 6 months for certs and 7 months for accounts. Thoughts on implementing alternate means of checking activity here: https://fedorahosted.org/fedora-infrastructure/ticket/1237 -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From mmcgrath at redhat.com Wed Mar 11 17:35:49 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 11 Mar 2009 12:35:49 -0500 (CDT) Subject: Password resets In-Reply-To: <49B7F05A.8080307@gmail.com> References: <49B7F05A.8080307@gmail.com> Message-ID: On Wed, 11 Mar 2009, Toshio Kuratomi wrote: > > > 5. Password resets could be introducing less secure passwords. This > one's hard for me to quantify. If you use a strong password the first > time, what's the likelihood that each reset will bring some number of > users to use an insecure password? What's the likelihood of someone > using an insecure password to use a more secure password next time (? > > This can be partially mitigated by using a password strength checker but > it was pointed out to me that a strength checker 1) doesn't catch things > like BIRTHDATE + WIFESNAME + FIRSTPET 2) Strength checkers often aren't > as devious as someone trying to crack passwords. > > #2 is a bug in the strength checker but we're likely to have to > continuously work on the upstream software in order to keep things > secure. Without the reward of knowing how much security we're gaining. > > #1... I don't have a solution for. > I'd think http://www.nongnu.org/python-crack/ is a good start. > > Would not doing a password expiration but just an account expiration be > okay? I think that we can cover a pretty broad swathe of contributors > with something that ties into people logging into fas (because we use > json to log people in to web services including the wiki and they need > to login to get a certificate to use koji/lookaside). We'd just have to > expire accounts on a longer interval than the ssl certs... like 6 months > for certs and 7 months for accounts. > > Thoughts on implementing alternate means of checking activity here: > https://fedorahosted.org/fedora-infrastructure/ticket/1237 > I think we shouldn't go too far out of our way for people that can't follow directions. Harsh? Yes, but what we asked of people was incredibly trivial. I'd be fine with asking people to log in but I'd think we'll find lots of people find that confusing. Logging in and setting your password is a task that has a clear begining and end. I can see people logging in expecting to see further directions and then asking "now what"? We've just got so much else to do I'd hate to spend a lot of time and effort to please a few people that can't spend less then a minute a year (15 seconds every 2 months) to log in and type their password a couple of times and the people that complained couldn't do that. If someone has time to implement some grand scheme, that's fine. I know I don't. The changes suggested about aliases and home dirs are good ones. -Mike From mikeb at redhat.com Wed Mar 11 17:49:49 2009 From: mikeb at redhat.com (Mike Bonnet) Date: Wed, 11 Mar 2009 13:49:49 -0400 Subject: Password resets In-Reply-To: <49B7F05A.8080307@gmail.com> References: <49B7F05A.8080307@gmail.com> Message-ID: <49B7F9BD.6060209@redhat.com> Toshio Kuratomi wrote: > Mike McGrath wrote: >> So holy crap does the planet hate it when you ask people to reset their >> passwords. In particular though, they hated the following: >> >> 1. Kittens >> >> 2. "Password Expiration" is confusing and does not imply "account >> expiration". Some may have ignored the warning because they did not >> understand what the consequences were. >> >> 3. Mail aliases going away. This one's legit and accounts for the only >> data loss we actually had. >> >> 4. fedorapeople space going away and not coming back automatically. > > Possible implementation here: > https://fedorahosted.org/fedora-infrastructure/ticket/1244#comment:1 > > 5. Password resets could be introducing less secure passwords. This > one's hard for me to quantify. If you use a strong password the first > time, what's the likelihood that each reset will bring some number of > users to use an insecure password? What's the likelihood of someone > using an insecure password to use a more secure password next time (? > > This can be partially mitigated by using a password strength checker but > it was pointed out to me that a strength checker 1) doesn't catch things > like BIRTHDATE + WIFESNAME + FIRSTPET 2) Strength checkers often aren't > as devious as someone trying to crack passwords. > > #2 is a bug in the strength checker but we're likely to have to > continuously work on the upstream software in order to keep things > secure. Without the reward of knowing how much security we're gaining. > > #1... I don't have a solution for. > >> I'm going to disable password reset/account expiration until at least 3 of >> the 4 above are done. >> >> Please hate me a little less now. Thoughts? >> > Would not doing a password expiration but just an account expiration be > okay? I think that we can cover a pretty broad swathe of contributors > with something that ties into people logging into fas (because we use > json to log people in to web services including the wiki and they need > to login to get a certificate to use koji/lookaside). We'd just have to > expire accounts on a longer interval than the ssl certs... like 6 months > for certs and 7 months for accounts. +1 Even if they were required to log in to the FAS web UI as an indication that their account was still active, I think that would be preferable to forced password resets. > Thoughts on implementing alternate means of checking activity here: > https://fedorahosted.org/fedora-infrastructure/ticket/1237 From lyos.gemininorezel at gmail.com Wed Mar 11 17:52:47 2009 From: lyos.gemininorezel at gmail.com (Lyos Gemini Norezel) Date: Wed, 11 Mar 2009 13:52:47 -0400 Subject: Password resets In-Reply-To: References: <49B7F05A.8080307@gmail.com> Message-ID: <49B7FA6F.1000001@gmail.com> Mike McGrath wrote: > I think we shouldn't go too far out of our way for people that can't > follow directions. Harsh? Yes, but what we asked of people was > incredibly trivial. I'd be fine with asking people to log in but I'd > think we'll find lots of people find that confusing. Logging in and > setting your password is a task that has a clear begining and end. I can > see people logging in expecting to see further directions and then asking > "now what"? > Why tell them at all? If you change it to 'activity shown on account' (which, IMNSHO, is the proper way)... the only reason for having people login will be immediately obvious via a properly worded email (ie., "Due to inactivity on your FAS account, your account will be terminated in 1 month, unless the following steps are taken..."). > We've just got so much else to do I'd hate to spend a lot of time and > effort to please a few people that can't spend less then a minute a year > (15 seconds every 2 months) to log in and type their password a couple of > times and the people that complained couldn't do that. > Many fail to realize that the same password they used before could be used again. Hence the complaints. People don't like having to remember new passwords every couple of months. It's irritating and really unnecessary, not to mention the new security holes you open (as Toshio, partially, explained in his email). Lyos Gemini Norezel -------------- next part -------------- A non-text attachment was scrubbed... Name: Lyos_GeminiNorezel.vcf Type: text/x-vcard Size: 428 bytes Desc: not available URL: From mmcgrath at redhat.com Wed Mar 11 18:09:14 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 11 Mar 2009 13:09:14 -0500 (CDT) Subject: Password resets In-Reply-To: <49B7FA6F.1000001@gmail.com> References: <49B7F05A.8080307@gmail.com> <49B7FA6F.1000001@gmail.com> Message-ID: On Wed, 11 Mar 2009, Lyos Gemini Norezel wrote: > Mike McGrath wrote: > > I think we shouldn't go too far out of our way for people that can't > > follow directions. Harsh? Yes, but what we asked of people was > > incredibly trivial. I'd be fine with asking people to log in but I'd > > think we'll find lots of people find that confusing. Logging in and > > setting your password is a task that has a clear begining and end. I can > > see people logging in expecting to see further directions and then asking > > "now what"? > > > > Why tell them at all? If you change it to 'activity shown on account' (which, > IMNSHO, is NSHO? who are you? > the proper way)... the only reason for having people login will be immediately > obvious via > a properly worded email (ie., "Due to inactivity on your FAS account, your > account will be > terminated in 1 month, unless the following steps are taken..."). > The only common point of entry for all of our services is the account system and people rarely use it without being asked to so we'll still have to do some emailing. > > We've just got so much else to do I'd hate to spend a lot of time and > > effort to please a few people that can't spend less then a minute a year > > (15 seconds every 2 months) to log in and type their password a couple of > > times and the people that complained couldn't do that. > > > > Many fail to realize that the same password they used before could be used > again. > Hence the complaints. Ehh, no. Almost no one has complained that they actually had to change their password to something else. And you can be damn sure I'll spell that out explicitly in the next email so everyone gets it. -Mike From a.badger at gmail.com Wed Mar 11 18:10:25 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Wed, 11 Mar 2009 11:10:25 -0700 Subject: Password resets In-Reply-To: References: <49B7F05A.8080307@gmail.com> Message-ID: <49B7FE91.6040905@gmail.com> Mike McGrath wrote: > On Wed, 11 Mar 2009, Toshio Kuratomi wrote: >> 5. Password resets could be introducing less secure passwords. This >> one's hard for me to quantify. If you use a strong password the first >> time, what's the likelihood that each reset will bring some number of >> users to use an insecure password? What's the likelihood of someone >> using an insecure password to use a more secure password next time (? >> >> This can be partially mitigated by using a password strength checker but >> it was pointed out to me that a strength checker 1) doesn't catch things >> like BIRTHDATE + WIFESNAME + FIRSTPET 2) Strength checkers often aren't >> as devious as someone trying to crack passwords. >> >> #2 is a bug in the strength checker but we're likely to have to >> continuously work on the upstream software in order to keep things >> secure. Without the reward of knowing how much security we're gaining. >> >> #1... I don't have a solution for. >> > > I'd think http://www.nongnu.org/python-crack/ is a good start. > This addresses #2. But doesn't address #1. If my password is 2005-03-11HutchinsonSnoopy a password strength checker isn't going to find that an especially weak password but a cracker that's researching their targets has a decent chance of figuring it out. >> Would not doing a password expiration but just an account expiration be >> okay? I think that we can cover a pretty broad swathe of contributors >> with something that ties into people logging into fas (because we use >> json to log people in to web services including the wiki and they need >> to login to get a certificate to use koji/lookaside). We'd just have to >> expire accounts on a longer interval than the ssl certs... like 6 months >> for certs and 7 months for accounts. >> >> Thoughts on implementing alternate means of checking activity here: >> https://fedorahosted.org/fedora-infrastructure/ticket/1237 >> > > I think we shouldn't go too far out of our way for people that can't > follow directions. Harsh? Yes, but what we asked of people was > incredibly trivial. I'd be fine with asking people to log in but I'd > think we'll find lots of people find that confusing. Logging in and > setting your password is a task that has a clear begining and end. I can > see people logging in expecting to see further directions and then asking > "now what"? > > We've just got so much else to do I'd hate to spend a lot of time and > effort to please a few people that can't spend less then a minute a year > (15 seconds every 2 months) to log in and type their password a couple of > times and the people that complained couldn't do that. > This isn't too hard to do, though. On the data saving side, we just need fas to record the current timestamp in lastseen whenever someone logs into fas. On the expiry side, we need to check the lastseen date instead of the password_change date. So it's just explaining to people how to show they're still active.... -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From a.badger at gmail.com Wed Mar 11 18:22:49 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Wed, 11 Mar 2009 11:22:49 -0700 Subject: Password resets In-Reply-To: References: <49B7F05A.8080307@gmail.com> <49B7FA6F.1000001@gmail.com> Message-ID: <49B80179.70502@gmail.com> Mike McGrath wrote: > On Wed, 11 Mar 2009, Lyos Gemini Norezel wrote: > >> the proper way)... the only reason for having people login will be immediately >> obvious via >> a properly worded email (ie., "Due to inactivity on your FAS account, your >> account will be >> terminated in 1 month, unless the following steps are taken..."). >> > > The only common point of entry for all of our services is the account > system and people rarely use it without being asked to so we'll still have > to do some emailing. > That's actually only sort of true. People don't use FAS often... but they do logon to FAS whenever they log onto the other web apps. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From mmcgrath at redhat.com Wed Mar 11 18:33:11 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 11 Mar 2009 13:33:11 -0500 (CDT) Subject: Password resets In-Reply-To: <49B80179.70502@gmail.com> References: <49B7F05A.8080307@gmail.com> <49B7FA6F.1000001@gmail.com> <49B80179.70502@gmail.com> Message-ID: On Wed, 11 Mar 2009, Toshio Kuratomi wrote: > Mike McGrath wrote: > > On Wed, 11 Mar 2009, Lyos Gemini Norezel wrote: > > > >> the proper way)... the only reason for having people login will be immediately > >> obvious via > >> a properly worded email (ie., "Due to inactivity on your FAS account, your > >> account will be > >> terminated in 1 month, unless the following steps are taken..."). > >> > > > > The only common point of entry for all of our services is the account > > system and people rarely use it without being asked to so we'll still have > > to do some emailing. > > > That's actually only sort of true. People don't use FAS often... but > they do logon to FAS whenever they log onto the other web apps. > Just make the pain go away, it's clear that password resets are too much for people to handle. -Mike From lyos.gemininorezel at gmail.com Wed Mar 11 18:37:42 2009 From: lyos.gemininorezel at gmail.com (Lyos Gemini Norezel) Date: Wed, 11 Mar 2009 14:37:42 -0400 Subject: Password resets In-Reply-To: References: <49B7F05A.8080307@gmail.com> <49B7FA6F.1000001@gmail.com> Message-ID: <49B804F6.7030906@gmail.com> Mike McGrath wrote: > On Wed, 11 Mar 2009, Lyos Gemini Norezel wrote: > > >> Mike McGrath wrote: >> >>> I think we shouldn't go too far out of our way for people that can't >>> follow directions. Harsh? Yes, but what we asked of people was >>> incredibly trivial. I'd be fine with asking people to log in but I'd >>> think we'll find lots of people find that confusing. Logging in and >>> setting your password is a task that has a clear begining and end. I can >>> see people logging in expecting to see further directions and then asking >>> "now what"? >>> >>> >> Why tell them at all? If you change it to 'activity shown on account' (which, >> IMNSHO, is >> > > NSHO? who are you? > *Sigh*... I did not really wish to reveal this, in public, however, since you asked... I'm a former blackhat hacker, whom the government has banned from working ANY security and/or government job. Suffice it to say, I understand security (or lack thereof) better than most, though I may be rusty/out of date in some areas. I do not tell you this to brag, I actually regret my past more and more as I get older. My 'prior life' has bought me more pain than glory. >> the proper way)... the only reason for having people login will be immediately >> obvious via >> a properly worded email (ie., "Due to inactivity on your FAS account, your >> account will be >> terminated in 1 month, unless the following steps are taken..."). >> >> > > The only common point of entry for all of our services is the account > system and people rarely use it without being asked to so we'll still have > to do some emailing. > > Aren't pkgdb, koji, bodhi and other services all apart of FAS? If I'm right here... then I suspect people are logging into FAS more often than you believe. >>> We've just got so much else to do I'd hate to spend a lot of time and >>> effort to please a few people that can't spend less then a minute a year >>> (15 seconds every 2 months) to log in and type their password a couple of >>> times and the people that complained couldn't do that. >>> >>> >> Many fail to realize that the same password they used before could be used >> again. >> Hence the complaints. >> > > Ehh, no. Almost no one has complained that they actually had to change > their password to something else. And you can be damn sure I'll spell > that out explicitly in the next email so everyone gets it. > > -Mike > As Toshio has already brought up on this list (after I brought it to his attention)... people have a tendency to select progressively weaker passwords every time they are forced to change one. So your idea of 'security' is actually INTRODUCING more holes than it's plugging. This is where my contribution to this argument ends. I am not interested in fighting and the raised blood pressure that goes with it. I have enough stress in my life... I am not about to add another debate/argument to that list. Take my advice or don't... just don't expect me to do anything other than laugh and say 'told ya so', when I prove correct. Good luck (despite my 'tone' above, I mean that), Lyos Gemini Norezel -------------- next part -------------- A non-text attachment was scrubbed... Name: Lyos_GeminiNorezel.vcf Type: text/x-vcard Size: 428 bytes Desc: not available URL: From mmcgrath at redhat.com Wed Mar 11 18:43:30 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 11 Mar 2009 13:43:30 -0500 (CDT) Subject: Password resets In-Reply-To: <49B804F6.7030906@gmail.com> References: <49B7F05A.8080307@gmail.com> <49B7FA6F.1000001@gmail.com> <49B804F6.7030906@gmail.com> Message-ID: On Wed, 11 Mar 2009, Lyos Gemini Norezel wrote: > Mike McGrath wrote: > > On Wed, 11 Mar 2009, Lyos Gemini Norezel wrote: > > > > > > > Mike McGrath wrote: > > > > > > > I think we shouldn't go too far out of our way for people that can't > > > > follow directions. Harsh? Yes, but what we asked of people was > > > > incredibly trivial. I'd be fine with asking people to log in but I'd > > > > think we'll find lots of people find that confusing. Logging in and > > > > setting your password is a task that has a clear begining and end. I > > > > can > > > > see people logging in expecting to see further directions and then > > > > asking > > > > "now what"? > > > > > > > > > > > Why tell them at all? If you change it to 'activity shown on account' > > > (which, > > > IMNSHO, is > > > > > > > NSHO? who are you? > > > > *Sigh*... > > I did not really wish to reveal this, in public, however, since you asked... > > I'm a former blackhat hacker, whom the government has banned from working ANY > security and/or government job. > > Suffice it to say, I understand security (or lack thereof) better than most, > though I may be rusty/out of date in some areas. > > I do not tell you this to brag, I actually regret my past more and more as I > get older. > My 'prior life' has bought me more pain than glory. > I discovered long ago there's no glory in what we do. Gotta fight the good fight just because it's there. > > > the proper way)... the only reason for having people login will be > > > immediately > > > obvious via > > > a properly worded email (ie., "Due to inactivity on your FAS account, your > > > account will be > > > terminated in 1 month, unless the following steps are taken..."). > > > > > > > > > > The only common point of entry for all of our services is the account > > system and people rarely use it without being asked to so we'll still have > > to do some emailing. > > > > > > Aren't pkgdb, koji, bodhi and other services all apart of FAS? > If I'm right here... then I suspect people are logging into FAS more often > than you believe. > Not all of them auth in the same way unfortunately and it's not as quick of a fix as it sounds like. > > > > We've just got so much else to do I'd hate to spend a lot of time and > > > > effort to please a few people that can't spend less then a minute a year > > > > (15 seconds every 2 months) to log in and type their password a couple > > > > of > > > > times and the people that complained couldn't do that. > > > > > > > > > > > Many fail to realize that the same password they used before could be used > > > again. > > > Hence the complaints. > > > > > > > Ehh, no. Almost no one has complained that they actually had to change > > their password to something else. And you can be damn sure I'll spell > > that out explicitly in the next email so everyone gets it. > > > > -Mike > > > > As Toshio has already brought up on this list (after I brought it to his > attention)... people > have a tendency to select progressively weaker passwords every time they are > forced to change one. > > So your idea of 'security' is actually INTRODUCING more holes than it's > plugging. > It's not my idea of security, it's my idea of a task. I just want some concrete thing that has a begining, middle, and end for people to do so we can prune accounts. Logging in and typing your password a couple of time (and keeping it the same thing). Doesn't sound like it's introducing or removing any holes. Sorry to hear you won't be discussing it further. -Mike From lyos.gemininorezel at gmail.com Wed Mar 11 19:09:04 2009 From: lyos.gemininorezel at gmail.com (Lyos Gemini Norezel) Date: Wed, 11 Mar 2009 15:09:04 -0400 Subject: Password resets In-Reply-To: References: <49B7F05A.8080307@gmail.com> <49B7FA6F.1000001@gmail.com> <49B804F6.7030906@gmail.com> Message-ID: <49B80C50.4020301@gmail.com> Mike McGrath wrote: > I discovered long ago there's no glory in what we do. Gotta fight the > good fight just because it's there. > > There's a truism I wish I'd never heard. > > It's not my idea of security, it's my idea of a task. I just want some > concrete thing that has a begining, middle, and end for people to do so we > can prune accounts. Logging in and typing your password a couple of time > (and keeping it the same thing). Doesn't sound like it's introducing or > removing any holes. > As I said before, it seems, that not everyone understood that. Most (apparently) thought the password had to be changed. That's what will introduce new holes that didn't exist before. I think the major portion of confusion here is the standards set by 'free' email services, where a 'password reset' means selecting and entering a new password (this is also common in corporate settings). I'm simply suggesting that it'll be easier/more secure to handle by way of logging 'login times' than the way it is currently being handled. It may well prove to be more work than was wanted... but more work is often better than a reduction in security. > Sorry to hear you won't be discussing it further. > > -Mike > Toshio has the majority of my arguments from our recent discussions. I am willing to clear up confusion in my arguments, should they arise, but I will not fight. My mind (and body) simply cannot handle the stress of debating/arguing/fighting, and seeing as this is the kind of discussion that can quickly run out of control, I am simply stating my intention not to get involved in another fight. Lyos Gemini Norezel -------------- next part -------------- A non-text attachment was scrubbed... Name: Lyos_GeminiNorezel.vcf Type: text/x-vcard Size: 428 bytes Desc: not available URL: From ianweller at gmail.com Wed Mar 11 20:14:27 2009 From: ianweller at gmail.com (Ian Weller) Date: Wed, 11 Mar 2009 15:14:27 -0500 Subject: sanity request Message-ID: <20090311201426.GD2971@gmail.com> How is it that we can have fifty threads in this list with the subject line as "change request" and no additional information? I'm not the one who has to deal with them and it drives me insane, so I'm not sure how others can work with it -- especially those unfortunate enough to not have message threading. In other words please describe your change requests in the subject line to help with differentiation. Thanks, The Non-Management :) -- Ian Weller http://ianweller.org GnuPG fingerprint: E51E 0517 7A92 70A2 4226 B050 87ED 7C97 EFA8 4A36 "Technology is a word that describes something that doesn't work yet." ~ Douglas Adams -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From ricky at fedoraproject.org Wed Mar 11 20:22:28 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Wed, 11 Mar 2009 16:22:28 -0400 Subject: change request In-Reply-To: References: <49B7CE4E.6080406@redhat.com> Message-ID: <20090311202228.GB22369@sphe.res.cmu.edu> On 2009-03-11 09:53:24 AM, Mike McGrath wrote: > On Wed, 11 Mar 2009, Gianluca Varisco wrote: > > > Mike McGrath wrote: > > > diff --git a/configs/web/translate.fedoraproject.org/transifex.conf > > > b/configs/web/translate.fedoraproject.org/transife > > > index 940b314..43292bf 100644 > > > --- a/configs/web/translate.fedoraproject.org/transifex.conf > > > +++ b/configs/web/translate.fedoraproject.org/transifex.conf > > > @@ -5,6 +5,7 @@ ProxyPass /submit http://transifexCluster/submit > > > ProxyPassReverse /submit http://transifexCluster/submit > > > > > > RewriteEngine On > > > +RewruteRule ^/tx$ https://translate.fedoraproject.org/tx/ [R,L] > > > RewriteRule ^/tx(.*) http://app1/tx$1 [P] > > > RewriteRule ^/site_media(.*) http://app1/site_media$1 [P] > > > > > > > > > > s/Rewrute/Rewrite/ > > > > Despite that, looks OK to me: +1 ;-) > > > > Thanks, thats why we do these things :) Fixed. +1 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Wed Mar 11 20:32:47 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 11 Mar 2009 15:32:47 -0500 (CDT) Subject: sanity request In-Reply-To: <20090311201426.GD2971@gmail.com> References: <20090311201426.GD2971@gmail.com> Message-ID: On Wed, 11 Mar 2009, Ian Weller wrote: > How is it that we can have fifty threads in this list with the subject > line as "change request" and no additional information? I'm not the one > who has to deal with them and it drives me insane, so I'm not sure how > others can work with it -- especially those unfortunate enough to not > have message threading. > > In other words please describe your change requests in the subject line > to help with differentiation. Thanks, The Non-Management :) > FWIW, these only happen during a change freeze and aren't really list stuff but more workflow stuff, I'll try to be more descriptive but they can all safely be ignored unless you're a sysadmin-mainer. -Mike From simon at zikula.org Wed Mar 11 23:00:57 2009 From: simon at zikula.org (Simon Birtwistle) Date: Wed, 11 Mar 2009 23:00:57 -0000 Subject: Password resets In-Reply-To: <49B80C50.4020301@gmail.com> References: <49B7F05A.8080307@gmail.com> <49B7FA6F.1000001@gmail.com> <49B804F6.7030906@gmail.com> <49B80C50.4020301@gmail.com> Message-ID: <031e01c9a29d$3e3c1560$bab44020$@org> I'm coming to this discussion without much background, so apologies if I am missing something, but from what I gather all you're trying to do is check for active contributors? If so, why not send an email along the following lines instead of requiring password resets? "According to our records you are a contributor to the Fedora project. We periodically check that all our contributors are still active so that we can clean up old accounts and save some server room. If you would like to keep your Fedora account, please click the link below. Should you not have visited the link below by x, we will remove your account. http://admin.fedoraproject.org/accounts/verify/myemail at fp.o You have one month until your account will be removed." In these circumstances I find short, clear emails with a clear statement of consequences gets across best... Simon From jkeating at redhat.com Thu Mar 12 01:23:46 2009 From: jkeating at redhat.com (Jesse Keating) Date: Wed, 11 Mar 2009 18:23:46 -0700 Subject: sanity request In-Reply-To: References: <20090311201426.GD2971@gmail.com> Message-ID: <1236821026.8851.8.camel@localhost.localdomain> On Wed, 2009-03-11 at 15:32 -0500, Mike McGrath wrote: > > > > In other words please describe your change requests in the subject line > > to help with differentiation. Thanks, The Non-Management :) > > > > FWIW, these only happen during a change freeze and aren't really list > stuff but more workflow stuff, I'll try to be more descriptive but they > can all safely be ignored unless you're a sysadmin-mainer. One thing I think we could do is do more of what mmcgrath just did, posting the proposed change as a diff. As long as it isn't sensitive info, we can just use the git send-email program to send the commit we'd like to push to this list, using --compose to allow us to compose a message that the patch will be in reply to. That'll give the subject some context, the email body the actual change and some sanity to the whole thing (: Of course, changes that aren't just git commits are not going to be helped by this. -- Jesse Keating Fedora -- Freedom? is a feature! identi.ca: http://identi.ca/jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From mmcgrath at redhat.com Thu Mar 12 01:27:40 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 11 Mar 2009 20:27:40 -0500 (CDT) Subject: sanity request In-Reply-To: <1236821026.8851.8.camel@localhost.localdomain> References: <20090311201426.GD2971@gmail.com> <1236821026.8851.8.camel@localhost.localdomain> Message-ID: On Wed, 11 Mar 2009, Jesse Keating wrote: > On Wed, 2009-03-11 at 15:32 -0500, Mike McGrath wrote: > > > > > > In other words please describe your change requests in the subject line > > > to help with differentiation. Thanks, The Non-Management :) > > > > > > > FWIW, these only happen during a change freeze and aren't really list > > stuff but more workflow stuff, I'll try to be more descriptive but they > > can all safely be ignored unless you're a sysadmin-mainer. > > > One thing I think we could do is do more of what mmcgrath just did, > posting the proposed change as a diff. As long as it isn't sensitive > info, we can just use the git send-email program to send the commit we'd > like to push to this list, using --compose to allow us to compose a > message that the patch will be in reply to. That'll give the subject > some context, the email body the actual change and some sanity to the > whole thing (: > > Of course, changes that aren't just git commits are not going to be > helped by this. > Huh? git can do that? :) -Mike From dimitris at glezos.com Thu Mar 12 01:42:28 2009 From: dimitris at glezos.com (Dimitris Glezos) Date: Thu, 12 Mar 2009 03:42:28 +0200 Subject: sanity request In-Reply-To: References: <20090311201426.GD2971@gmail.com> <1236821026.8851.8.camel@localhost.localdomain> Message-ID: <6d4237680903111842w3182d80n657af79462cff0bd@mail.gmail.com> On Thu, Mar 12, 2009 at 3:27 AM, Mike McGrath wrote: > On Wed, 11 Mar 2009, Jesse Keating wrote: >> One thing I think we could do is do more of what mmcgrath just did, >> posting the proposed change as a diff. ?As long as it isn't sensitive >> info, we can just use the git send-email program to send the commit we'd >> like to push to this list, using --compose to allow us to compose a >> message that the patch will be in reply to. ?That'll give the subject >> some context, the email body the actual change and some sanity to the >> whole thing (: > > Huh? ?git can do that? ?:) There's also git make-coffee. -? -- Dimitris Glezos Jabber ID: glezos at jabber.org, GPG: 0xA5A04C3B http://dimitris.glezos.com/ "He who gives up functionality for ease of use loses both and deserves neither." (Anonymous) -- From jkeating at redhat.com Thu Mar 12 02:11:21 2009 From: jkeating at redhat.com (Jesse Keating) Date: Thu, 12 Mar 2009 02:11:21 +0000 Subject: Change request - Using git send-email Message-ID: <1236823882-490-1-git-send-email-jkeating@redhat.com> Here is a message from git send-email. To get here, I used: $ git commit -a Created commit cb85f54: Disable rawhide. 1 files changed, 2 insertions(+), 1 deletions(-) $ git format-patch HEAD^ 0001-Disable-rawhide.patch $ git send-email --compose --to Fedora-infrastructure-list at redhat.com 0001-Disable-rawhide.patch -- Jes From jkeating at redhat.com Thu Mar 12 02:11:22 2009 From: jkeating at redhat.com (Jesse Keating) Date: Thu, 12 Mar 2009 02:11:22 +0000 Subject: [PATCH] Disable rawhide. In-Reply-To: <1236823882-490-1-git-send-email-jkeating@redhat.com> References: <1236823882-490-1-git-send-email-jkeating@redhat.com> Message-ID: <1236823882-490-2-git-send-email-jkeating@redhat.com> From: Jesse Keating This is a test commit for email send testing --- configs/build/rawhide | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/configs/build/rawhide b/configs/build/rawhide index 2bdaa57..4c7f0b8 100644 --- a/configs/build/rawhide +++ b/configs/build/rawhide @@ -1,3 +1,4 @@ # rawhide compose MAILTO=jkeating at fedoraproject.org -1 6 * * * masher TMPDIR=`mktemp -d /tmp/rawhide.XXXXX`; cd $TMPDIR; git clone -n git://git.fedorahosted.org/git/releng; cd releng; git checkout -b rawhide-stable; LANG=en_US.UTF-8 ./scripts/buildrawhide $(date "+\%Y\%m\%d"); sudo -u ftpsync /usr/local/bin/update-fullfilelist fedora +# Disabled as a test commit +#1 6 * * * masher TMPDIR=`mktemp -d /tmp/rawhide.XXXXX`; cd $TMPDIR; git clone -n git://git.fedorahosted.org/git/releng; cd releng; git checkout -b rawhide-stable; LANG=en_US.UTF-8 ./scripts/buildrawhide $(date "+\%Y\%m\%d"); sudo -u ftpsync /usr/local/bin/update-fullfilelist fedora -- 1.5.5.6 From jkeating at redhat.com Thu Mar 12 02:20:56 2009 From: jkeating at redhat.com (Jesse Keating) Date: Thu, 12 Mar 2009 02:20:56 +0000 Subject: [PATCH] Add a git-email package class In-Reply-To: <1236824457-1007-1-git-send-email-jkeating@redhat.com> References: <1236824457-1007-1-git-send-email-jkeating@redhat.com> Message-ID: <1236824457-1007-2-git-send-email-jkeating@redhat.com> --- manifests/services/packages.pp | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/manifests/services/packages.pp b/manifests/services/packages.pp index bd3f667..8cd7ed7 100644 --- a/manifests/services/packages.pp +++ b/manifests/services/packages.pp @@ -193,6 +193,12 @@ class git-package { } } +class git-email-package { + package { git-email: + ensure => present, + } +} + class fedora-packager-package { package { fedora-packager: ensure => present, -- 1.5.5.6 From jkeating at redhat.com Thu Mar 12 02:20:57 2009 From: jkeating at redhat.com (Jesse Keating) Date: Thu, 12 Mar 2009 02:20:57 +0000 Subject: [PATCH] Make sure git and git-email are installed on puppet systems In-Reply-To: <1236824457-1007-2-git-send-email-jkeating@redhat.com> References: <1236824457-1007-1-git-send-email-jkeating@redhat.com> <1236824457-1007-2-git-send-email-jkeating@redhat.com> Message-ID: <1236824457-1007-3-git-send-email-jkeating@redhat.com> --- manifests/servergroups/puppet.pp | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/manifests/servergroups/puppet.pp b/manifests/servergroups/puppet.pp index d054fef..c393f9a 100644 --- a/manifests/servergroups/puppet.pp +++ b/manifests/servergroups/puppet.pp @@ -13,6 +13,8 @@ class puppetServer { include scripts::geoip-retriever include geoip-retriever include drbackupPubKey + include git-package + include git-email-package # Firewall Rules, allow web, smolt, Plone, mirrormanager, noc, pkgdb, certmaster and bodhi traffic through $tcpPorts = [ 80, 8140, 873, 51235 ] -- 1.5.5.6 From jkeating at redhat.com Thu Mar 12 02:20:55 2009 From: jkeating at redhat.com (Jesse Keating) Date: Thu, 12 Mar 2009 02:20:55 +0000 Subject: Change Request - Puppetize git(-email) being on puppet systems Message-ID: <1236824457-1007-1-git-send-email-jkeating@redhat.com> I already installed git-email on puppet1, but this puts it in puppet itself. I also noticed that git wasn't puppetized for puppet1 either. -- Jes From ricky at fedoraproject.org Thu Mar 12 13:55:39 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Thu, 12 Mar 2009 09:55:39 -0400 Subject: [PATCH] Make sure git and git-email are installed on puppet systems In-Reply-To: <1236824457-1007-3-git-send-email-jkeating@redhat.com> References: <1236824457-1007-1-git-send-email-jkeating@redhat.com> <1236824457-1007-2-git-send-email-jkeating@redhat.com> <1236824457-1007-3-git-send-email-jkeating@redhat.com> Message-ID: <20090312135539.GF22369@sphe.res.cmu.edu> On 2009-03-12 02:20:57 AM, Jesse Keating wrote: > --- > manifests/servergroups/puppet.pp | 2 ++ > 1 files changed, 2 insertions(+), 0 deletions(-) > > diff --git a/manifests/servergroups/puppet.pp b/manifests/servergroups/puppet.pp > index d054fef..c393f9a 100644 > --- a/manifests/servergroups/puppet.pp > +++ b/manifests/servergroups/puppet.pp > @@ -13,6 +13,8 @@ class puppetServer { > include scripts::geoip-retriever > include geoip-retriever > include drbackupPubKey > + include git-package > + include git-email-package > > # Firewall Rules, allow web, smolt, Plone, mirrormanager, noc, pkgdb, certmaster and bodhi traffic through > $tcpPorts = [ 80, 8140, 873, 51235 ] > -- > 1.5.5.6 +1 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Thu Mar 12 13:58:27 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 12 Mar 2009 08:58:27 -0500 (CDT) Subject: [PATCH] Make sure git and git-email are installed on puppet systems In-Reply-To: <20090312135539.GF22369@sphe.res.cmu.edu> References: <1236824457-1007-1-git-send-email-jkeating@redhat.com> <1236824457-1007-2-git-send-email-jkeating@redhat.com> <1236824457-1007-3-git-send-email-jkeating@redhat.com> <20090312135539.GF22369@sphe.res.cmu.edu> Message-ID: On Thu, 12 Mar 2009, Ricky Zhou wrote: > On 2009-03-12 02:20:57 AM, Jesse Keating wrote: > > --- > > manifests/servergroups/puppet.pp | 2 ++ > > 1 files changed, 2 insertions(+), 0 deletions(-) > > > > diff --git a/manifests/servergroups/puppet.pp b/manifests/servergroups/puppet.pp > > index d054fef..c393f9a 100644 > > --- a/manifests/servergroups/puppet.pp > > +++ b/manifests/servergroups/puppet.pp > > @@ -13,6 +13,8 @@ class puppetServer { > > include scripts::geoip-retriever > > include geoip-retriever > > include drbackupPubKey > > + include git-package > > + include git-email-package > > > > # Firewall Rules, allow web, smolt, Plone, mirrormanager, noc, pkgdb, certmaster and bodhi traffic through > > $tcpPorts = [ 80, 8140, 873, 51235 ] > > -- > > 1.5.5.6 > +1 +1 -Mike From katzj at redhat.com Thu Mar 12 14:01:49 2009 From: katzj at redhat.com (Jeremy Katz) Date: Thu, 12 Mar 2009 10:01:49 -0400 Subject: Change request - Using git send-email In-Reply-To: <1236823882-490-1-git-send-email-jkeating@redhat.com> References: <1236823882-490-1-git-send-email-jkeating@redhat.com> Message-ID: <20090312140149.GA7275@redhat.com> On Thursday, March 12 2009, Jesse Keating said: > Here is a message from git send-email. > > To get here, I used: > > $ git commit -a > Created commit cb85f54: Disable rawhide. > 1 files changed, 2 insertions(+), 1 deletions(-) > > $ git format-patch HEAD^ > 0001-Disable-rawhide.patch > > $ git send-email --compose --to Fedora-infrastructure-list at redhat.com 0001-Disable-rawhide.patch Note that if it's a single patch, --compose is probably overkill as it makes two messages rather than one. Your commit message is self-explanatory, no? (... and if not, edit the 0001 file before running git send-email) Jeremy From a.badger at gmail.com Thu Mar 12 15:05:45 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Thu, 12 Mar 2009 08:05:45 -0700 Subject: Change request -- fas template csrf fix Message-ID: <49B924C9.8050600@gmail.com> Found a template in fas that is not adding the csrf token properly. The Add User button on: https://admin.fedoraproject.org/accounts/group/view/ This is just an annoyance (one particular link leading people to the CSRF login page instead of directly to the action they requested) but the fix is easy and non-intrusive. Patch is: @@ -77,7 +77,8 @@
${_('Add User:')}
-
+ -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From ricky at fedoraproject.org Thu Mar 12 15:50:05 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Thu, 12 Mar 2009 11:50:05 -0400 Subject: Change request -- fas template csrf fix In-Reply-To: <49B924C9.8050600@gmail.com> References: <49B924C9.8050600@gmail.com> Message-ID: <20090312155005.GG22369@sphe.res.cmu.edu> On 2009-03-12 08:05:45 AM, Toshio Kuratomi wrote: > Patch is: > > @@ -77,7 +77,8 @@ > >
${_('Add User:')}
>
> - > + + method="post"> > > +1 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Thu Mar 12 15:51:48 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 12 Mar 2009 10:51:48 -0500 (CDT) Subject: Change request -- fas template csrf fix In-Reply-To: <49B924C9.8050600@gmail.com> References: <49B924C9.8050600@gmail.com> Message-ID: On Thu, 12 Mar 2009, Toshio Kuratomi wrote: > Found a template in fas that is not adding the csrf token properly. > > The Add User button on: > https://admin.fedoraproject.org/accounts/group/view/ > > This is just an annoyance (one particular link leading people to the > CSRF login page instead of directly to the action they requested) but > the fix is easy and non-intrusive. > > Patch is: > > @@ -77,7 +77,8 @@ > >
${_('Add User:')}
>
> - > + + method="post"> > > > +1 -Mike From tmz at pobox.com Thu Mar 12 16:34:32 2009 From: tmz at pobox.com (Todd Zullinger) Date: Thu, 12 Mar 2009 12:34:32 -0400 Subject: Change request - Using git send-email In-Reply-To: <20090312140149.GA7275@redhat.com> References: <1236823882-490-1-git-send-email-jkeating@redhat.com> <20090312140149.GA7275@redhat.com> Message-ID: <20090312163432.GA19175@inocybe.teonanacatl.org> Jeremy Katz wrote: > Note that if it's a single patch, --compose is probably overkill as > it makes two messages rather than one. Your commit message is > self-explanatory, no? (... and if not, edit the 0001 file before > running git send-email) For bonus points, the --subject-prefix option to git format-patch can be used to change the prefix from [PATCH] to [Change Request]: git format-patch --subject-prefix='Change Request' ... | git send-email (An alias in git could make this quite convenient.) Commentary could be added between the --- and the diffstat, as is common on the git and kernel lists for patches. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The best cure for insomnia is to get a lot of sleep. -- W.C. Fields -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available URL: From a.badger at gmail.com Thu Mar 12 16:41:18 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Thu, 12 Mar 2009 09:41:18 -0700 Subject: Change Request -- python-fedora django auth fix Message-ID: <49B93B2E.7060206@gmail.com> A problem was discovered with django auth and redirects. I'm spinning a new python-fedora package that has the fix for this and would like to deploy it on the hosts that we have transifex installed: app1 and app2 This package does not need to be installed in other places but it shouldn't hurt as the package just makes changes to the django auth provider which only transifex uses. Permission to install this? -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From mmcgrath at redhat.com Thu Mar 12 16:50:53 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 12 Mar 2009 11:50:53 -0500 (CDT) Subject: Change Request -- python-fedora django auth fix In-Reply-To: <49B93B2E.7060206@gmail.com> References: <49B93B2E.7060206@gmail.com> Message-ID: On Thu, 12 Mar 2009, Toshio Kuratomi wrote: > A problem was discovered with django auth and redirects. I'm spinning a > new python-fedora package that has the fix for this and would like to > deploy it on the hosts that we have transifex installed: app1 and app2 > > This package does not need to be installed in other places but it > shouldn't hurt as the package just makes changes to the django auth > provider which only transifex uses. > > Permission to install this? > +1 -Mike From ricky at fedoraproject.org Thu Mar 12 17:43:26 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Thu, 12 Mar 2009 13:43:26 -0400 Subject: Change Request -- python-fedora django auth fix In-Reply-To: <49B93B2E.7060206@gmail.com> References: <49B93B2E.7060206@gmail.com> Message-ID: <20090312174326.GH22369@sphe.res.cmu.edu> On 2009-03-12 09:41:18 AM, Toshio Kuratomi wrote: > A problem was discovered with django auth and redirects. I'm spinning a > new python-fedora package that has the fix for this and would like to > deploy it on the hosts that we have transifex installed: app1 and app2 > > This package does not need to be installed in other places but it > shouldn't hurt as the package just makes changes to the django auth > provider which only transifex uses. > > Permission to install this? +1 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Thu Mar 12 18:19:45 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 12 Mar 2009 13:19:45 -0500 (CDT) Subject: Meeting Today Message-ID: Just a reminder that the our meetings are at 20:00 UTC. (you can run date -u to see what utc time it is). But this means for most of us in the states, the meetings are now an hour later, starting at 4:00 pm Eastern (3:00 pm Chicago Cubs time) -Mike From mmcgrath at redhat.com Thu Mar 12 18:37:19 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 12 Mar 2009 18:37:19 +0000 Subject: Change Request Message-ID: <1236883040-5344-1-git-send-email-mmcgrath@redhat.com> Can I get 2 +1's? From mmcgrath at redhat.com Thu Mar 12 18:37:20 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 12 Mar 2009 18:37:20 +0000 Subject: [Change Request] Added compose-x86/x86-8 to the ssh known hosts list In-Reply-To: <1236883040-5344-1-git-send-email-mmcgrath@redhat.com> References: <1236883040-5344-1-git-send-email-mmcgrath@redhat.com> Message-ID: <1236883040-5344-2-git-send-email-mmcgrath@redhat.com> From: Mike McGrath This is technically a global change. Very low risk --- modules/ssh/files/ssh_known_hosts | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/modules/ssh/files/ssh_known_hosts b/modules/ssh/files/ssh_known_hosts index 348b733..8f5543f 100644 --- a/modules/ssh/files/ssh_known_hosts +++ b/modules/ssh/files/ssh_known_hosts @@ -70,7 +70,7 @@ x86-4,10.8.34.223 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtXfXpXwocyfpDGPI1IbjhwuGHc x86-5,10.8.34.224 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA9Ys1Mo5cBk8JIuMNcWHjIOqXvws0aHgVof1wj9XHcm1X0I37zmIlMAtGAzjuav3R9SqtvkNywqRTOW9OW4YcFUc3XmuWwkEfU1z2kZ9446Iof1YWiLS0i1qKQMHMcezZSwue16s6yTH+fk7ZDFNQXb/9kGT7rtDAG2tRhUwv/X39vhIhSyatB7j+uU/KWK90ymkBDDilALaANcPxJbfn3qsjBd+m4VpeBVdVj/QFRll0RCIas/Sc9irQpVXDDYYFl1zjhc+/NH/hR8GFTi+ojzLMmP18JKib0qtUF8YWjz1NzvVAf01BnfmMWhsQsZejmifsy6fjgHh1a0VuDqWFsQ== x86-6,10.8.34.225 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsSjsWRnCaE0Qg1XJSFVd0Yz1ZTl1u8fLmaSxXpJgrC1grH/EH/VzTFjBek/jA5UBUOcIwf8tQe7eBttcj0jSmaUyRU0k7bnPh6Ek+CJBbB0BZ5N50urcgLkjZJNdlRlYsfc8CJI9sl47IVSwZP3bPzNYDaVtHqcQKik04AluCew8gduvLiDjC/gVqVxSRwcgwHiMlkKWf7zlQS/yuzSBjzY0iMLrKaf0u89QO3trmfecBR7r2CuhKvxxam9DXSiuYxcLUW6hEDNvT2fpW4jFXZl9idpNjsJZXrLtNybAWvoEC/Sn2IBw0c6NfaqmNaxvKKjbfND8tYLf4AtdwoatZw== x86-7,10.8.34.226 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAz1wkRNc9Tb/AxGBM0sLvcCxxpn9QNxpzdXEUZ/nQyGurBSMz8ZTBnGp2JlPwwmaJLkypR90nMQIUEgb4huF2JKQSSsv1l5kTxGiFwqo45zyu6gtwF78jl/AWvI91uAWrLAGspkVzaBRMhh5FQp3sCZGfYn1C+RYuoycH3MiPdHVPg3V0+32UTG444pwrhKJGY0yz4eproX/V6kxspCZ/sXvFZuSncm/rtYuxziktX7O8oYvmOgD/WhOk+ssxFM49L77hlgS/dbWkiYq1CeJklBlWYsZdw//nCu2VB3NZvY2aA3j7l0sqyI4xRQWlHhIbpBYTCRi2LvsXaE4O46ws1Q== -x86-8 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAriDSchnp28etCJeeaBNTV3Szqi55lNPGNQND0HfGWG6KJAI8jhkabsMxgPNe9QO6UfwbMXmuIdqMfcqJGvjYf+hAZK2XWKe0AFuT2GFnIbRbWh1m9h1pe9NjNC40RGQ6aZXuutKTEhXExvmmWKf5neSDQlaqkcqRiKSRIz65nAcRrzVoG6J11OI00MPP8aHzlg1lGAX5Aj2liMt1ho0alzqX6V/Ndu2sdRmKo2BQZNZQr+GRYlat+Fcpj3sqpM4+wnulW5D7wTTAXYqFjcEA+YlPSlt9e3QBmiCohlXVydGMf6711YrEGUvtJctX64ZvcVkQH5oKp1QOcvMKwhX7UQ== +compose-x86,x86-8,10.8.34.227 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAznKlEw9qRYsZ22VS2VO3tTxIk+WtuX4YooaQkXOoapX6IBZatRMFpSyeql/BeAniADLbWb3nKiZRCoAmKSMoIXKPfoF1dSRZMRwt4iR++9TYabuNbWEbBlV8aBfPtGuzAGhEBVHUsP3bHYwLPEFMJaomTB2biUAgFfk1RQn7JqsqsIMT7QfTIIMQD0HH+fqx7eeMTUFbS1l0m6h7H67mpZQNM++BZWXJQdY9+6VGdfOe2NAcasI1iABM+jXUE4f877QLCJEQjfGM2czUNm83DdpTkHKBUIMA8qtlKrixXYM7/pXB35i4R4OeZf9uj5cYjO5dM6Tm8bJsUee8XEFPAw== xen10,10.8.34.126 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5Oh5uaAbqBWxDyBbf81hMxO9fi7iGuiUhaO1lX9MqZ3I94eE7cJrG/lQ0cEUoXHaiX48iGT9avkBPyDf/gSEYHB6Gy1vrTi0u2aQMiM9RsCFy56m8+5Qn2H9GcWBhIXX5aqxfuucddoG6culHkPp69q+fpMYLlTi8jiVG6X0ElR8bC5Msr8g1cidkLn6vhMWImGpE+6465/LhVvh8B8BhylQIQRjN4DxmITcZjvLFCAApM9FqhxOJWDX+e9maBvBd9sLCYRFZeJqBy34OZu37W2pKTWzpDTEZSyZcHKggZLA/9IiVJcBPvNwnPMExw56nJBoJc9xwueAaaIEbJB1Mw== xen11,10.8.34.209 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3NGlyoMcpLss5zVnvTImNGvCtfKe38vJKtr5swRoYC9B674rCzpUfgpLEIMq99AXrMUu9oH6LhrO9TGMewab6rsN0BQbpCMr4pYdZbuQSC2DRBEjpgaCDNhqy5usyaPIy1vzt/Vwi8I0gBYFd8sfA6JJ7++k1v/RoCeil5+BRgBRKiq1dLjL3LhdL5vUGU/60VrhQIkYm+hILZAqk9cAELIg622L8enbGBoKIxB9pmpAqnn4Kp0Nm35Y3wUSiqVcloup7ITg8rLwEGXUsy9CRz2b9JFNJAJNBTGp613Tf11Bc4f9LRF0yItgNMWnFXRw7ziEsKzRKQ0V9VG7hEeLhw== xen12,10.8.34.201 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3h0fK6aExXOGPlIv3SlTjBtDVh8XaT759k+7xcqYI/MUm7W/7PSPJE3V/C51+7chqhlSiwHcpzB36EnePnakip/VrjxSEgaFD7NIb43AA5us8qC/fO/UUq1XpE2Qcl1uWP7EZlcsjAnrKQ5DaIy8FgvkpugVCFgUV+NSJVxI94s73IYaLa0cqKg/OsMBU8mVRncF9MdbbJgCW/5+JCogON0CyYU8+8RKmPrMcEs56qbe03M0LP0NZ0cjSHnxbeDI0+aGnrHdPDvQHRA7/TkkvluZ8Ec3A9duaLq6F2GSePEuqhvnMdjLoXsPuzW6vUVJLyfW4rLssh05QHgRl0fhUQ== -- 1.5.5.6 From mmcgrath at redhat.com Thu Mar 12 18:37:10 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 12 Mar 2009 13:37:10 -0500 (CDT) Subject: Change Request In-Reply-To: <1236883040-5344-1-git-send-email-mmcgrath@redhat.com> References: <1236883040-5344-1-git-send-email-mmcgrath@redhat.com> Message-ID: On Thu, 12 Mar 2009, Mike McGrath wrote: > Can I get 2 +1's? > Uhhhh, clearly I missed a step here :) -Mike From mmcgrath at redhat.com Thu Mar 12 18:41:07 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 12 Mar 2009 18:41:07 +0000 Subject: [Change Request] Adding files to ssh-known-hsts Message-ID: <1236883268-5464-1-git-send-email-mmcgrath@redhat.com> Trying again, hopefully with less fail. -Mike From mmcgrath at redhat.com Thu Mar 12 18:41:08 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 12 Mar 2009 18:41:08 +0000 Subject: [PATCH] Added compose-x86/x86-8 to the ssh known hosts list In-Reply-To: <1236883268-5464-1-git-send-email-mmcgrath@redhat.com> References: <1236883268-5464-1-git-send-email-mmcgrath@redhat.com> Message-ID: <1236883268-5464-2-git-send-email-mmcgrath@redhat.com> From: Mike McGrath This is technically a global change. Very low risk --- modules/ssh/files/ssh_known_hosts | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/modules/ssh/files/ssh_known_hosts b/modules/ssh/files/ssh_known_hosts index 348b733..8f5543f 100644 --- a/modules/ssh/files/ssh_known_hosts +++ b/modules/ssh/files/ssh_known_hosts @@ -70,7 +70,7 @@ x86-4,10.8.34.223 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtXfXpXwocyfpDGPI1IbjhwuGHc x86-5,10.8.34.224 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA9Ys1Mo5cBk8JIuMNcWHjIOqXvws0aHgVof1wj9XHcm1X0I37zmIlMAtGAzjuav3R9SqtvkNywqRTOW9OW4YcFUc3XmuWwkEfU1z2kZ9446Iof1YWiLS0i1qKQMHMcezZSwue16s6yTH+fk7ZDFNQXb/9kGT7rtDAG2tRhUwv/X39vhIhSyatB7j+uU/KWK90ymkBDDilALaANcPxJbfn3qsjBd+m4VpeBVdVj/QFRll0RCIas/Sc9irQpVXDDYYFl1zjhc+/NH/hR8GFTi+ojzLMmP18JKib0qtUF8YWjz1NzvVAf01BnfmMWhsQsZejmifsy6fjgHh1a0VuDqWFsQ== x86-6,10.8.34.225 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsSjsWRnCaE0Qg1XJSFVd0Yz1ZTl1u8fLmaSxXpJgrC1grH/EH/VzTFjBek/jA5UBUOcIwf8tQe7eBttcj0jSmaUyRU0k7bnPh6Ek+CJBbB0BZ5N50urcgLkjZJNdlRlYsfc8CJI9sl47IVSwZP3bPzNYDaVtHqcQKik04AluCew8gduvLiDjC/gVqVxSRwcgwHiMlkKWf7zlQS/yuzSBjzY0iMLrKaf0u89QO3trmfecBR7r2CuhKvxxam9DXSiuYxcLUW6hEDNvT2fpW4jFXZl9idpNjsJZXrLtNybAWvoEC/Sn2IBw0c6NfaqmNaxvKKjbfND8tYLf4AtdwoatZw== x86-7,10.8.34.226 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAz1wkRNc9Tb/AxGBM0sLvcCxxpn9QNxpzdXEUZ/nQyGurBSMz8ZTBnGp2JlPwwmaJLkypR90nMQIUEgb4huF2JKQSSsv1l5kTxGiFwqo45zyu6gtwF78jl/AWvI91uAWrLAGspkVzaBRMhh5FQp3sCZGfYn1C+RYuoycH3MiPdHVPg3V0+32UTG444pwrhKJGY0yz4eproX/V6kxspCZ/sXvFZuSncm/rtYuxziktX7O8oYvmOgD/WhOk+ssxFM49L77hlgS/dbWkiYq1CeJklBlWYsZdw//nCu2VB3NZvY2aA3j7l0sqyI4xRQWlHhIbpBYTCRi2LvsXaE4O46ws1Q== -x86-8 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAriDSchnp28etCJeeaBNTV3Szqi55lNPGNQND0HfGWG6KJAI8jhkabsMxgPNe9QO6UfwbMXmuIdqMfcqJGvjYf+hAZK2XWKe0AFuT2GFnIbRbWh1m9h1pe9NjNC40RGQ6aZXuutKTEhXExvmmWKf5neSDQlaqkcqRiKSRIz65nAcRrzVoG6J11OI00MPP8aHzlg1lGAX5Aj2liMt1ho0alzqX6V/Ndu2sdRmKo2BQZNZQr+GRYlat+Fcpj3sqpM4+wnulW5D7wTTAXYqFjcEA+YlPSlt9e3QBmiCohlXVydGMf6711YrEGUvtJctX64ZvcVkQH5oKp1QOcvMKwhX7UQ== +compose-x86,x86-8,10.8.34.227 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAznKlEw9qRYsZ22VS2VO3tTxIk+WtuX4YooaQkXOoapX6IBZatRMFpSyeql/BeAniADLbWb3nKiZRCoAmKSMoIXKPfoF1dSRZMRwt4iR++9TYabuNbWEbBlV8aBfPtGuzAGhEBVHUsP3bHYwLPEFMJaomTB2biUAgFfk1RQn7JqsqsIMT7QfTIIMQD0HH+fqx7eeMTUFbS1l0m6h7H67mpZQNM++BZWXJQdY9+6VGdfOe2NAcasI1iABM+jXUE4f877QLCJEQjfGM2czUNm83DdpTkHKBUIMA8qtlKrixXYM7/pXB35i4R4OeZf9uj5cYjO5dM6Tm8bJsUee8XEFPAw== xen10,10.8.34.126 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5Oh5uaAbqBWxDyBbf81hMxO9fi7iGuiUhaO1lX9MqZ3I94eE7cJrG/lQ0cEUoXHaiX48iGT9avkBPyDf/gSEYHB6Gy1vrTi0u2aQMiM9RsCFy56m8+5Qn2H9GcWBhIXX5aqxfuucddoG6culHkPp69q+fpMYLlTi8jiVG6X0ElR8bC5Msr8g1cidkLn6vhMWImGpE+6465/LhVvh8B8BhylQIQRjN4DxmITcZjvLFCAApM9FqhxOJWDX+e9maBvBd9sLCYRFZeJqBy34OZu37W2pKTWzpDTEZSyZcHKggZLA/9IiVJcBPvNwnPMExw56nJBoJc9xwueAaaIEbJB1Mw== xen11,10.8.34.209 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3NGlyoMcpLss5zVnvTImNGvCtfKe38vJKtr5swRoYC9B674rCzpUfgpLEIMq99AXrMUu9oH6LhrO9TGMewab6rsN0BQbpCMr4pYdZbuQSC2DRBEjpgaCDNhqy5usyaPIy1vzt/Vwi8I0gBYFd8sfA6JJ7++k1v/RoCeil5+BRgBRKiq1dLjL3LhdL5vUGU/60VrhQIkYm+hILZAqk9cAELIg622L8enbGBoKIxB9pmpAqnn4Kp0Nm35Y3wUSiqVcloup7ITg8rLwEGXUsy9CRz2b9JFNJAJNBTGp613Tf11Bc4f9LRF0yItgNMWnFXRw7ziEsKzRKQ0V9VG7hEeLhw== xen12,10.8.34.201 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3h0fK6aExXOGPlIv3SlTjBtDVh8XaT759k+7xcqYI/MUm7W/7PSPJE3V/C51+7chqhlSiwHcpzB36EnePnakip/VrjxSEgaFD7NIb43AA5us8qC/fO/UUq1XpE2Qcl1uWP7EZlcsjAnrKQ5DaIy8FgvkpugVCFgUV+NSJVxI94s73IYaLa0cqKg/OsMBU8mVRncF9MdbbJgCW/5+JCogON0CyYU8+8RKmPrMcEs56qbe03M0LP0NZ0cjSHnxbeDI0+aGnrHdPDvQHRA7/TkkvluZ8Ec3A9duaLq6F2GSePEuqhvnMdjLoXsPuzW6vUVJLyfW4rLssh05QHgRl0fhUQ== -- 1.5.5.6 From jkeating at redhat.com Thu Mar 12 18:42:32 2009 From: jkeating at redhat.com (Jesse Keating) Date: Thu, 12 Mar 2009 11:42:32 -0700 Subject: [PATCH] Added compose-x86/x86-8 to the ssh known hosts list In-Reply-To: <1236883268-5464-2-git-send-email-mmcgrath@redhat.com> References: <1236883268-5464-1-git-send-email-mmcgrath@redhat.com> <1236883268-5464-2-git-send-email-mmcgrath@redhat.com> Message-ID: <1236883353.3941.18.camel@localhost.localdomain> On Thu, 2009-03-12 at 18:41 +0000, Mike McGrath wrote: > > This is technically a global change. Very low risk Diffs of this file are nearly impossible to read, but I'll trust what you're doing rather than the diff. +1 -- Jesse Keating Fedora -- Freedom? is a feature! identi.ca: http://identi.ca/jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From jkeating at redhat.com Thu Mar 12 18:43:08 2009 From: jkeating at redhat.com (Jesse Keating) Date: Thu, 12 Mar 2009 11:43:08 -0700 Subject: Meeting Today In-Reply-To: References: Message-ID: <1236883388.3941.19.camel@localhost.localdomain> On Thu, 2009-03-12 at 13:19 -0500, Mike McGrath wrote: > (3:00 pm Chicago Cubs time) Chicago Cubs time, is that when everybody drinks because the cubs lost again? -- Jesse Keating Fedora -- Freedom? is a feature! identi.ca: http://identi.ca/jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From a.badger at gmail.com Thu Mar 12 18:42:35 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Thu, 12 Mar 2009 11:42:35 -0700 Subject: [Change Request] Added compose-x86/x86-8 to the ssh known hosts list In-Reply-To: <1236883040-5344-2-git-send-email-mmcgrath@redhat.com> References: <1236883040-5344-1-git-send-email-mmcgrath@redhat.com> <1236883040-5344-2-git-send-email-mmcgrath@redhat.com> Message-ID: <49B9579B.4060503@gmail.com> Mike McGrath wrote: > From: Mike McGrath > > This is technically a global change. Very low risk > --- > modules/ssh/files/ssh_known_hosts | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > +1 -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From sundaram at fedoraproject.org Thu Mar 12 19:03:01 2009 From: sundaram at fedoraproject.org (Rahul Sundaram) Date: Fri, 13 Mar 2009 00:33:01 +0530 Subject: Wordpress? In-Reply-To: <49B531CF.8000409@redhat.com> References: <914074.47996.qm@web50906.mail.re2.yahoo.com> <49B0F557.2080608@fedoraproject.org> <49B531CF.8000409@redhat.com> Message-ID: <49B95C65.5010303@fedoraproject.org> Bret McMillan wrote: > Rahul Sundaram wrote: >> Clint Savage wrote: >>> >>> Mike, >>> >>> Do you have a link to the mailing list thread? I'd like to read up on >>> it. I like MU, don't get me wrong, just wonder why it was chosen. >> >> We wanted it for a Fedora News site. Refer >> >> https://fedorahosted.org/fedora-infrastructure/ticket/178 > > At this point, I think we're blocked on a theme (outside my skillset). I > think jonrob was going to look at this time-permitting. Jon Rob won't have time for this for a while. http://jonrob.wordpress.com/2009/03/09/time-out/ Mo, if you can get a theme going, I would like to launch this news site soon, ahead of Fedora 11. Thanks for the help. Rahul From ricky at fedoraproject.org Thu Mar 12 18:57:59 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Thu, 12 Mar 2009 14:57:59 -0400 Subject: [Change Request] Added compose-x86/x86-8 to the ssh known hosts list In-Reply-To: <1236883040-5344-2-git-send-email-mmcgrath@redhat.com> References: <1236883040-5344-1-git-send-email-mmcgrath@redhat.com> <1236883040-5344-2-git-send-email-mmcgrath@redhat.com> Message-ID: <20090312185759.GI22369@sphe.res.cmu.edu> On 2009-03-12 06:37:20 PM, Mike McGrath wrote: > From: Mike McGrath > > This is technically a global change. Very low risk > --- > modules/ssh/files/ssh_known_hosts | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) +1 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From smooge at gmail.com Thu Mar 12 19:00:14 2009 From: smooge at gmail.com (Stephen John Smoogen) Date: Thu, 12 Mar 2009 13:00:14 -0600 Subject: Change Request In-Reply-To: References: <1236883040-5344-1-git-send-email-mmcgrath@redhat.com> Message-ID: <80d7e4090903121200r508d0d53w991139905c38b336@mail.gmail.com> On Thu, Mar 12, 2009 at 12:37 PM, Mike McGrath wrote: > On Thu, 12 Mar 2009, Mike McGrath wrote: > >> Can I get 2 +1's? >> > > Uhhhh, clearly I missed a step here :) > +1 -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" From smooge at gmail.com Thu Mar 12 19:02:55 2009 From: smooge at gmail.com (Stephen John Smoogen) Date: Thu, 12 Mar 2009 13:02:55 -0600 Subject: Meeting Today In-Reply-To: <1236883388.3941.19.camel@localhost.localdomain> References: <1236883388.3941.19.camel@localhost.localdomain> Message-ID: <80d7e4090903121202y1c448b24t384d9a9315b0552d@mail.gmail.com> 2009/3/12 Jesse Keating : > On Thu, 2009-03-12 at 13:19 -0500, Mike McGrath wrote: >> (3:00 pm Chicago Cubs time) > > Chicago Cubs time, is that when everybody drinks because the cubs lost > again? They drink whether or not the Cubs won. The issue is it is Harry Caray time or not. -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" From smooge at gmail.com Thu Mar 12 19:02:05 2009 From: smooge at gmail.com (Stephen John Smoogen) Date: Thu, 12 Mar 2009 13:02:05 -0600 Subject: [Change Request] Adding files to ssh-known-hsts In-Reply-To: <1236883268-5464-1-git-send-email-mmcgrath@redhat.com> References: <1236883268-5464-1-git-send-email-mmcgrath@redhat.com> Message-ID: <80d7e4090903121202r54f677eu10f06483072f55ea@mail.gmail.com> On Thu, Mar 12, 2009 at 12:41 PM, Mike McGrath wrote: > > Trying again, hopefully with less fail. > What hosts? -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" From ricky at fedoraproject.org Thu Mar 12 20:27:07 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Thu, 12 Mar 2009 16:27:07 -0400 Subject: Meeting Log - 2009-03-12 Message-ID: <20090312202707.GJ22369@sphe.res.cmu.edu> 20:00 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Who's here? 20:00 * ricky 20:00 * collier_s is here 20:01 * ivazquez|laptop is around 20:01 -!- MostafaDaneshvar [n=MostafaD at unaffiliated/mostafadaneshvar] has joined #fedora-meeting 20:01 * SmootherFrOgZ here 20:02 < mmcgrath> Ok, so lets get started 20:03 -!- Sonar_Gal [n=Andrea at fedora/SonarGal] has quit Connection timed out 20:03 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Tickets 20:03 * skvidal is 20:03 < mmcgrath> Looks like there actually aren't any tickets. 20:04 < mmcgrath> So next topic 20:04 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Fedora Cloud 20:04 < mmcgrath> So it looks like our Fedora cloud might finally be delivered. 20:04 < SmootherFrOgZ> \o/ 20:04 < mmcgrath> From what I understand the last of the network stuff should be ready by tomorrow night. 20:05 < mmcgrath> SmootherFrOgZ: you still interested.. even though it's been 2 months?!?! :) 20:05 < SmootherFrOgZ> mmcgrath: hahaha, are you kidding me ? 20:06 < ricky> What work is there to be done once it's delivered? 20:06 < mmcgrath> :) 20:06 < SmootherFrOgZ> i've a lot of work to commit ;) 20:06 < mmcgrath> ricky: my understanding is we've been waiting for months to get a switch and router configured. 20:06 < ricky> Haha 20:06 < mmcgrath> anywho. 20:06 < mmcgrath> It's coming! 20:06 < mmcgrath> so that's good. 20:06 < mmcgrath> And it's something we can work on while we're frozen so that's nice too. 20:06 -!- basilgohar [n=basilgoh at 60.48.61.220] has quit Read error: 54 (Connection reset by peer) 20:06 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Password Resets. 20:06 < collier_s> i'd like to help out in anyway / shape / form 20:07 < mmcgrath> collier_s: sure thing, I'm sure there will be a bunch of stuff to do. 20:07 < mmcgrath> So the password resets went remarkably well for most people. There's a pretty vocal minority though. 20:07 < mmcgrath> Some good ideas came out of it. 20:07 -!- tibbs [n=tibbs at fedora/tibbs] has quit "Konversation terminated!" 20:08 < ricky> So exactly what changes are we looking at for next time? 20:08 < mmcgrath> ricky: the 3 things mentioned in my email. 20:08 < mmcgrath> recovery of home dir, more explicit email, and aliases to stick around longer. 20:08 < ricky> Sorry, I've been looking at several different threads on this topic 20:09 < ricky> Aha 20:09 < mmcgrath> And since people bitched and moaned enough we will probably go off of "last seen" and start updating that. 20:09 < mmcgrath> It accomplishes a similar goal. It'll make things easier on the package contributors if we can get it updated in pkgdb and bodhi. 20:10 * ricky will look at getting fasClient and the expiry script modified for those things 20:10 < mmcgrath> and since they seem to be the ones who had the biggest problem figuring out who this whole process worked, if we can avoid inconveniencing them in the future we might as well. 20:10 < mmcgrath> s/who/how/ 20:10 -!- basilgohar [n=basilgoh at 220.61.48.60.trm01-home.tm.net.my] has joined #fedora-meeting 20:11 < mmcgrath> ricky: how much time will you have to devote to that over the next month or so? 20:11 < mmcgrath> I'd like to enable a regular daily check as soon as we can. 20:11 < mmcgrath> abadger1999 is familiar with some of the issues and suggestions as well but I didn't want to volunteer him to fix them. 20:11 < ricky> I wish I could give a definitely number :-( I should be able to get the big requirements done this week, while it's spring break 20:11 < ricky> **definite 20:12 < mmcgrath> ricky: k, well keep me in the loop. If things fall apart I can spend some more time getting it up and going. 20:12 < mmcgrath> Anyone have anything else on that? 20:13 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- compose-x86 20:13 < mmcgrath> Boy was that box borked. 20:13 < mmcgrath> it's mostly fixed now. 20:13 < mmcgrath> as a result we're also going to do bios updates to our other x86 blades and the ppc blades just for fun. 20:13 < mmcgrath> compose-x86 runs rawhide so we had all sorts of fun getting it all back up. 20:13 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Transifex 20:14 * mmcgrath summons glezos 20:14 < mmcgrath> ivazquez|laptop: how's transifex going? 20:14 < ivazquez|laptop> Well. 20:14 < mmcgrath> My understanding is we couldn't commit last night because the transif user didn't have access. 20:14 < mmcgrath> other then that and the final migration to a $REAL_DB, things are working? 20:15 < ivazquez|laptop> A fix for PG 8.2+ has been applied. 20:15 < ivazquez|laptop> MySQL we all know about. 20:15 < mmcgrath> ivazquez|laptop: that was a transifex fix, not a django fix right? 20:15 < ivazquez|laptop> Correct. 20:15 -!- Zool^ [n=kaland at 19.81-166-29.customer.lyse.net] has quit Read error: 110 (Connection timed out) 20:15 < mmcgrath> k 20:15 < mmcgrath> do you know when this is going to start getting used to do actual translations? 20:16 < mmcgrath> or has the translations team started already? 20:16 < ivazquez|laptop> I haven't been watching that side; glezos would better answer that. 20:16 < mmcgrath> k 20:16 -!- Sonar_Gal [n=Andrea at fedora/SonarGal] has joined #fedora-meeting 20:16 < mmcgrath> ivazquez|laptop: do you think we should sqlite -> postgres sooner or later? 20:17 < ivazquez|laptop> Yes. I can respin a new SRPM today. 20:17 < mmcgrath> k, sounds good. I'll make sure to have free time this afternoon to convert and test. 20:17 < ivazquez|laptop> Then it's a matter of altering a single column for the fix. 20:17 < mmcgrath> I still need to get all of this stuff into puppet. 20:18 < mmcgrath> k 20:18 < mmcgrath> ivazquez|laptop: anything else on that? 20:18 < ivazquez|laptop> Sounds about it. 20:19 < mmcgrath> k 20:19 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Beta Release 20:19 < mmcgrath> The beta release is coming up, I've still got some tickets to create and hand out. 20:19 < mmcgrath> And a mirror to verify we have enough space for. 20:20 < mmcgrath> any questions about the freeze right now? 20:20 < ggruener> what is the date of the beta release? 20:21 -!- rwmjones_ [n=rwmjones at 87.127.66.208] has quit "Closed connection" 20:21 < mmcgrath> ggruener: looks like March 24th. 20:21 < mmcgrath> usually around 10:00 am Eastern time 20:21 < ggruener> ok 20:21 < mmcgrath> Ok, so that's all I had for the meeting 20:21 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Open Floor 20:21 < mmcgrath> anyone have anything they'd like to discuss? 20:23 < mmcgrath> Then I'd just like to thank abadger1999 ivazquez|laptop G_work Rasther and glezos for their work on helping us get the new transifex deployed. 20:23 -!- rdieter is now known as rdieter_away 20:23 < mmcgrath> all in all it's gone fairly well, lots of bumps but nothing horrible. It certainly could have been much much worse. 20:23 -!- lcafiero [n=larry at dsl-63-249-115-153.cruzio.com] has quit Remote closed the connection 20:24 < mmcgrath> so 3 cheers. 20:24 < mmcgrath> Ok, if no one has anything I'll close the meeting in 30 20:24 < ricky> Thanks a lot! 20:24 < f13> I got nuthin 20:24 < mmcgrath> 15 20:24 < mmcgrath> 5 20:24 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Meeting End -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Thu Mar 12 22:44:49 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 12 Mar 2009 17:44:49 -0500 (CDT) Subject: Unclaimed F11 Beta Tickets Message-ID: Hey all, just a heads up. Some of these tickets are still unclaimed (I just created them today). Some of these (like the MM redirects) can only be done by people who have access to them. But others, like the website, could be done by anyone who can email a patch our way. Though ricky usually does it :) https://fedorahosted.org/fedora-infrastructure/report/9 -Mike From a.badger at gmail.com Fri Mar 13 00:06:45 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Thu, 12 Mar 2009 17:06:45 -0700 Subject: Change request -- Django Provider update 2 Message-ID: <49B9A395.3050400@gmail.com> Okay, the last auth update fixed redirects but broke logging into django apps. I'd like to install a new python-fedora with a one-line change for that. === modified file 'fedora/django/auth/middleware.py' --- fedora/django/auth/middleware.py 2009-03-12 14:02:58 +0000 +++ fedora/django/auth/middleware.py 2009-03-12 22:34:37 +0000 @@ -39,7 +39,7 @@ logout(request) def process_response(self, request, response): - if type(response) == HttpResponse: + if response.status_code != 301: if isinstance(request.user, AnonymousUser): # response.set_cookie(key='tg-visit', value='', max_age=0) if 'tg-visit' in request.session: -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From mmcgrath at redhat.com Fri Mar 13 00:13:23 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 12 Mar 2009 19:13:23 -0500 (CDT) Subject: Change request -- Django Provider update 2 In-Reply-To: <49B9A395.3050400@gmail.com> References: <49B9A395.3050400@gmail.com> Message-ID: On Thu, 12 Mar 2009, Toshio Kuratomi wrote: > Okay, the last auth update fixed redirects but broke logging into django > apps. I'd like to install a new python-fedora with a one-line change > for that. > > === modified file 'fedora/django/auth/middleware.py' > --- fedora/django/auth/middleware.py 2009-03-12 14:02:58 +0000 > +++ fedora/django/auth/middleware.py 2009-03-12 22:34:37 +0000 > @@ -39,7 +39,7 @@ > logout(request) > > def process_response(self, request, response): > - if type(response) == HttpResponse: > + if response.status_code != 301: > if isinstance(request.user, AnonymousUser): > # response.set_cookie(key='tg-visit', value='', max_age=0) > if 'tg-visit' in request.session: > > +1 -Mike From ricky at fedoraproject.org Fri Mar 13 00:25:59 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Thu, 12 Mar 2009 20:25:59 -0400 Subject: Change request -- Django Provider update 2 In-Reply-To: <49B9A395.3050400@gmail.com> References: <49B9A395.3050400@gmail.com> Message-ID: <20090313002559.GM22369@sphe.res.cmu.edu> On 2009-03-12 05:06:45 PM, Toshio Kuratomi wrote: > Okay, the last auth update fixed redirects but broke logging into django > apps. I'd like to install a new python-fedora with a one-line change > for that. > > === modified file 'fedora/django/auth/middleware.py' > --- fedora/django/auth/middleware.py 2009-03-12 14:02:58 +0000 > +++ fedora/django/auth/middleware.py 2009-03-12 22:34:37 +0000 > @@ -39,7 +39,7 @@ > logout(request) > > def process_response(self, request, response): > - if type(response) == HttpResponse: > + if response.status_code != 301: > if isinstance(request.user, AnonymousUser): > # response.set_cookie(key='tg-visit', value='', max_age=0) > if 'tg-visit' in request.session: +1 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From kolesov_dv at mail.ru Fri Mar 13 01:59:33 2009 From: kolesov_dv at mail.ru (Dmitry Kolesov) Date: Fri, 13 Mar 2009 04:59:33 +0300 Subject: tiket #72 Message-ID: Hello. It is channges for the dispatcher.py. I added the function remove_user(). === modified file 'pkgdb/dispatcher.py' --- pkgdb/dispatcher.py 2009-02-27 15:58:55 +0000 +++ pkgdb/dispatcher.py 2009-03-13 01:20:10 +0000 @@ -1397,3 +1397,95 @@ identity.current.user, [clone_branch]) return dict(pkglisting=clone_branch) + + @expose(allow_json=True) + # Check that the requestor is in a group that could potentially set ACLs. + @identity.require(identity.not_anonymous()) + def remove_user(self, pkg_name, username, collectn_list=None): + '''Remove users from a package. + :arg pkg_name: Name of the package + :arg username: Name of user to remove from the package + :arg collectn_list: list of collections like 'F-10', 'devel' + ''' + person = fas.person_by_username(username) + if not person: + return dict(status=False, + message='Specified user name %s does not have a' \ + ' Fedora Account' % username) + try: + # pylint: disable-msg=E1101 + pkg = Package.query.filter_by(name=pkg_name).one() + except InvalidRequestError: + return dict(status=False, message='Package %s does not exist' % pkg_name) + + # Check that the current user is allowed to change acl statuses + approved = self._user_can_set_acls(identity, pkg) + if not ident.in_group('cvsadmin'): + return dict(status=False, message= + '%s is not allowed to remove user from the package' % + identity.current.user_name) + + log_msgs = [] + + if collectn_list: + for simple_name in collectn_list: + try: + collectn = Collection.by_simple_name(simple_name) + except InvalidRequestError: + return dict(status=False, message='Collection %s does not exist' % simple_name) + + pkg_listing = PackageListing.query.filter_by(packageid=pkg.id, + collectionid=collectn.id).one() + + acls = PersonPackageListingAcl.query.filter(and_( + PersonPackageListingAcl.c.personpackagelistingid + == PersonPackageListing.c.id, + PersonPackageListing.c.packagelistingid == pkg_listing.id, + PersonPackageListing.c.username == person['username'])).all() + + for acl in acls: + person_acl = self._create_or_modify_acl(pkg_listing, person['id'], acl, self.obsoleteStatus) + + log_msg = u'%s has set the %s acl on %s (%s %s) to Obsolete for %s' % ( + identity.current.user_name, acl, pkg.name, + pkg_listing.collection.name, pkg_listing.collection.version, + person['username']) + log = PersonPackageListingAclLog(identity.current.user.id, + self.obsoleteStatus.statuscodeid, log_msg) + log.acl = person_acl # pylint: disable-msg=W0201 + log_msgs.append(log_msg) + + else: + for pkg_listing in pkg.listings: + acls = PersonPackageListingAcl.query.filter(and_( + PersonPackageListingAcl.c.personpackagelistingid + == PersonPackageListing.c.id, + PersonPackageListing.c.packagelistingid == pkg_listing.id, + PersonPackageListing.c.username == person['username'])).all() + + for acl in acls: + person_acl = self._create_or_modify_acl(pkg_listing, person['id'], acl, self.obsoleteStatus) + + log_msg = u'%s has set the %s acl on %s (%s %s) to Obsolete for %s' % ( + identity.current.user_name, acl, pkg.name, + pkg_listing.collection.name, pkg_listing.collection.version, + person['username']) + log = PersonPackageListingAclLog(identity.current.user.id, + self.obsoleteStatus.statuscodeid, log_msg) + log.acl = person_acl # pylint: disable-msg=W0201 + log_msgs.append(log_msg) + + try: + session.flush() + except SQLError, e: + # An error was generated + return dict(status=False, + message='Not able to change acl %s on %s with status %s' \ + % (acl, pkgid, self.obsoleteStatus.statusname)) + + # Send a log to people interested in this package as well + self._send_log_msg('\n'.join(log_msgs), '%s had acl change status' % ( + pkg.name), identity.current.user, pkg.listings, + other_email=(person['email'],)) + + return dict(status=True) -------------- next part -------------- A non-text attachment was scrubbed... Name: dispatcher.patch Type: application/x-patch Size: 5138 bytes Desc: not available URL: From a.badger at gmail.com Fri Mar 13 05:05:31 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Thu, 12 Mar 2009 22:05:31 -0700 Subject: tiket #72 In-Reply-To: References: Message-ID: <49B9E99B.3070702@gmail.com> Very nice work! I have a few comments; mostly based on new coding styles that we're enforcing in new code but haven't made it into old code yet. Dmitry Kolesov wrote: > Hello. > It is channges for the dispatcher.py. I added the function remove_user(). > > > === modified file 'pkgdb/dispatcher.py' > --- pkgdb/dispatcher.py 2009-02-27 15:58:55 +0000 > +++ pkgdb/dispatcher.py 2009-03-13 01:20:10 +0000 > @@ -1397,3 +1397,95 @@ > identity.current.user, [clone_branch]) > > return dict(pkglisting=clone_branch) > + > + @expose(allow_json=True) > > + # Check that the requestor is in a group that could potentially set ACLs. > > + @identity.require(identity.not_anonymous()) > > + def remove_user(self, pkg_name, username, collectn_list=None): I'd reorder the arguments to be username, pkg_name, collectn_list. This is because username is the subject of the action so it's more important than the pkg_name and collectn_list. (Also, the pkg_name and collectn_list work together to define the pkglistings that the user is being removed from). > > + '''Remove users from a package. > + :arg pkg_name: Name of the package > + :arg username: Name of user to remove from the package > + :arg collectn_list: list of collections like 'F-10', 'devel' > + ''' I'd add the default value to the collectn_list documentation and what it means. > + person = fas.person_by_username(username) > + if not person: > + return dict(status=False, > + message='Specified user name %s does not have a' \ > + ' Fedora Account' % username) Since this is a removal, we don't need to retrieve the person information from fas. The username should be sufficient. > + try: > + # pylint: disable-msg=E1101 > + pkg = Package.query.filter_by(name=pkg_name).one() > + except InvalidRequestError: > + return dict(status=False, message='Package %s does not exist' % pkg_name) We're trying to move to a new style of returning errors. It's documented here: https://fedorahosted.org/releases/p/y/python-fedora/doc/service.html#error-handling Basically, when returning an error you'll do something like this: from turbogears import flash [...] flash('Package %s does not exist' % pkg_name) return dict(exc='NoPackageError') When the client receives this it will see that exc is set and create an AppError exception with the name in exc and the message that you called flash() with (it will end up in tg_flash). > + # Check that the current user is allowed to change acl statuses > + approved = self._user_can_set_acls(identity, pkg) > + if not ident.in_group('cvsadmin'): I think we've abstracted 'cvsadmin' out to a config file option. You should be able to do this: from pkgdb.utils import admin_grp [...] if not identity.in_group(admin_grp): Also, I think you want identity rather than ident > + return dict(status=False, message= > + '%s is not allowed to remove user from the package' % > + identity.current.user_name) > + Same thing about returning errors here. > + log_msgs = [] > + > + if collectn_list: > + for simple_name in collectn_list: > + try: > + collectn = Collection.by_simple_name(simple_name) > + except InvalidRequestError: > + return dict(status=False, message='Collection %s does not exist' % simple_name) > + Same thing about returning errors > + pkg_listing = PackageListing.query.filter_by(packageid=pkg.id, > + collectionid=collectn.id).one() > + > + acls = PersonPackageListingAcl.query.filter(and_( > + PersonPackageListingAcl.c.personpackagelistingid > + == PersonPackageListing.c.id, > + PersonPackageListing.c.packagelistingid == pkg_listing.id > + PersonPackageListing.c.username == person['username'])).all() > + You can change this from person['username'] to username > + for acl in acls: > + person_acl = self._create_or_modify_acl(pkg_listing, person['id'], acl, self.obsoleteStatus) > + maploin has just committed a new db schema and code to the db that changes things like this to use username instead of id. So you can just pass username instead of person['id']. > + log_msg = u'%s has set the %s acl on %s (%s %s) to Obsolete for %s' % ( > + identity.current.user_name, acl, pkg.name, > + pkg_listing.collection.name, pkg_listing.collection.version, > + person['username']) > + log = PersonPackageListingAclLog(identity.current.user.id, > + self.obsoleteStatus.statuscodeid, log_msg) > + log.acl = person_acl # pylint: disable-msg=W0201 > + log_msgs.append(log_msg) > + > + else: > + for pkg_listing in pkg.listings: There's common code with the above block. From here... > + acls = PersonPackageListingAcl.query.filter(and_( > + PersonPackageListingAcl.c.personpackagelistingid > + == PersonPackageListing.c.id, > + PersonPackageListing.c.packagelistingid == pkg_listing.id, > + PersonPackageListing.c.username == person['username'])).all() > + > + for acl in acls: > + person_acl = self._create_or_modify_acl(pkg_listing, person['id'], acl, self.obsoleteStatus) > + > + log_msg = u'%s has set the %s acl on %s (%s %s) to Obsolete for %s' % ( > + identity.current.user_name, acl, pkg.name, > + pkg_listing.collection.name, pkg_listing.collection.version, > + person['username']) > + log = PersonPackageListingAclLog(identity.current.user.id, > + self.obsoleteStatus.statuscodeid, log_msg) > + log.acl = person_acl # pylint: disable-msg=W0201 > + log_msgs.append(log_msg) ... to here. We can put them together by putting them in their own function or by creating the list of collections inside the if-then and then moving the loop out a level. Something like this: package_listings = [] if collctn_list: for simple_name in collectn_list: collctn = Collection.by_simple_name(simple_name) pkg_listing = PackageListing.query.filter_by(packageid=pkg.id, collectionid=collectn.id).one() package_listings.append(pkg_listing) else: package_listings = pkg.listings for pkg_listing in package_listings: [....] > + > + try: > + session.flush() > + except SQLError, e: > + # An error was generated > + return dict(status=False, > + message='Not able to change acl %s on %s with status %s' \ > + % (acl, pkgid, self.obsoleteStatus.statusname)) > + Same thing about returning errors. > + # Send a log to people interested in this package as well > + self._send_log_msg('\n'.join(log_msgs), '%s had acl change status' % ( > + pkg.name), identity.current.user, pkg.listings, > + other_email=(person['email'],)) > + > + return dict(status=True) And this looks fine. Cool. So if we can get you able to commit to a branch, you can commit this, work on it a little bit, and then we can merge it into the trunk. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From mmcgrath at redhat.com Fri Mar 13 15:49:09 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 13 Mar 2009 10:49:09 -0500 (CDT) Subject: [Change Request] - transifex-0.5-0.6.rc1.hgc3439806202e Message-ID: I'd like to update app1 to transifex-0.5-0.6.rc1.hgc3439806202e 2+1's ? -Mike From a.badger at gmail.com Fri Mar 13 15:50:22 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Fri, 13 Mar 2009 08:50:22 -0700 Subject: [Change Request] - transifex-0.5-0.6.rc1.hgc3439806202e In-Reply-To: References: Message-ID: <49BA80BE.6080808@gmail.com> Mike McGrath wrote: > I'd like to update app1 to transifex-0.5-0.6.rc1.hgc3439806202e > > 2+1's ? > +1 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From laxathom at fedoraproject.org Fri Mar 13 15:55:58 2009 From: laxathom at fedoraproject.org (Xavier Lamien) Date: Fri, 13 Mar 2009 16:55:58 +0100 Subject: [Change Request] - transifex-0.5-0.6.rc1.hgc3439806202e In-Reply-To: References: Message-ID: <62bc09df0903130855r16780baew5a0ce3453c28cb37@mail.gmail.com> On Fri, Mar 13, 2009 at 4:49 PM, Mike McGrath wrote: > I'd like to update app1 to transifex-0.5-0.6.rc1.hgc3439806202e > > 2+1's ? > +1 -- Xavier.t Lamien -- http://fedoraproject.org/wiki/XavierLamien GPG-Key ID: F3903DEB Fingerprint: 0F2A 7A17 0F1B 82EE FCBF 1F51 76B7 A28D F390 3DEB From ricky at fedoraproject.org Fri Mar 13 20:03:39 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Fri, 13 Mar 2009 16:03:39 -0400 Subject: [Change Request] - transifex-0.5-0.6.rc1.hgc3439806202e In-Reply-To: References: Message-ID: <20090313200339.GN22369@sphe.res.cmu.edu> On 2009-03-13 10:49:09 AM, Mike McGrath wrote: > I'd like to update app1 to transifex-0.5-0.6.rc1.hgc3439806202e > > 2+1's ? +1 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From ricky at fedoraproject.org Fri Mar 13 22:32:27 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Fri, 13 Mar 2009 22:32:27 +0000 Subject: [Change Request] Message-ID: <1236983548-13332-1-git-send-email-ricky@fedoraproject.org> Apparently, the current upload.cgi isn't checking group permissions properly. Here's a patch to simplify auth checking (and clean formatting up). From ricky at fedoraproject.org Fri Mar 13 22:32:28 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Fri, 13 Mar 2009 22:32:28 +0000 Subject: [PATCH] Updated upload.cgi to check group permissions. In-Reply-To: <1236983548-13332-1-git-send-email-ricky@fedoraproject.org> References: <1236983548-13332-1-git-send-email-ricky@fedoraproject.org> Message-ID: <1236983548-13332-2-git-send-email-ricky@fedoraproject.org> --- configs/web/applications/upload.cgi | 49 +++++++++++++++++++--------------- 1 files changed, 27 insertions(+), 22 deletions(-) mode change 100755 => 100644 configs/web/applications/upload.cgi diff --git a/configs/web/applications/upload.cgi b/configs/web/applications/upload.cgi old mode 100755 new mode 100644 index 3629fdd..74cb2bb --- a/configs/web/applications/upload.cgi +++ b/configs/web/applications/upload.cgi @@ -5,6 +5,7 @@ # every step along the way... # # $Id: upload.cgi,v 1.10 2005/04/15 23:44:24 gafton Exp $ +# License: GPL import os import sys @@ -15,7 +16,6 @@ import tempfile import StringIO import grp - # reading buffer size BUFFER_SIZE = 4096 @@ -25,6 +25,8 @@ DEBUG = 0 # We check modules exist from this dircetory CVSREPO = "/cvs/pkgs/rpms" +# Fedora Packager Group +PACKAGER_GROUP = "packager" # log a trace of what we're doing def log_msg(*msgs): @@ -57,9 +59,9 @@ def send_ok(text): # check and validate that all the fields are present def check_form(var): if not form.has_key(var): - send_error("required field '%s' is not present" % (var,)) + send_error("Required field '%s' is not present" % (var,)) ret = form.getvalue(var) - if type(ret) == type([]): + if type(ret) == list: send_error("Multiple values given for '%s'. Aborting" % (var,)) ret = os.path.basename(ret) # this is a path component return ret @@ -75,24 +77,23 @@ def check_dir(tmpdir, wok = os.W_OK): send_error("Path %s is not a directory." % (tmpdir,)) return 1 -# -# MAIN START -# -auth_username = auth_password = None -need_auth = 1 +authenticated = False + if os.environ.has_key('SSL_CLIENT_S_DN_CN'): auth_username = os.environ['SSL_CLIENT_S_DN_CN'] - need_auth = 0 + if auth_username in grp.getgrnam(PACKAGER_GROUP)[3]: + authenticated = True pieces = os.environ['REQUEST_URI'].split('/') assert pieces[1] == 'repo' -if need_auth: - print """Status: 403 Unauthorized to access the document +if not authenticated + print """Status: 403 Forbidden Content-type: text/plain -""" - sys.exit(0) +You must be in the %s group to upload. +""" % PACKAGER_GROUP + sys.exit(0) form = cgi.FieldStorage() NAME = check_form("name") @@ -103,11 +104,11 @@ MD5SUM = check_form("md5sum") # In a submission, we don;t get a FILENAME, just the FILE. FILE = None FILENAME = None + if form.has_key("filename"): # check the presence of the file FILENAME = check_form("filename") - log_msg("Checking file status", - "NAME=%s FILENAME=%s MD5SUM=%s" % (NAME,FILENAME,MD5SUM)) + log_msg("Checking file status", "NAME=%s FILENAME=%s MD5SUM=%s" % (NAME,FILENAME,MD5SUM)) else: if form.has_key("file"): FILE = form["file"] @@ -119,14 +120,15 @@ else: send_error("Could not extract the filename for upload. Aborting") else: send_error("required field '%s' is not present" % ("file", )) - log_msg("Processing upload request", - "NAME=%s FILENAME=%s MD5SUM=%s" % (NAME,FILENAME,MD5SUM)) -# Now that all the fields are valid,, figure out our operating environment + log_msg("Processing upload request", "NAME=%s FILENAME=%s MD5SUM=%s" % (NAME,FILENAME,MD5SUM)) + +# Now that all the fields are valid, figure out our operating environment if not os.environ.has_key("SCRIPT_FILENAME"): send_error("My running environment is funky. Aborting") # start processing this request my_script = os.environ["SCRIPT_FILENAME"] + # the module's top level directory my_topdir = os.path.dirname(my_script) my_moddir = "%s/%s" % (my_topdir, NAME) @@ -149,17 +151,17 @@ if os.access(file_dest, os.F_OK | os.R_OK): message = "Available" else: FILE.file.close() - message = "File %s already exists\nFile: %s Size: %d" % ( - FILENAME, file_dest, s[stat.ST_SIZE]) + message = "File %s already exists\nFile: %s Size: %d" % (FILENAME, file_dest, s[stat.ST_SIZE]) send_ok(message) sys.exit(0) + # just checking? if FILE is None: send_ok("Missing") sys.exit(-9) - + # check that all directories are in place -for tmpdir in [ my_topdir, my_moddir, my_filedir, my_md5dir]: +for tmpdir in [my_topdir, my_moddir, my_filedir, my_md5dir]: if not check_dir(tmpdir): # we agree to create this directory if the corresponding cvs module dir exists if tmpdir == my_moddir: @@ -187,18 +189,21 @@ while 1: tmpfd.write(s) m.update(s) FILELENGTH = FILELENGTH + len(s) + # now we're done reading, check the MD5 sum of what we got tmpfd.close() my_md5sum = m.hexdigest() if MD5SUM != my_md5sum: send_error("MD5 check failed. Received %s instead of %s" % ( my_md5sum, MD5SUM)) + # wow, even the MD5SUM matches. make sure full path is valid now for tmpdir in [ my_moddir, my_filedir, my_md5dir ]: if not check_dir(tmpdir): os.mkdir(tmpdir, 02775) log_msg("mkdir", tmpdir) # and move our file to the final location + os.rename(tmpfile, file_dest) log_msg("Stored filesize", FILELENGTH, file_dest) -- 1.5.5.6 From a.badger at gmail.com Fri Mar 13 22:29:55 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Fri, 13 Mar 2009 15:29:55 -0700 Subject: [Change Request] In-Reply-To: <1236983548-13332-1-git-send-email-ricky@fedoraproject.org> References: <1236983548-13332-1-git-send-email-ricky@fedoraproject.org> Message-ID: <49BADE63.4060901@gmail.com> Ricky Zhou wrote: > Apparently, the current upload.cgi isn't checking group permissions properly. Here's a patch to simplify auth checking (and clean formatting up). > +1 Thanks ricky! -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From mmcgrath at redhat.com Fri Mar 13 22:36:34 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 13 Mar 2009 17:36:34 -0500 (CDT) Subject: [Change Request] In-Reply-To: <49BADE63.4060901@gmail.com> References: <1236983548-13332-1-git-send-email-ricky@fedoraproject.org> <49BADE63.4060901@gmail.com> Message-ID: On Fri, 13 Mar 2009, Toshio Kuratomi wrote: > Ricky Zhou wrote: > > Apparently, the current upload.cgi isn't checking group permissions properly. Here's a patch to simplify auth checking (and clean formatting up). > > > +1 > +1 -Mike From ricky at fedoraproject.org Fri Mar 13 22:41:19 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Fri, 13 Mar 2009 18:41:19 -0400 Subject: [Change Request] Fix duplicate definition of Selinux_bool[rsync_export_all_ro]. Message-ID: <20090313224119.GA31257@sphe.res.cmu.edu> --- manifests/servergroups/cvs.pp | 4 ---- 1 files changed, 0 insertions(+), 4 deletions(-) diff --git a/manifests/servergroups/cvs.pp b/manifests/servergroups/cvs.pp index 8dc4038..bc8d770 100644 --- a/manifests/servergroups/cvs.pp +++ b/manifests/servergroups/cvs.pp @@ -24,10 +24,6 @@ class cvs { hasstatus => true, } - selinux_bool { 'rsync_export_all_ro': - bool => 'on' - } - semanage_fcontext { '/srv/scm/cvs(/.*)?': type => 'cvs_data_t' } -- 1.5.5.6 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From a.badger at gmail.com Fri Mar 13 22:54:25 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Fri, 13 Mar 2009 15:54:25 -0700 Subject: [Change Request] Fix duplicate definition of Selinux_bool[rsync_export_all_ro]. In-Reply-To: <20090313224119.GA31257@sphe.res.cmu.edu> References: <20090313224119.GA31257@sphe.res.cmu.edu> Message-ID: <49BAE421.8050607@gmail.com> Ricky Zhou wrote: > --- > manifests/servergroups/cvs.pp | 4 ---- > 1 files changed, 0 insertions(+), 4 deletions(-) > > diff --git a/manifests/servergroups/cvs.pp b/manifests/servergroups/cvs.pp > index 8dc4038..bc8d770 100644 > --- a/manifests/servergroups/cvs.pp > +++ b/manifests/servergroups/cvs.pp > @@ -24,10 +24,6 @@ class cvs { > hasstatus => true, > } > > - selinux_bool { 'rsync_export_all_ro': > - bool => 'on' > - } > - > semanage_fcontext { '/srv/scm/cvs(/.*)?': > type => 'cvs_data_t' > } > So the duplicate that we're saving is in the phx.pp definition? Any reason that's not in global instead? -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From ricky at fedoraproject.org Sat Mar 14 03:10:21 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Fri, 13 Mar 2009 23:10:21 -0400 Subject: [Change Request] Fix duplicate definition of Selinux_bool[rsync_export_all_ro]. In-Reply-To: <49BAE421.8050607@gmail.com> References: <20090313224119.GA31257@sphe.res.cmu.edu> <49BAE421.8050607@gmail.com> Message-ID: <20090314031021.GA31998@sphe.res.cmu.edu> On 2009-03-13 03:54:25 PM, Toshio Kuratomi wrote: > So the duplicate that we're saving is in the phx.pp definition? Any > reason that's not in global instead? Actually, now that I think about it, I don't see why it's in phx.pp instead of all of the individual nodes/servergroups. Luke, do you remember why you added it to phx.pp? Here's a (possibly incomplete) list of where we run rsync: * secondary1 (archives.fp.o) * cvs * app servers(log sharing) * proxies (log sharing) * buildsys.fp.o (EPEL rsync) * hosted (hosted sync) * puppet (puppet applications sync) Do you think it would be correct to just add that definition to the above machines (after the change freeze, I guess)? Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From a.badger at gmail.com Sun Mar 15 00:36:27 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Sat, 14 Mar 2009 17:36:27 -0700 Subject: Change Request -- high risk, high reward Message-ID: <49BC4D8B.6090409@gmail.com> ricky and I have identified a piece of code in fas2's new safasprovider that's querying the database a lot. It's causing anything that checks identity to issue a query to the database to lookup the visit cookie. This is causing things that lookup information on the identity multiple times to take a lot of time. One of the functions that does this is filter_private(), the function that removes excess information according to privacy settings and who is looking for the data. Our test was the /user/list method which is currently running over 5 minutes for an otherwise non-database loop. Changing this caused the loop to run for 8 seconds. That's the benefit. The risk is that this is a change to the safasprovider, ie the portion of fas2 that authenticates the user. So if there's a reason this shouldn't be cached, we could potentially be breaking a lot of things. Ricky and I have both looked at the code in fas/safasprovider.py::SaFasIdentity and think that it's safe to cache this. The TG-1.0.8 saprovider on which safasprovider is based does not cache this but I've looked at the code and it seems like their provider only uses the variable in question a maximum of two times during a request. The CSRF protection that we've enabled needs to use this variable more often. Here's the code: --- a/fas/safasprovider.py +++ b/fas/safasprovider.py @@ -65,6 +65,7 @@ class SaFasIdentity(object): def __init__(self, visit_key=None, user=None, using_ssl=False): self.visit_key = visit_key + self._visit_link = None if user: self._user = user if visit_key is not None: @@ -201,9 +202,13 @@ class SaFasIdentity(object): ### TG: Same as TG-1.0.8 def _get_visit_link(self): '''Get the visit link to this identity.''' + if self._visit_link: + return self.visit_link if self.visit_key is None: - return None - return visit_class.query.filter_by(visit_key=self.visit_key).first() + self._visit_link = None + else: + self._visit_link = visit_class.query.filter_by(visit_key=self.visi t_key).first() + return self._visit_link visit_link = property(_get_visit_link) If we were outside of freeze, I would apply this as it is causing issues for some of the things that talk to fas (like zodbot and developer instances of pkgdb). -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From ricky at fedoraproject.org Sun Mar 15 00:50:12 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Sat, 14 Mar 2009 20:50:12 -0400 Subject: Change Request -- high risk, high reward In-Reply-To: <49BC4D8B.6090409@gmail.com> References: <49BC4D8B.6090409@gmail.com> Message-ID: <20090315005012.GA3645@sphe.res.cmu.edu> On 2009-03-14 05:36:27 PM, Toshio Kuratomi wrote: > Ricky and I have both looked at the code in > fas/safasprovider.py::SaFasIdentity and think that it's safe to cache > this. The TG-1.0.8 saprovider on which safasprovider is based does not > cache this but I've looked at the code and it seems like their provider > only uses the variable in question a maximum of two times during a > request. The CSRF protection that we've enabled needs to use this > variable more often. > > Here's the code: > > --- a/fas/safasprovider.py > +++ b/fas/safasprovider.py > @@ -65,6 +65,7 @@ class SaFasIdentity(object): > > def __init__(self, visit_key=None, user=None, using_ssl=False): > self.visit_key = visit_key > + self._visit_link = None > if user: > self._user = user > if visit_key is not None: > @@ -201,9 +202,13 @@ class SaFasIdentity(object): > ### TG: Same as TG-1.0.8 > def _get_visit_link(self): > '''Get the visit link to this identity.''' > + if self._visit_link: > + return self.visit_link I already mentioned this to Toshio, but this line should be changed to return self._visit_link > if self.visit_key is None: > - return None > - return > visit_class.query.filter_by(visit_key=self.visit_key).first() > + self._visit_link = None > + else: > + self._visit_link = > visit_class.query.filter_by(visit_key=self.visi > t_key).first() > + return self._visit_link > visit_link = property(_get_visit_link) > > If we were outside of freeze, I would apply this as it is causing issues > for some of the things that talk to fas (like zodbot and developer > instances of pkgdb). +1 As Toshio mentioned, we've looked at the places where this variable is used, and it should be safe (and easy to revert otherwise). This will be a giant performance improvement for code where we call filter_private on a lot of users (which is a lot of places). Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From jonstanley at gmail.com Sun Mar 15 01:15:03 2009 From: jonstanley at gmail.com (Jon Stanley) Date: Sat, 14 Mar 2009 21:15:03 -0400 Subject: Change Request -- high risk, high reward In-Reply-To: <20090315005012.GA3645@sphe.res.cmu.edu> References: <49BC4D8B.6090409@gmail.com> <20090315005012.GA3645@sphe.res.cmu.edu> Message-ID: I'm out, sorry for the top post. But zodbot FAS routines are not functional due to this, so I'd be +1 here if I had a vote :) On 3/14/09, Ricky Zhou wrote: > On 2009-03-14 05:36:27 PM, Toshio Kuratomi wrote: >> Ricky and I have both looked at the code in >> fas/safasprovider.py::SaFasIdentity and think that it's safe to cache >> this. The TG-1.0.8 saprovider on which safasprovider is based does not >> cache this but I've looked at the code and it seems like their provider >> only uses the variable in question a maximum of two times during a >> request. The CSRF protection that we've enabled needs to use this >> variable more often. >> >> Here's the code: >> >> --- a/fas/safasprovider.py >> +++ b/fas/safasprovider.py >> @@ -65,6 +65,7 @@ class SaFasIdentity(object): >> >> def __init__(self, visit_key=None, user=None, using_ssl=False): >> self.visit_key = visit_key >> + self._visit_link = None >> if user: >> self._user = user >> if visit_key is not None: >> @@ -201,9 +202,13 @@ class SaFasIdentity(object): >> ### TG: Same as TG-1.0.8 >> def _get_visit_link(self): >> '''Get the visit link to this identity.''' >> + if self._visit_link: >> + return self.visit_link > I already mentioned this to Toshio, but this line should be changed > to return self._visit_link > >> if self.visit_key is None: >> - return None >> - return >> visit_class.query.filter_by(visit_key=self.visit_key).first() >> + self._visit_link = None >> + else: >> + self._visit_link = >> visit_class.query.filter_by(visit_key=self.visi >> t_key).first() >> + return self._visit_link >> visit_link = property(_get_visit_link) >> >> If we were outside of freeze, I would apply this as it is causing issues >> for some of the things that talk to fas (like zodbot and developer >> instances of pkgdb). > +1 > > As Toshio mentioned, we've looked at the places where this variable is > used, and it should be safe (and easy to revert otherwise). This will > be a giant performance improvement for code where we call filter_private > on a lot of users (which is a lot of places). > > Thanks, > Ricky > -- Sent from my mobile device From nigjones at redhat.com Sun Mar 15 01:27:03 2009 From: nigjones at redhat.com (Nigel Jones) Date: Sat, 14 Mar 2009 21:27:03 -0400 (EDT) Subject: Change Request -- high risk, high reward In-Reply-To: <49BC4D8B.6090409@gmail.com> Message-ID: <1866465391.1308721237080422976.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com> ----- "Toshio Kuratomi" wrote: > ricky and I have identified a piece of code in fas2's new > safasprovider > that's querying the database a lot. It's causing anything that > checks > identity to issue a query to the database to lookup the visit cookie. > This is causing things that lookup information on the identity > multiple > times to take a lot of time. One of the functions that does this is > filter_private(), the function that removes excess information > according > to privacy settings and who is looking for the data. Our test was > the > /user/list method which is currently running over 5 minutes for an > otherwise non-database loop. Changing this caused the loop to run for > 8 > seconds. > > That's the benefit. The risk is that this is a change to the > safasprovider, ie the portion of fas2 that authenticates the user. > So > if there's a reason this shouldn't be cached, we could potentially be > breaking a lot of things. > > Ricky and I have both looked at the code in > fas/safasprovider.py::SaFasIdentity and think that it's safe to cache > this. The TG-1.0.8 saprovider on which safasprovider is based does > not > cache this but I've looked at the code and it seems like their > provider > only uses the variable in question a maximum of two times during a > request. The CSRF protection that we've enabled needs to use this > variable more often. > > Here's the code: > > --- a/fas/safasprovider.py > +++ b/fas/safasprovider.py > @@ -65,6 +65,7 @@ class SaFasIdentity(object): > > def __init__(self, visit_key=None, user=None, using_ssl=False): > self.visit_key = visit_key > + self._visit_link = None > if user: > self._user = user > if visit_key is not None: > @@ -201,9 +202,13 @@ class SaFasIdentity(object): > ### TG: Same as TG-1.0.8 > def _get_visit_link(self): > '''Get the visit link to this identity.''' > + if self._visit_link: > + return self.visit_link > if self.visit_key is None: > - return None > - return > visit_class.query.filter_by(visit_key=self.visit_key).first() > + self._visit_link = None > + else: > + self._visit_link = > visit_class.query.filter_by(visit_key=self.visi > t_key).first() > + return self._visit_link > visit_link = property(_get_visit_link) > > If we were outside of freeze, I would apply this as it is causing > issues > for some of the things that talk to fas (like zodbot and developer > instances of pkgdb). > > -Toshio +1 - I live for danger! That said, anything that speeds it up is a good thing! > > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list From mmcgrath at redhat.com Sun Mar 15 03:57:14 2009 From: mmcgrath at redhat.com (mmcgrath at redhat.com) Date: Sat, 14 Mar 2009 23:57:14 -0400 (EDT) Subject: Change Request -- high risk, high reward In-Reply-To: <1866465391.1308721237080422976.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com> References: <1866465391.1308721237080422976.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com> Message-ID: On Mar 14, 2009, at 8:27 PM, Nigel Jones wrote: > > ----- "Toshio Kuratomi" wrote: > >> ricky and I have identified a piece of code in fas2's new >> safasprovider >> that's querying the database a lot. It's causing anything that >> checks >> identity to issue a query to the database to lookup the visit cookie. >> This is causing things that lookup information on the identity >> multiple >> times to take a lot of time. One of the functions that does this is >> filter_private(), the function that removes excess information >> according >> to privacy settings and who is looking for the data. Our test was >> the >> /user/list method which is currently running over 5 minutes for an >> otherwise non-database loop. Changing this caused the loop to run >> for >> 8 >> seconds. >> >> That's the benefit. The risk is that this is a change to the >> safasprovider, ie the portion of fas2 that authenticates the user. >> So >> if there's a reason this shouldn't be cached, we could potentially be >> breaking a lot of things. >> >> Ricky and I have both looked at the code in >> fas/safasprovider.py::SaFasIdentity and think that it's safe to cache >> this. The TG-1.0.8 saprovider on which safasprovider is based does >> not >> cache this but I've looked at the code and it seems like their >> provider >> only uses the variable in question a maximum of two times during a >> request. The CSRF protection that we've enabled needs to use this >> variable more often. >> >> Here's the code: >> >> --- a/fas/safasprovider.py >> +++ b/fas/safasprovider.py >> @@ -65,6 +65,7 @@ class SaFasIdentity(object): >> >> def __init__(self, visit_key=None, user=None, using_ssl=False): >> self.visit_key = visit_key >> + self._visit_link = None >> if user: >> self._user = user >> if visit_key is not None: >> @@ -201,9 +202,13 @@ class SaFasIdentity(object): >> ### TG: Same as TG-1.0.8 >> def _get_visit_link(self): >> '''Get the visit link to this identity.''' >> + if self._visit_link: >> + return self.visit_link >> if self.visit_key is None: >> - return None >> - return >> visit_class.query.filter_by(visit_key=self.visit_key).first() >> + self._visit_link = None >> + else: >> + self._visit_link = >> visit_class.query.filter_by(visit_key=self.visi >> t_key).first() >> + return self._visit_link >> visit_link = property(_get_visit_link) >> >> If we were outside of freeze, I would apply this as it is causing >> issues >> for some of the things that talk to fas (like zodbot and developer >> instances of pkgdb). >> >> -Toshio > +1 - I live for danger! > > That said, anything that speeds it up is a good thing! +1. Just the beta freezeand the revert is easy. -Mike > >> >> >> _______________________________________________ >> Fedora-infrastructure-list mailing list >> Fedora-infrastructure-list at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list From a.badger at gmail.com Sun Mar 15 05:40:17 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Sat, 14 Mar 2009 22:40:17 -0700 Subject: Change Request -- high risk, high reward In-Reply-To: References: <1866465391.1308721237080422976.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com> Message-ID: <49BC94C1.2060402@gmail.com> mmcgrath at redhat.com wrote: > > On Mar 14, 2009, at 8:27 PM, Nigel Jones wrote: > >> >> ----- "Toshio Kuratomi" wrote: >> >>> ricky and I have identified a piece of code in fas2's new >>> safasprovider >>> that's querying the database a lot. It's causing anything that >>> checks >>> identity to issue a query to the database to lookup the visit cookie. >>> This is causing things that lookup information on the identity >>> multiple >>> times to take a lot of time. One of the functions that does this is >>> filter_private(), the function that removes excess information >>> according >>> to privacy settings and who is looking for the data. Our test was >>> the >>> /user/list method which is currently running over 5 minutes for an >>> otherwise non-database loop. Changing this caused the loop to run for >>> 8 >>> seconds. >>> >>> That's the benefit. The risk is that this is a change to the >>> safasprovider, ie the portion of fas2 that authenticates the user. >>> So >>> if there's a reason this shouldn't be cached, we could potentially be >>> breaking a lot of things. >>> >>> Ricky and I have both looked at the code in >>> fas/safasprovider.py::SaFasIdentity and think that it's safe to cache >>> this. The TG-1.0.8 saprovider on which safasprovider is based does >>> not >>> cache this but I've looked at the code and it seems like their >>> provider >>> only uses the variable in question a maximum of two times during a >>> request. The CSRF protection that we've enabled needs to use this >>> variable more often. >>> >>> Here's the code: >>> >>> --- a/fas/safasprovider.py >>> +++ b/fas/safasprovider.py >>> @@ -65,6 +65,7 @@ class SaFasIdentity(object): >>> >>> def __init__(self, visit_key=None, user=None, using_ssl=False): >>> self.visit_key = visit_key >>> + self._visit_link = None >>> if user: >>> self._user = user >>> if visit_key is not None: >>> @@ -201,9 +202,13 @@ class SaFasIdentity(object): >>> ### TG: Same as TG-1.0.8 >>> def _get_visit_link(self): >>> '''Get the visit link to this identity.''' >>> + if self._visit_link: >>> + return self.visit_link >>> if self.visit_key is None: >>> - return None >>> - return >>> visit_class.query.filter_by(visit_key=self.visit_key).first() >>> + self._visit_link = None >>> + else: >>> + self._visit_link = >>> visit_class.query.filter_by(visit_key=self.visi >>> t_key).first() >>> + return self._visit_link >>> visit_link = property(_get_visit_link) >>> >>> If we were outside of freeze, I would apply this as it is causing >>> issues >>> for some of the things that talk to fas (like zodbot and developer >>> instances of pkgdb). >>> >>> -Toshio >> +1 - I live for danger! >> >> That said, anything that speeds it up is a good thing! > > +1. Just the beta freezeand the revert is easy. > Thanks guys. Hotfixed on the server. If anyone notices wierdness with authentication to fas, let me know. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From jlaska at redhat.com Mon Mar 16 18:17:58 2009 From: jlaska at redhat.com (James Laska) Date: Mon, 16 Mar 2009 14:17:58 -0400 Subject: Improving QA test result submission and organization In-Reply-To: References: <1236105912.5415.460.camel@flatline.devel.redhat.com> <1236115153.5415.709.camel@flatline.devel.redhat.com> Message-ID: <1237227478.10941.73.camel@flatline.devel.redhat.com> On Tue, 2009-03-03 at 15:57 -0600, Mike McGrath wrote: > On Tue, 3 Mar 2009, James Laska wrote: > > > On Tue, 2009-03-03 at 13:10 -0600, Mike McGrath wrote: > > > > * Should the semantic performance impact be significant, is > > > > hosting a separate Fedora QA mediawiki (with semantic > > > enabled) a > > > > possibility? > > > > > > > > > > That is possible, for example we have a smolt wiki seperate from the > > > normal mediawiki install. The question of performance is, does it > > > only > > > impact pages deciding to use semantic or everything? We have lots of > > > way to test the actual impact of using it. > > > > Good question. The feedback I have so far is it affects everything. > > > > I just did some speed tests against the laptop.org instance you linked to. > At this point I don't think thats a blocker but we may find something out > later. Package review in progress for both extensions ... mediawiki-semantic-forms - https://bugzilla.redhat.com/show_bug.cgi?id=490171 mediawiki-semantic - https://bugzilla.redhat.com/show_bug.cgi?id=490001 I'm playing with the system locally to get more comfortable in this framework. Is it possible to get a dump of a subset of content from the fedoraproject.org/wiki so I can get a better sense how things will look in production? Thanks, James -- ========================================== James Laska -- jlaska at redhat.com Quality Engineering -- Red Hat, Inc. ========================================== -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From mmcgrath at redhat.com Mon Mar 16 18:19:48 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 16 Mar 2009 13:19:48 -0500 (CDT) Subject: Hosted requests Message-ID: Hey all, there's a lot of outstanding fedorahosted requests. Some are assigned and have been left uncommitted for some time. Just following up with everyone to make sure they don't get forgotten about. if you're in the sysadmin-hosting group and cannot complete these requests any longer please let me know or unassign them so they don't go uncompleted. -Mike From jonstanley at gmail.com Mon Mar 16 18:33:43 2009 From: jonstanley at gmail.com (Jon Stanley) Date: Mon, 16 Mar 2009 14:33:43 -0400 Subject: Hosted requests In-Reply-To: References: Message-ID: On Mon, Mar 16, 2009 at 2:19 PM, Mike McGrath wrote: > Hey all, there's a lot of outstanding fedorahosted requests. ?Some are > assigned and have been left uncommitted for some time. ?Just following up > with everyone to make sure they don't get forgotten about. ?if you're in > the sysadmin-hosting group and cannot complete these requests any longer > please let me know or unassign them so they don't go uncompleted. I'll go through em tonight, I've been slacking off. :) From ricky at fedoraproject.org Mon Mar 16 19:13:41 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Mon, 16 Mar 2009 15:13:41 -0400 Subject: [Change Request] Add redirect from /legal/trademarks/guidelines to http://fedoraproject.org/wiki/Legal:Trademark_guidelines. Message-ID: <20090316191341.GA19125@sphe.res.cmu.edu> As requested by Paul at https://fedorahosted.org/fedora-infrastructure/ticket/1269. I tested this on staging, so this should be relatively safe. --- configs/web/fedoraproject.org/modRewrite.conf | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/configs/web/fedoraproject.org/modRewrite.conf b/configs/web/fedoraproject.org/modRewrite.conf index ad12573..037cd35 100644 --- a/configs/web/fedoraproject.org/modRewrite.conf +++ b/configs/web/fedoraproject.org/modRewrite.conf @@ -15,6 +15,7 @@ RewriteRule ^/docs/(.*) http://docs.fedoraproject.org/$1 [R=301,L] RewriteRule ^/Download/(.*) http://rhold.fedoraproject.org/Download/$1 [R=301,L] RewriteRule ^/download/(.*) http://rhold.fedoraproject.org/Download/$1 [R=301,L] RewriteRule ^/extras/(.*) http://download.fedora.redhat.com/pub/fedora/linux/extras/$1 [R=302,L] +RewriteRule ^/([^/]+/)?legal/trademarks/guidelines$ http://fedoraproject.org/wiki/Legal:Trademark_guidelines [R=301,L] # RedirectMatch ^/wiki/Releases/7 http://fedoraproject.org/static-tmp/7 # RedirectMatch ^/wiki/$ http://fedoraproject.org/static-tmp/ # RedirectMatch ^/wiki/FedoraMain$ http://fedoraproject.org/static-tmp/ -- 1.5.5.6 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From a.badger at gmail.com Mon Mar 16 19:14:46 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Mon, 16 Mar 2009 12:14:46 -0700 Subject: [Change Request] Add redirect from /legal/trademarks/guidelines to http://fedoraproject.org/wiki/Legal:Trademark_guidelines. In-Reply-To: <20090316191341.GA19125@sphe.res.cmu.edu> References: <20090316191341.GA19125@sphe.res.cmu.edu> Message-ID: <49BEA526.2010509@gmail.com> Ricky Zhou wrote: > As requested by Paul at > https://fedorahosted.org/fedora-infrastructure/ticket/1269. I tested > this on staging, so this should be relatively safe. > --- > configs/web/fedoraproject.org/modRewrite.conf | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > > diff --git a/configs/web/fedoraproject.org/modRewrite.conf b/configs/web/fedoraproject.org/modRewrite.conf > index ad12573..037cd35 100644 > --- a/configs/web/fedoraproject.org/modRewrite.conf > +++ b/configs/web/fedoraproject.org/modRewrite.conf > @@ -15,6 +15,7 @@ RewriteRule ^/docs/(.*) http://docs.fedoraproject.org/$1 [R=301,L] > RewriteRule ^/Download/(.*) http://rhold.fedoraproject.org/Download/$1 [R=301,L] > RewriteRule ^/download/(.*) http://rhold.fedoraproject.org/Download/$1 [R=301,L] > RewriteRule ^/extras/(.*) http://download.fedora.redhat.com/pub/fedora/linux/extras/$1 [R=302,L] > +RewriteRule ^/([^/]+/)?legal/trademarks/guidelines$ http://fedoraproject.org/wiki/Legal:Trademark_guidelines [R=301,L] > # RedirectMatch ^/wiki/Releases/7 http://fedoraproject.org/static-tmp/7 > # RedirectMatch ^/wiki/$ http://fedoraproject.org/static-tmp/ > # RedirectMatch ^/wiki/FedoraMain$ http://fedoraproject.org/static-tmp/ > > +1 -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From dennis at ausil.us Mon Mar 16 19:24:21 2009 From: dennis at ausil.us (Dennis Gilmore) Date: Mon, 16 Mar 2009 14:24:21 -0500 Subject: [Change Request] Add redirect from /legal/trademarks/guidelines to http://fedoraproject.org/wiki/Legal:Trademark_guidelines. Message-ID: +1 Ricky Zhou wrote: >As requested by Paul at >https://fedorahosted.org/fedora-infrastructure/ticket/1269. I tested >this on staging, so this should be relatively safe. >--- > configs/web/fedoraproject.org/modRewrite.conf | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > >diff --git a/configs/web/fedoraproject.org/modRewrite.conf b/configs/web/fedoraproject.org/modRewrite.conf >index ad12573..037cd35 100644 >--- a/configs/web/fedoraproject.org/modRewrite.conf >+++ b/configs/web/fedoraproject.org/modRewrite.conf >@@ -15,6 +15,7 @@ RewriteRule ^/docs/(.*) http://docs.fedoraproject.org/$1 [R=301,L] > RewriteRule ^/Download/(.*) http://rhold.fedoraproject.org/Download/$1 [R=301,L] > RewriteRule ^/download/(.*) http://rhold.fedoraproject.org/Download/$1 [R=301,L] > RewriteRule ^/extras/(.*) http://download.fedora.redhat.com/pub/fedora/linux/extras/$1 [R=302,L] >+RewriteRule ^/([^/]+/)?legal/trademarks/guidelines$ http://fedoraproject.org/wiki/Legal:Trademark_guidelines [R=301,L] > # RedirectMatch ^/wiki/Releases/7 http://fedoraproject.org/static-tmp/7 > # RedirectMatch ^/wiki/$ http://fedoraproject.org/static-tmp/ > # RedirectMatch ^/wiki/FedoraMain$ http://fedoraproject.org/static-tmp/ >-- >1.5.5.6 > >_______________________________________________ >Fedora-infrastructure-list mailing list >Fedora-infrastructure-list at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list -- Sent from my Android phone with K-9. Please excuse my brevity. From mmcgrath at redhat.com Mon Mar 16 19:25:37 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 16 Mar 2009 14:25:37 -0500 (CDT) Subject: Improving QA test result submission and organization In-Reply-To: <1237227478.10941.73.camel@flatline.devel.redhat.com> References: <1236105912.5415.460.camel@flatline.devel.redhat.com> <1236115153.5415.709.camel@flatline.devel.redhat.com> <1237227478.10941.73.camel@flatline.devel.redhat.com> Message-ID: On Mon, 16 Mar 2009, James Laska wrote: > On Tue, 2009-03-03 at 15:57 -0600, Mike McGrath wrote: > > On Tue, 3 Mar 2009, James Laska wrote: > > > > > On Tue, 2009-03-03 at 13:10 -0600, Mike McGrath wrote: > > > > > * Should the semantic performance impact be significant, is > > > > > hosting a separate Fedora QA mediawiki (with semantic > > > > enabled) a > > > > > possibility? > > > > > > > > > > > > > That is possible, for example we have a smolt wiki seperate from the > > > > normal mediawiki install. The question of performance is, does it > > > > only > > > > impact pages deciding to use semantic or everything? We have lots of > > > > way to test the actual impact of using it. > > > > > > Good question. The feedback I have so far is it affects everything. > > > > > > > I just did some speed tests against the laptop.org instance you linked to. > > At this point I don't think thats a blocker but we may find something out > > later. > > Package review in progress for both extensions ... > > mediawiki-semantic-forms - > https://bugzilla.redhat.com/show_bug.cgi?id=490171 > > mediawiki-semantic - https://bugzilla.redhat.com/show_bug.cgi?id=490001 > > I'm playing with the system locally to get more comfortable in this > framework. Is it possible to get a dump of a subset of content from the > fedoraproject.org/wiki so I can get a better sense how things will look > in production? > Yeah we can do that no problem. Can it wait until after the beta launches though? (the 24th) It'll just be easier that way. -Mike From mmcgrath at redhat.com Mon Mar 16 20:29:32 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 16 Mar 2009 15:29:32 -0500 (CDT) Subject: Fedora 11 tickets Message-ID: Just a reminder, we've still got 31 active tickets to complete: https://fedorahosted.org/fedora-infrastructure/milestone/Fedora%2011 If any of those has been done already, please do close them. Many are unowned so there's always work to di. -Mike From cralin at gmail.com Mon Mar 16 20:47:33 2009 From: cralin at gmail.com (cralin at gmail.com) Date: Mon, 16 Mar 2009 21:47:33 +0100 Subject: Introducing: Alin =?utf-8?b?Q3JlyJt1?= Message-ID: <1237236453.3746.72.camel@localhost.localdomain> Hello Fedora Infrastructure, I'd like to use my first e-mail to introduce myself. The name is Alin Cre?u, I'm 33 years old, Romanian citizen, currently living in Germany. I've been working/playing with Red Hat Linux since RH 5.2 and with Fedora since it's first release 10 years ago. For the last 9 years I was working with Linux/Unix in different production environments, from small departmental (2 systems) up to large enterprise (200+ Linux/Unix machines with High Availability requirements). Since June 2007 I'm also certified as "IBM Certified Advanced Technical Expert -- IBM System p5 2006" and I can find my way around BASH and ksh scripting. Also I have considerable understanding and some real life experience with large SAN installations. I'd like to take this opportunity to give something back to Fedora by helping the Infrastructure team running the servers that make the Fedora Project possible. As of now, I'm also looking to find a sponsor that will be willing guide my first steps towards this community. Regards, Alin Cre?u -------------- next part -------------- An HTML attachment was scrubbed... URL: From jonstanley at gmail.com Tue Mar 17 05:00:36 2009 From: jonstanley at gmail.com (Jon Stanley) Date: Tue, 17 Mar 2009 01:00:36 -0400 Subject: Hosted requests In-Reply-To: References: Message-ID: On Mon, Mar 16, 2009 at 2:33 PM, Jon Stanley wrote: > I'll go through em tonight, I've been slacking off. :) Yay! We're down to 7, all long term type things: https://fedorahosted.org/fedora-infrastructure/query?status=new&status=assigned&status=reopened&component=Hosted+Projects&order=id&desc=1 From jim at meyering.net Tue Mar 17 10:25:19 2009 From: jim at meyering.net (Jim Meyering) Date: Tue, 17 Mar 2009 11:25:19 +0100 Subject: svn-to-git mirroring Message-ID: <87ab7kbg4w.fsf@meyering.net> I've been lurking here for some time, and have seen some recent opportunities to help make a difference, so have just applied for membership to the sysadmin group. For example, Fabio Di Nitto and I would like to set up an svn-to-git mirror for a project on fedorahosted. While I set up and maintain git.et.redhat.com, it's not open for ssh access to people outside of Red Hat, so it's rather limited. From fdinitto at redhat.com Tue Mar 17 11:25:11 2009 From: fdinitto at redhat.com (Fabio M. Di Nitto) Date: Tue, 17 Mar 2009 12:25:11 +0100 Subject: svn-to-git mirroring In-Reply-To: <87ab7kbg4w.fsf@meyering.net> References: <87ab7kbg4w.fsf@meyering.net> Message-ID: <1237289111.9902.55.camel@cerberus.int.fabbione.net> On Tue, 2009-03-17 at 11:25 +0100, Jim Meyering wrote: > I've been lurking here for some time, and have seen > some recent opportunities to help make a difference, > so have just applied for membership to the sysadmin group. > For example, Fabio Di Nitto and I would like to set up > an svn-to-git mirror for a project on fedorahosted. > > While I set up and maintain git.et.redhat.com, it's not open for ssh > access to people outside of Red Hat, so it's rather limited. I am planning to help Jim to get this project going and maintain the git tress I already own. Since they are all "special" cases for fedorahosted, this will lift some work from the usual suspects. Fabio From mmcgrath at redhat.com Tue Mar 17 13:23:01 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 17 Mar 2009 08:23:01 -0500 (CDT) Subject: svn-to-git mirroring In-Reply-To: <1237289111.9902.55.camel@cerberus.int.fabbione.net> References: <87ab7kbg4w.fsf@meyering.net> <1237289111.9902.55.camel@cerberus.int.fabbione.net> Message-ID: On Tue, 17 Mar 2009, Fabio M. Di Nitto wrote: > On Tue, 2009-03-17 at 11:25 +0100, Jim Meyering wrote: > > I've been lurking here for some time, and have seen > > some recent opportunities to help make a difference, > > so have just applied for membership to the sysadmin group. > > For example, Fabio Di Nitto and I would like to set up > > an svn-to-git mirror for a project on fedorahosted. > > > > While I set up and maintain git.et.redhat.com, it's not open for ssh > > access to people outside of Red Hat, so it's rather limited. > > I am planning to help Jim to get this project going and maintain the git > tress I already own. Since they are all "special" cases for > fedorahosted, this will lift some work from the usual suspects. > I'm confused as to what this actually means. The subject and bodies of these emails don't match eachother :) What is it exactly you two are proposing? -Mike From mmcgrath at redhat.com Tue Mar 17 13:23:38 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 17 Mar 2009 08:23:38 -0500 (CDT) Subject: Hosted requests In-Reply-To: References: Message-ID: On Tue, 17 Mar 2009, Jon Stanley wrote: > On Mon, Mar 16, 2009 at 2:33 PM, Jon Stanley wrote: > > > I'll go through em tonight, I've been slacking off. :) > > Yay! We're down to 7, all long term type things: > > https://fedorahosted.org/fedora-infrastructure/query?status=new&status=assigned&status=reopened&component=Hosted+Projects&order=id&desc=1 > Sweet, thanks Jon. You da man. -Mike From mmcgrath at redhat.com Tue Mar 17 13:24:35 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 17 Mar 2009 08:24:35 -0500 (CDT) Subject: =?utf-8?q?Re=3A_Introducing=3A_Alin_Cre=C8=9Bu?= In-Reply-To: <1237236453.3746.72.camel@localhost.localdomain> References: <1237236453.3746.72.camel@localhost.localdomain> Message-ID: On Mon, 16 Mar 2009, cralin at gmail.com wrote: > Hello Fedora Infrastructure, > > I'd like to use my first e-mail to introduce myself. > > The name is Alin Cre?u, I'm 33 years old, Romanian citizen, currently living in Germany. > > I've been working/playing with Red Hat Linux since RH 5.2 and with Fedora since it's first release 10 years ago. > > For the last 9 years I was working with Linux/Unix in different production environments, from small departmental (2 > systems) up to large enterprise (200+ Linux/Unix machines with High Availability requirements). > > Since June 2007 I'm also certified as "IBM Certified Advanced Technical Expert -- IBM System p5 2006" and I can find my > way around BASH and ksh scripting. Also I have considerable understanding and some real life experience with large SAN > installations. > > I'd like to take this opportunity to give something back to Fedora by helping the Infrastructure team running the servers > that make the Fedora Project possible. > > > As of now, I'm also looking to find a sponsor that will be willing guide my first steps towards this community. > Welcome Alin, was there a particular FIG you were interested in getting involved with? Feel free to stop by #fedora-admin on irc.freenode.net to say hello. -Mike From fdinitto at redhat.com Tue Mar 17 13:30:37 2009 From: fdinitto at redhat.com (Fabio M. Di Nitto) Date: Tue, 17 Mar 2009 14:30:37 +0100 Subject: svn-to-git mirroring In-Reply-To: References: <87ab7kbg4w.fsf@meyering.net> <1237289111.9902.55.camel@cerberus.int.fabbione.net> Message-ID: <1237296637.9902.76.camel@cerberus.int.fabbione.net> On Tue, 2009-03-17 at 08:23 -0500, Mike McGrath wrote: > On Tue, 17 Mar 2009, Fabio M. Di Nitto wrote: > > > On Tue, 2009-03-17 at 11:25 +0100, Jim Meyering wrote: > > > I've been lurking here for some time, and have seen > > > some recent opportunities to help make a difference, > > > so have just applied for membership to the sysadmin group. > > > For example, Fabio Di Nitto and I would like to set up > > > an svn-to-git mirror for a project on fedorahosted. > > > > > > While I set up and maintain git.et.redhat.com, it's not open for ssh > > > access to people outside of Red Hat, so it's rather limited. > > > > I am planning to help Jim to get this project going and maintain the git > > tress I already own. Since they are all "special" cases for > > fedorahosted, this will lift some work from the usual suspects. > > > > I'm confused as to what this actually means. The subject and bodies of > these emails don't match eachother :) > > What is it exactly you two are proposing? > Right.. 2 things.. I shouldn't have mixed them up. 1) Jim and I need to setup an svn-to-git mirroring within fedorahosted. This will allow a one direction way to export svn projects into git and sync via svn hooks. For eg. svn.fh.o/corosync/trunk to git.fh.o/corosync.git/master branch. We have plenty of use cases for this setup. 2) Personally, I often ask guys around to do this or that on the git trees I own on fedora hosted. For me, being able to access hosted* to do the job myself, will lift work from the other admins and speed up things around. Fabio From mmcgrath at redhat.com Tue Mar 17 13:37:22 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 17 Mar 2009 08:37:22 -0500 (CDT) Subject: svn-to-git mirroring In-Reply-To: <1237296637.9902.76.camel@cerberus.int.fabbione.net> References: <87ab7kbg4w.fsf@meyering.net> <1237289111.9902.55.camel@cerberus.int.fabbione.net> <1237296637.9902.76.camel@cerberus.int.fabbione.net> Message-ID: On Tue, 17 Mar 2009, Fabio M. Di Nitto wrote: > On Tue, 2009-03-17 at 08:23 -0500, Mike McGrath wrote: > > On Tue, 17 Mar 2009, Fabio M. Di Nitto wrote: > > > > > On Tue, 2009-03-17 at 11:25 +0100, Jim Meyering wrote: > > > > I've been lurking here for some time, and have seen > > > > some recent opportunities to help make a difference, > > > > so have just applied for membership to the sysadmin group. > > > > For example, Fabio Di Nitto and I would like to set up > > > > an svn-to-git mirror for a project on fedorahosted. > > > > > > > > While I set up and maintain git.et.redhat.com, it's not open for ssh > > > > access to people outside of Red Hat, so it's rather limited. > > > > > > I am planning to help Jim to get this project going and maintain the git > > > tress I already own. Since they are all "special" cases for > > > fedorahosted, this will lift some work from the usual suspects. > > > > > > > I'm confused as to what this actually means. The subject and bodies of > > these emails don't match eachother :) > > > > What is it exactly you two are proposing? > > > > Right.. 2 things.. I shouldn't have mixed them up. > > 1) Jim and I need to setup an svn-to-git mirroring within fedorahosted. > This will allow a one direction way to export svn projects into git > and sync via svn hooks. For eg. svn.fh.o/corosync/trunk to > git.fh.o/corosync.git/master branch. > We have plenty of use cases for this setup. > > 2) Personally, I often ask guys around to do this or that on the git > trees I own on fedora hosted. For me, being able to access hosted* to do > the job myself, will lift work from the other admins and speed up things > around. > So are you two working on a svn mirroring solution for Fedora Hosted svn projects? Or just a couple of one offs for your own hosted repos? -Mike From jim at meyering.net Tue Mar 17 13:48:33 2009 From: jim at meyering.net (Jim Meyering) Date: Tue, 17 Mar 2009 14:48:33 +0100 Subject: svn-to-git mirroring In-Reply-To: (Mike McGrath's message of "Tue, 17 Mar 2009 08:37:22 -0500 (CDT)") References: <87ab7kbg4w.fsf@meyering.net> <1237289111.9902.55.camel@cerberus.int.fabbione.net> <1237296637.9902.76.camel@cerberus.int.fabbione.net> Message-ID: <87mybk9s5q.fsf@meyering.net> Mike McGrath wrote: > So are you two working on a svn mirroring solution for Fedora Hosted svn > projects? Or just a couple of one offs for your own hosted repos? Is there interest in a general solution? Resources? I believe in doing things "right", so tend to prefer tools general enough to be reused. Whether I can learn enough (and quickly enough!) about what's required to make it happen may be another story. From fdinitto at redhat.com Tue Mar 17 13:51:31 2009 From: fdinitto at redhat.com (Fabio M. Di Nitto) Date: Tue, 17 Mar 2009 14:51:31 +0100 Subject: svn-to-git mirroring In-Reply-To: References: <87ab7kbg4w.fsf@meyering.net> <1237289111.9902.55.camel@cerberus.int.fabbione.net> <1237296637.9902.76.camel@cerberus.int.fabbione.net> Message-ID: <1237297891.9902.80.camel@cerberus.int.fabbione.net> On Tue, 2009-03-17 at 08:37 -0500, Mike McGrath wrote: > On Tue, 17 Mar 2009, Fabio M. Di Nitto wrote: > > > On Tue, 2009-03-17 at 08:23 -0500, Mike McGrath wrote: > > > On Tue, 17 Mar 2009, Fabio M. Di Nitto wrote: > > > > > > > On Tue, 2009-03-17 at 11:25 +0100, Jim Meyering wrote: > > > > > I've been lurking here for some time, and have seen > > > > > some recent opportunities to help make a difference, > > > > > so have just applied for membership to the sysadmin group. > > > > > For example, Fabio Di Nitto and I would like to set up > > > > > an svn-to-git mirror for a project on fedorahosted. > > > > > > > > > > While I set up and maintain git.et.redhat.com, it's not open for ssh > > > > > access to people outside of Red Hat, so it's rather limited. > > > > > > > > I am planning to help Jim to get this project going and maintain the git > > > > tress I already own. Since they are all "special" cases for > > > > fedorahosted, this will lift some work from the usual suspects. > > > > > > > > > > I'm confused as to what this actually means. The subject and bodies of > > > these emails don't match eachother :) > > > > > > What is it exactly you two are proposing? > > > > > > > Right.. 2 things.. I shouldn't have mixed them up. > > > > 1) Jim and I need to setup an svn-to-git mirroring within fedorahosted. > > This will allow a one direction way to export svn projects into git > > and sync via svn hooks. For eg. svn.fh.o/corosync/trunk to > > git.fh.o/corosync.git/master branch. > > We have plenty of use cases for this setup. > > > > 2) Personally, I often ask guys around to do this or that on the git > > trees I own on fedora hosted. For me, being able to access hosted* to do > > the job myself, will lift work from the other admins and speed up things > > around. > > > > So are you two working on a svn mirroring solution for Fedora Hosted svn > projects? Or just a couple of one offs for your own hosted repos? I don't like "one off" solutions at all. We will start clearly with one project to drive the tests. If the test drive results in some good, then we will make it generally available. There is no point to keep a secret either. Fabio From mmcgrath at redhat.com Tue Mar 17 14:05:29 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 17 Mar 2009 09:05:29 -0500 (CDT) Subject: svn-to-git mirroring In-Reply-To: <1237297891.9902.80.camel@cerberus.int.fabbione.net> References: <87ab7kbg4w.fsf@meyering.net> <1237289111.9902.55.camel@cerberus.int.fabbione.net> <1237296637.9902.76.camel@cerberus.int.fabbione.net> <1237297891.9902.80.camel@cerberus.int.fabbione.net> Message-ID: On Tue, 17 Mar 2009, Fabio M. Di Nitto wrote: > On Tue, 2009-03-17 at 08:37 -0500, Mike McGrath wrote: > > On Tue, 17 Mar 2009, Fabio M. Di Nitto wrote: > > > > > On Tue, 2009-03-17 at 08:23 -0500, Mike McGrath wrote: > > > > On Tue, 17 Mar 2009, Fabio M. Di Nitto wrote: > > > > > > > > > On Tue, 2009-03-17 at 11:25 +0100, Jim Meyering wrote: > > > > > > I've been lurking here for some time, and have seen > > > > > > some recent opportunities to help make a difference, > > > > > > so have just applied for membership to the sysadmin group. > > > > > > For example, Fabio Di Nitto and I would like to set up > > > > > > an svn-to-git mirror for a project on fedorahosted. > > > > > > > > > > > > While I set up and maintain git.et.redhat.com, it's not open for ssh > > > > > > access to people outside of Red Hat, so it's rather limited. > > > > > > > > > > I am planning to help Jim to get this project going and maintain the git > > > > > tress I already own. Since they are all "special" cases for > > > > > fedorahosted, this will lift some work from the usual suspects. > > > > > > > > > > > > > I'm confused as to what this actually means. The subject and bodies of > > > > these emails don't match eachother :) > > > > > > > > What is it exactly you two are proposing? > > > > > > > > > > Right.. 2 things.. I shouldn't have mixed them up. > > > > > > 1) Jim and I need to setup an svn-to-git mirroring within fedorahosted. > > > This will allow a one direction way to export svn projects into git > > > and sync via svn hooks. For eg. svn.fh.o/corosync/trunk to > > > git.fh.o/corosync.git/master branch. > > > We have plenty of use cases for this setup. > > > > > > 2) Personally, I often ask guys around to do this or that on the git > > > trees I own on fedora hosted. For me, being able to access hosted* to do > > > the job myself, will lift work from the other admins and speed up things > > > around. > > > > > > > So are you two working on a svn mirroring solution for Fedora Hosted svn > > projects? Or just a couple of one offs for your own hosted repos? > > I don't like "one off" solutions at all. > > We will start clearly with one project to drive the tests. > > If the test drive results in some good, then we will make it generally > available. There is no point to keep a secret either. > I just don't like the precident of "I want to do X with my project and you don't support it, let me log in and do it myself." I'm also trying to make sure the pros of this outweigh the cons. -Mike From jim at meyering.net Tue Mar 17 14:11:40 2009 From: jim at meyering.net (Jim Meyering) Date: Tue, 17 Mar 2009 15:11:40 +0100 Subject: svn-to-git mirroring In-Reply-To: (Mike McGrath's message of "Tue, 17 Mar 2009 09:05:29 -0500 (CDT)") References: <87ab7kbg4w.fsf@meyering.net> <1237289111.9902.55.camel@cerberus.int.fabbione.net> <1237296637.9902.76.camel@cerberus.int.fabbione.net> <1237297891.9902.80.camel@cerberus.int.fabbione.net> Message-ID: <87hc1s9r37.fsf@meyering.net> Mike McGrath wrote: > I just don't like the precident of "I want to do X with my project and you > don't support it, let me log in and do it myself." I'm also trying to > make sure the pros of this outweigh the cons. I'm convinced that this would be generally useful. The proof is easy to see when you count the number of ad-hoc maintained git mirrors of svn repositories. However, the individual-maintained ones, while convenient do come at a price. You have to trust the person doing the job not just to do it properly and regularly, but also to run a tight enough system that no one will ever crack it and sneak in a commit that adds a modified build or test script that will open a hole in your firewall. From mmcgrath at redhat.com Tue Mar 17 14:19:25 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 17 Mar 2009 09:19:25 -0500 (CDT) Subject: svn-to-git mirroring In-Reply-To: <87hc1s9r37.fsf@meyering.net> References: <87ab7kbg4w.fsf@meyering.net> <1237289111.9902.55.camel@cerberus.int.fabbione.net> <1237296637.9902.76.camel@cerberus.int.fabbione.net> <1237297891.9902.80.camel@cerberus.int.fabbione.net> <87hc1s9r37.fsf@meyering.net> Message-ID: On Tue, 17 Mar 2009, Jim Meyering wrote: > Mike McGrath wrote: > > I just don't like the precident of "I want to do X with my project and you > > don't support it, let me log in and do it myself." I'm also trying to > > make sure the pros of this outweigh the cons. > > I'm convinced that this would be generally useful. The proof is easy > to see when you count the number of ad-hoc maintained git mirrors of svn > repositories. However, the individual-maintained ones, while convenient > do come at a price. You have to trust the person doing the job not > just to do it properly and regularly, but also to run a tight enough > system that no one will ever crack it and sneak in a commit that adds > a modified build or test script that will open a hole in your firewall. > If people want git repos... why aren't they using git? I'd say go ahead and set it up so we can take a look and see if it'll work. Fedora Hosted is a value added part of our infrastructure, meaning it's not the focus of what we do, it currently costs almost $0 to support. I don't want to end up with: http://www.youtube.com/watch?v=u7ziwuIpnVY As cool as that is every time you add something, the system gets more complex and more difficult to support, especially when we start to get turnover on something someone put in. It sounds like Nigel's already sponsored this project so have at it. Lets see how it goes. -Mike From jim at meyering.net Tue Mar 17 14:25:34 2009 From: jim at meyering.net (Jim Meyering) Date: Tue, 17 Mar 2009 15:25:34 +0100 Subject: svn-to-git mirroring In-Reply-To: (Mike McGrath's message of "Tue, 17 Mar 2009 09:19:25 -0500 (CDT)") References: <87ab7kbg4w.fsf@meyering.net> <1237289111.9902.55.camel@cerberus.int.fabbione.net> <1237296637.9902.76.camel@cerberus.int.fabbione.net> <1237297891.9902.80.camel@cerberus.int.fabbione.net> <87hc1s9r37.fsf@meyering.net> Message-ID: <8763i89qg1.fsf@meyering.net> Mike McGrath wrote: > On Tue, 17 Mar 2009, Jim Meyering wrote: >> Mike McGrath wrote: >> > I just don't like the precident of "I want to do X with my project and you >> > don't support it, let me log in and do it myself." I'm also trying to >> > make sure the pros of this outweigh the cons. >> >> I'm convinced that this would be generally useful. The proof is easy >> to see when you count the number of ad-hoc maintained git mirrors of svn >> repositories. However, the individual-maintained ones, while convenient >> do come at a price. You have to trust the person doing the job not >> just to do it properly and regularly, but also to run a tight enough >> system that no one will ever crack it and sneak in a commit that adds >> a modified build or test script that will open a hole in your firewall. >> > > If people want git repos... why aren't they using git? Users and contributors want git. Project _owners_ aren't always in a hurry to convert. From fdinitto at redhat.com Tue Mar 17 14:29:35 2009 From: fdinitto at redhat.com (Fabio M. Di Nitto) Date: Tue, 17 Mar 2009 15:29:35 +0100 Subject: svn-to-git mirroring In-Reply-To: References: <87ab7kbg4w.fsf@meyering.net> <1237289111.9902.55.camel@cerberus.int.fabbione.net> <1237296637.9902.76.camel@cerberus.int.fabbione.net> <1237297891.9902.80.camel@cerberus.int.fabbione.net> Message-ID: <1237300175.9902.95.camel@cerberus.int.fabbione.net> On Tue, 2009-03-17 at 09:05 -0500, Mike McGrath wrote: > > > So are you two working on a svn mirroring solution for Fedora Hosted svn > > > projects? Or just a couple of one offs for your own hosted repos? > > > > I don't like "one off" solutions at all. > > > > We will start clearly with one project to drive the tests. > > > > If the test drive results in some good, then we will make it generally > > available. There is no point to keep a secret either. > > > > I just don't like the precident of "I want to do X with my project and you > don't support it, let me log in and do it myself." I'm also trying to > make sure the pros of this outweigh the cons. Just to be 100% clear, we were talking with people on #fedora-admin today about setting this up or do a test drive and they suggested for us to apply to those groups and drive the initiative ourselves. (i would really recommend you to read the IRC logs) I am absolutely happy to do so and drive something constructive. Jim already has given you input on why we want to do it as there is clearly a general need for it. I understand your concern of "I want to do X with my project and you don't support it, let me log in and do it myself." but this is not the case. Again, we were encouraged to join those teams to help directly. So what we want to do is: - use one our project as test drive (yes, so if it doesn't work we will not interfere with anybody else). - verify what changes are required at an infrastructure level. - pass those through the other sysadmins for review/checks. - do more testing to make sure the system is indeed stable and robust - make it available as general option. Clearly.. if the thing doesn't work reliably or .. or.. the process can cleanly halt at any time. Fabio From ricky at fedoraproject.org Tue Mar 17 14:35:54 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Tue, 17 Mar 2009 10:35:54 -0400 Subject: Change Request - Change transifex to run under the transifex user Message-ID: <20090317143554.GA7857@sphe.res.cmu.edu> This should be a pretty safe security change to make transifex run under the separate transifex user, instead of the apache user. I've tested it out on publictest14. The django transifex isn't 100% in puppet yet, so here are the steps I'd like to take: mv ~ricky/tx.conf /etc/httpd/conf.d /etc/init.d/httpd restart mv /var/www/.ssh /var/lib/transifex chown -R transifex:transifex /var/lib/transifex/.ssh find /var/lib/transifex -user apache -exec chown transifex:transifex {} \; mv ~ricky/ssh-add.sh /var/lib/transifex # restart ssh-agent to run under the transifex user Here's the diff between my edited tx.conf and the original one: --- /etc/httpd/conf.d/tx.conf 2009-03-12 13:46:14.000000000 +0000 +++ /home/fedora/ricky/tx.conf 2009-03-17 14:29:36.000000000 +0000 @@ -1,6 +1,8 @@ WSGIRestrictStdout Off WSGIRestrictStdin Off +WSGIDaemonProcess transifex processes=8 threads=2 maximum-requests=50000 user=transifex group=transifex display-name=transifex inactivity-timeout=300 + Alias /site_media /usr/share/transifex/site_media @@ -10,5 +12,9 @@ SetEnv SSH_AUTH_SOCK /var/lib/transifex/ssh-agent-sock-transifex + + WSGIProcessGroup transifex + + WSGIScriptAlias /tx /usr/share/transifex/tx-django.wsgi Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Tue Mar 17 15:00:58 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 17 Mar 2009 10:00:58 -0500 (CDT) Subject: Change Request - Change transifex to run under the transifex user In-Reply-To: <20090317143554.GA7857@sphe.res.cmu.edu> References: <20090317143554.GA7857@sphe.res.cmu.edu> Message-ID: On Tue, 17 Mar 2009, Ricky Zhou wrote: > This should be a pretty safe security change to make transifex run under > the separate transifex user, instead of the apache user. I've tested it > out on publictest14. > > The django transifex isn't 100% in puppet yet, so here are the steps I'd > like to take: > > mv ~ricky/tx.conf /etc/httpd/conf.d > /etc/init.d/httpd restart > mv /var/www/.ssh /var/lib/transifex > chown -R transifex:transifex /var/lib/transifex/.ssh > find /var/lib/transifex -user apache -exec chown transifex:transifex {} \; > mv ~ricky/ssh-add.sh /var/lib/transifex > # restart ssh-agent to run under the transifex user > > Here's the diff between my edited tx.conf and the original one: > --- /etc/httpd/conf.d/tx.conf 2009-03-12 13:46:14.000000000 +0000 > +++ /home/fedora/ricky/tx.conf 2009-03-17 14:29:36.000000000 +0000 > @@ -1,6 +1,8 @@ > WSGIRestrictStdout Off > WSGIRestrictStdin Off > > +WSGIDaemonProcess transifex processes=8 threads=2 maximum-requests=50000 user=transifex group=transifex display-name=transifex inactivity-timeout=300 > + > Alias /site_media /usr/share/transifex/site_media > > > @@ -10,5 +12,9 @@ > > SetEnv SSH_AUTH_SOCK /var/lib/transifex/ssh-agent-sock-transifex > > + > + WSGIProcessGroup transifex > + > + > WSGIScriptAlias /tx /usr/share/transifex/tx-django.wsgi > +1 -Mike From a.badger at gmail.com Tue Mar 17 16:18:53 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Tue, 17 Mar 2009 09:18:53 -0700 Subject: Change Request - Change transifex to run under the transifex user In-Reply-To: <20090317143554.GA7857@sphe.res.cmu.edu> References: <20090317143554.GA7857@sphe.res.cmu.edu> Message-ID: <49BFCD6C.9080106@gmail.com> Ricky Zhou wrote: > This should be a pretty safe security change to make transifex run under > the separate transifex user, instead of the apache user. I've tested it > out on publictest14. > > The django transifex isn't 100% in puppet yet, so here are the steps I'd > like to take: > > mv ~ricky/tx.conf /etc/httpd/conf.d > /etc/init.d/httpd restart > mv /var/www/.ssh /var/lib/transifex > chown -R transifex:transifex /var/lib/transifex/.ssh > find /var/lib/transifex -user apache -exec chown transifex:transifex {} \; > mv ~ricky/ssh-add.sh /var/lib/transifex > # restart ssh-agent to run under the transifex user > > Here's the diff between my edited tx.conf and the original one: > --- /etc/httpd/conf.d/tx.conf 2009-03-12 13:46:14.000000000 +0000 > +++ /home/fedora/ricky/tx.conf 2009-03-17 14:29:36.000000000 +0000 > @@ -1,6 +1,8 @@ > WSGIRestrictStdout Off > WSGIRestrictStdin Off > > +WSGIDaemonProcess transifex processes=8 threads=2 maximum-requests=50000 user=transifex group=transifex display-name=transifex inactivity-timeout=300 > + > Alias /site_media /usr/share/transifex/site_media > > > @@ -10,5 +12,9 @@ > > SetEnv SSH_AUTH_SOCK /var/lib/transifex/ssh-agent-sock-transifex > > + > + WSGIProcessGroup transifex > + > + > WSGIScriptAlias /tx /usr/share/transifex/tx-django.wsgi > Rasther found some issues with bzr support wanting to see files in the user's home directory. .bazaar/ and .bazaar/ignore. This will probably continue to work since transifex should only need to read those files, not write them. But you might want to move them under /var/lib/transifex and have them owned by the transifex user for completeness. This requires moving the files and changing the directory that is set via os.environ['HOME'] in the wsgi script. If you test submission to bzr and it works currently, +1 with or without moving the .bazaar and ignore file. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From mmcgrath at redhat.com Tue Mar 17 16:38:02 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 17 Mar 2009 11:38:02 -0500 (CDT) Subject: Free Software Policy Message-ID: It dawns on me that I talked about this briefly at one of the meetings but never sent it too the list. I'd like to propose the following software policy: http://infrastructure.fedoraproject.org/csi/free-software-policy/en-US/ There's a lot of background information there that should be familiar to all of us already. The table info at the bottom is probably more important. This is very close to what we're doing now, just written down. Give it a read over and let me know what you all think before we formally adopt it. -Mike From mmcgrath at redhat.com Tue Mar 17 20:07:00 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 17 Mar 2009 15:07:00 -0500 (CDT) Subject: Outage Notification - 2009-03-19 04:00 UTC Message-ID: There will be an outage starting at 2009-03-19 04:00 UTC, which will last approximately 30 minutes. To convert UTC to your local time, take a look at http://fedoraproject.org/wiki/Infrastructure/UTCHowto or run: date -d '2009-03-19 04:00 UTC' Affected Services: Buildsystem (EPEL/Plague only) Fedora Talk Gobby lists.fedoraproject.org DNS (ns1 only) Unaffected Services: CVS / Source Control Database Fedora Hosted Fedora People Mail Mirror System Torrent Translation Services Websites Ticket Link: https://fedorahosted.org/fedora-infrastructure/ticket/1271 Reason for Outage: One of our sponsors, ServerBeach (http://serverbeach.com) provides hosting for the above affected services and has scheduled an outage to conduct network maintenance on the switch our servers are on. This will cause them to be unavailable for a period of time. Contact Information: Please join #fedora-admin in irc.freenode.net or respond to this email to track the status of this outage. From cralin at gmail.com Tue Mar 17 22:23:17 2009 From: cralin at gmail.com (cralin at gmail.com) Date: Tue, 17 Mar 2009 23:23:17 +0100 Subject: Introducing: Alin =?utf-8?b?Q3JlyJt1?= In-Reply-To: References: <1237236453.3746.72.camel@localhost.localdomain> Message-ID: <1237328597.3746.23.camel@localhost.localdomain> On Tue, 2009-03-17 at 08:24 -0500, Mike McGrath wrote: > On Mon, 16 Mar 2009, cralin at gmail.com wrote: > > > Hello Fedora Infrastructure, > > > > I'd like to use my first e-mail to introduce myself. > > > > The name is Alin Cre?u, I'm 33 years old, Romanian citizen, currently living in Germany. > > > > I've been working/playing with Red Hat Linux since RH 5.2 and with Fedora since it's first release 10 years ago. > > > > For the last 9 years I was working with Linux/Unix in different production environments, from small departmental (2 > > systems) up to large enterprise (200+ Linux/Unix machines with High Availability requirements). > > > > Since June 2007 I'm also certified as "IBM Certified Advanced Technical Expert -- IBM System p5 2006" and I can find my > > way around BASH and ksh scripting. Also I have considerable understanding and some real life experience with large SAN > > installations. > > > > I'd like to take this opportunity to give something back to Fedora by helping the Infrastructure team running the servers > > that make the Fedora Project possible. > > > > > > As of now, I'm also looking to find a sponsor that will be willing guide my first steps towards this community. > > > > Welcome Alin, was there a particular FIG you were interested in getting > involved with? Feel free to stop by #fedora-admin on irc.freenode.net to > say hello. > > -Mike > _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list at redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list To be honest, at this moment I'm not really sure. I guess it's not really important for me to be part of one FIG or the other as it is helping out whenever/wherever I can. Reading the descriptions of the FIGs I think I might be able to hep in sysadmin, sysadmin-tools, sysadmin-backup and/or sysadmin-noc. However the descriptions are somewhat short and it might take a while to get used with the tools/procedures used in each FIG. Suggestions are always welcomed :) -------------- next part -------------- An HTML attachment was scrubbed... URL: From Matt_Domsch at dell.com Wed Mar 18 05:30:48 2009 From: Matt_Domsch at dell.com (Matt Domsch) Date: Wed, 18 Mar 2009 00:30:48 -0500 Subject: MM changes needed for moving 7/8 content to archive Message-ID: <20090318053048.GA31574@auslistsprd01.us.dell.com> To move pub/fedora/linux/releases/[78] to /pub/archive/fedora/linux/releases/, and to retain the MM yum redirects, we're going to have to do some changes. * mount archive on bapp1 (add to mirrormanager-server in puppet) * create directory /pub/archive in MM db * create category "Fedora Archive" in MM db * edit /etc/mirrormanager/prod.cfg to add Fedora Archive * edit repomap.py to add Fedora Archive * ensure Repository pointers get moved to new location, which means deleting previous repository pointers. - the new Repository pointers will collide with the existing ones, and by virtue of the uniqueness, the new ones won't get created. So, we'll have to delete the original ones from the DB before adding the new ones. Will need to kill the u-m-d-l cronjob to accomplish this, then can restart it. * mirror admins will have to manually move the content, as we don't expose /pub/fedora/ and /pub/archive under the same rsync module anywhere such that we can use hardlinks for a few days. Otherwise they'll delete it and have to re-download it. What else am I missing? This won't require downtime from a user's perspective, but will require pausing some jobs on bapp1, and editing some files in place in /usr/share/mirrormanager until I can get a new release rolled out (which I've been preparing but we're in change freeze so haven't pushed hard...) Also, I'm mostly offline this week as it's Spring Break. How fast do we need this? Presumably by Thursday or so... -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From adrian at lisas.de Wed Mar 18 15:21:56 2009 From: adrian at lisas.de (Adrian Reber) Date: Wed, 18 Mar 2009 16:21:56 +0100 Subject: rsync errors on archive Message-ID: <20090318152156.GG18973@lisas.de> syncing against archive I get: rsync: opendir "/fedora/linux/releases/8/Everything/i386.newkey" (in fedora-archive) failed: Permission denied (13) rsync: opendir "/fedora/linux/releases/8/Everything/x86_64.newkey" (in fedora-archive) failed: Permission denied (13) rsync: opendir "/fedora/linux/releases/8/Everything/source.newkey" (in fedora-archive) failed: Permission denied (13) rsync: opendir "/fedora/linux/releases/8/Everything/ppc.newkey" (in fedora-archive) failed: Permission denied (13) rsync: opendir "/fedora/linux/releases/8/Everything/ppc64.newkey" (in fedora-archive) failed: Permission denied (13) The newkey directories can be probably deleted. As far as I know, there was never anything in them. On the master server I was able to sync these directories, although the directories were not accessible to the user of my mirror server (just like a release before the bitflip). rsync: send_files failed to open "/fedora/linux/updates/7/SRPMS/.gdm-2.18.4-2.fc7.src.rpm.twC87k" (in fedora-archive): Permission denied (13) Adrian From duffy at redhat.com Wed Mar 18 17:51:11 2009 From: duffy at redhat.com (=?ISO-8859-1?Q?M=E1ir=ED=ADn_Duffy?=) Date: Wed, 18 Mar 2009 13:51:11 -0400 Subject: Wordpress? In-Reply-To: <49B531CF.8000409@redhat.com> References: <914074.47996.qm@web50906.mail.re2.yahoo.com> <49B0F557.2080608@fedoraproject.org> <49B531CF.8000409@redhat.com> Message-ID: <49C1348F.4050201@redhat.com> Bret McMillan wrote: > Rahul Sundaram wrote: >> Clint Savage wrote: >>> >>> Mike, >>> >>> Do you have a link to the mailing list thread? I'd like to read up on >>> it. I like MU, don't get me wrong, just wonder why it was chosen. >> >> We wanted it for a Fedora News site. Refer >> >> https://fedorahosted.org/fedora-infrastructure/ticket/178 > > At this point, I think we're blocked on a theme (outside my skillset). I > think jonrob was going to look at this time-permitting. > > If we've made progress on this front, I can help w/ the puppetization, > if that's still outstanding. Should be set: http://duffy.fedorapeople.org/webdesign/fedora-wordpress-theme/ ~m From mmcgrath at redhat.com Wed Mar 18 18:46:33 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 18 Mar 2009 13:46:33 -0500 (CDT) Subject: rsync errors on archive In-Reply-To: <20090318152156.GG18973@lisas.de> References: <20090318152156.GG18973@lisas.de> Message-ID: On Wed, 18 Mar 2009, Adrian Reber wrote: > syncing against archive I get: > > rsync: opendir "/fedora/linux/releases/8/Everything/i386.newkey" (in fedora-archive) failed: Permission denied (13) > rsync: opendir "/fedora/linux/releases/8/Everything/x86_64.newkey" (in fedora-archive) failed: Permission denied (13) > rsync: opendir "/fedora/linux/releases/8/Everything/source.newkey" (in fedora-archive) failed: Permission denied (13) > rsync: opendir "/fedora/linux/releases/8/Everything/ppc.newkey" (in fedora-archive) failed: Permission denied (13) > rsync: opendir "/fedora/linux/releases/8/Everything/ppc64.newkey" (in fedora-archive) failed: Permission denied (13) > > The newkey directories can be probably deleted. As far as I know, there > was never anything in them. On the master server I was able to sync > these directories, although the directories were not accessible to the > user of my mirror server (just like a release before the bitflip). > > rsync: send_files failed to open "/fedora/linux/updates/7/SRPMS/.gdm-2.18.4-2.fc7.src.rpm.twC87k" (in fedora-archive): Permission denied (13) > Should be cleared up now. -Mike From diegobz at gmail.com Wed Mar 18 23:35:02 2009 From: diegobz at gmail.com (=?ISO-8859-1?Q?Diego_B=FArigo_Zacar=E3o?=) Date: Wed, 18 Mar 2009 20:35:02 -0300 Subject: [Change Request] Transifex 0.5 Message-ID: <6600c1b10903181635m4c40ede5s1f88db3b4d19515f@mail.gmail.com> We want to update Transifex on app1 with the latest code tagged as 0.5 Release. This shouldn't affect any other service on app1. Can I have +1s? -- Diego B?rigo Zacar?o http://diegobz.net Linux User #402589 USE SOFTWARE LIVRE -------------- next part -------------- An HTML attachment was scrubbed... URL: From ricky at fedoraproject.org Wed Mar 18 23:39:13 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Wed, 18 Mar 2009 19:39:13 -0400 Subject: [Change Request] Transifex 0.5 In-Reply-To: <6600c1b10903181635m4c40ede5s1f88db3b4d19515f@mail.gmail.com> References: <6600c1b10903181635m4c40ede5s1f88db3b4d19515f@mail.gmail.com> Message-ID: <20090318233913.GA29441@sphe.res.cmu.edu> On 2009-03-18 08:35:02 PM, Diego B?rigo Zacar?o wrote: > We want to update Transifex on app1 with the latest code tagged as 0.5 Release. > This shouldn't affect any other service on app1. > > Can I have +1s? +1 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From a.badger at gmail.com Wed Mar 18 23:45:32 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Wed, 18 Mar 2009 16:45:32 -0700 Subject: [Change Request] Transifex 0.5 In-Reply-To: <20090318233913.GA29441@sphe.res.cmu.edu> References: <6600c1b10903181635m4c40ede5s1f88db3b4d19515f@mail.gmail.com> <20090318233913.GA29441@sphe.res.cmu.edu> Message-ID: <49C1879C.4020505@gmail.com> Ricky Zhou wrote: > On 2009-03-18 08:35:02 PM, Diego B?rigo Zacar?o wrote: >> We want to update Transifex on app1 with the latest code tagged as 0.5 Release. >> This shouldn't affect any other service on app1. >> >> Can I have +1s? > +1 > +1 -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From skvidal at fedoraproject.org Thu Mar 19 18:59:36 2009 From: skvidal at fedoraproject.org (Seth Vidal) Date: Thu, 19 Mar 2009 14:59:36 -0400 (EDT) Subject: change request: remove fedora8 from the infofeed updates Message-ID: Somehow fedora8 is still being looked for for the infofeed rss feed on planet.fedoraproject.org. I'd like to remove this entry it is now outputting cron errors. can I get some +1's? thanks, -sv From a.badger at gmail.com Thu Mar 19 18:58:43 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Thu, 19 Mar 2009 11:58:43 -0700 Subject: change request: remove fedora8 from the infofeed updates In-Reply-To: References: Message-ID: <49C295E3.5010405@gmail.com> Seth Vidal wrote: > Somehow fedora8 is still being looked for for the infofeed rss feed on > planet.fedoraproject.org. I'd like to remove this entry it is now > outputting cron errors. > > can I get some +1's? +1 -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From ricky at fedoraproject.org Thu Mar 19 19:27:22 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Thu, 19 Mar 2009 15:27:22 -0400 Subject: change request: remove fedora8 from the infofeed updates In-Reply-To: References: Message-ID: <20090319192722.GA24341@sphe.res.cmu.edu> On 2009-03-19 02:59:36 PM, Seth Vidal wrote: > Somehow fedora8 is still being looked for for the infofeed rss feed on > planet.fedoraproject.org. I'd like to remove this entry it is now > outputting cron errors. > > can I get some +1's? +1 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Thu Mar 19 19:27:46 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 19 Mar 2009 14:27:46 -0500 (CDT) Subject: change request: remove fedora8 from the infofeed updates In-Reply-To: <49C295E3.5010405@gmail.com> References: <49C295E3.5010405@gmail.com> Message-ID: On Thu, 19 Mar 2009, Toshio Kuratomi wrote: > Seth Vidal wrote: > > Somehow fedora8 is still being looked for for the infofeed rss feed on > > planet.fedoraproject.org. I'd like to remove this entry it is now > > outputting cron errors. > > > > can I get some +1's? > > +1 > +1, you can do that one without a change request for the pre-releases. -Mike From ricky at fedoraproject.org Thu Mar 19 20:32:50 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Thu, 19 Mar 2009 16:32:50 -0400 Subject: Meeting Log - 2009-03-19 Message-ID: <20090319203250.GA27538@sphe.res.cmu.edu> 20:00 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Who's here 20:00 < mmcgrath> Ok all, time to get started, who's here for the infrastructure meeting? 20:00 * ricky 20:00 * jds2001 20:01 * ke4qqq 20:01 * abadger1999 here 20:01 -!- che [n=che at redhat/che] has joined #fedora-meeting 20:01 -!- meyering [n=jim at unaffiliated/meyering] has joined #fedora-meeting 20:02 < meyering> mmcgrath: I'm here ;-) 20:02 < mmcgrath> k, lets get started 20:02 < ranjith> here 20:02 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Tickets 20:02 < mmcgrath> .tiny https://fedorahosted.org/fedora-infrastructure/query?status=new&status=assigned&status=reopened&group=milestone&keywords=~Meeting&order=priority 20:02 < zodbot> mmcgrath: http://tinyurl.com/47e37y 20:02 < mmcgrath> meyering: yo 20:02 < mmcgrath> kanarip: you around? 20:02 < mmcgrath> .ticket 1203 20:02 < zodbot> mmcgrath: #1203 (RFR: x86_64 host for composing spins) - Fedora Infrastructure - Trac - https://fedorahosted.org/fedora-infrastructure/ticket/1203 20:02 < kanarip> yes 20:02 -!- J5 [n=quintice at c-66-31-41-146.hsd1.ma.comcast.net] has joined #fedora-meeting 20:02 < mmcgrath> kanarip: so what's the scoop on this? 20:03 < mmcgrath> what is the planned use for this server and what gets spun on it? 20:03 -!- MrTom [n=MrTom at fedora/MrTom] has left #fedora-meeting ["Konversation terminated!"] 20:03 < kanarip> we require resources for spin maintainers to see whether their spins fail or succeed composing, and additional details 20:03 -!- MostafaDaneshvar [n=MostafaD at unaffiliated/mostafadaneshvar] has joined #fedora-meeting 20:03 < mmcgrath> so it won't really have any sustained local storage? Just a sort of cache? 20:03 < mmcgrath> IE: we won't have to run backups on it? 20:03 < kanarip> basically, our plan is to create the spins, and get the logfiles somewhere public 20:04 -!- MostafaDaneshvar [n=MostafaD at unaffiliated/mostafadaneshvar] has left #fedora-meeting [] 20:04 < kanarip> mmcgrath, yes, no backup required 20:04 < kanarip> we grab livecd-tools, we grab spin-kickstarts, give it a spin and copy the log files somewhere, then destroy everything 20:04 < kanarip> "everything"; not the machine itself of course ;-) 20:04 < mmcgrath> kanarip: so you guys will just log in via ssh, someone will $run_script, and the results will get placed somewhere that is easily readable to the spin owner? 20:05 < kanarip> yes 20:05 < mmcgrath> I really don't see any blockers from my end other then the one listed in the ticket. 20:05 < jds2001> an installable rawhide would be nice :) 20:05 -!- ggruener [n=Gregor at pD9575D6A.dip.t-dialin.net] has joined #fedora-meeting 20:05 < mmcgrath> I'm not sure wtf is up with our physical hosts but after moving to 5.3, none of them can virt-install fedora anymore. 20:05 * kanarip goes to check the ticket 20:06 < mmcgrath> But that's all on our end, just going to delay getting this box up and running unfortunately. 20:06 < kanarip> ok 20:06 < kanarip> thanks! 20:06 < mmcgrath> kanarip: is there a pre-existing group that we can use in FAS or should I create a sysadmin-spins group or something? 20:07 -!- josemmanimala [n=chatzill at 59.161.152.178] has joined #fedora-meeting 20:07 < kanarip> i think gitspin-kickstarts is a little to broad, so a new group seems most appropriate 20:07 < mmcgrath> I guess these guys aren't really sysadmins, they're just consumers of this box. 20:07 < mmcgrath> kanarip: k, we'll just create a new "spinners" group or something. 20:07 < kanarip> perfect 20:07 < mmcgrath> kanarip: I take it you're the admin of that group? 20:08 < kanarip> yes 20:08 < mmcgrath> is there a "must have" by date? 20:08 -!- notting [n=notting at redhat/notting] has joined #fedora-meeting 20:09 -!- dwmw2 is now known as dwmw2_gone 20:09 < kanarip> mmcgrath, not really, but we'd love to have it before the F12 development cycle starts 20:09 < kanarip> ;-) 20:09 < mmcgrath> k. I need to hunker down and figure out why the virt-installs are failing anyway. 20:09 < mmcgrath> So that's really all the tickets we have listed right now. 20:10 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Beta Launch 20:10 < mmcgrath> https://fedorahosted.org/fedora-infrastructure/report/9 20:10 < mmcgrath> I'll go through these ticket by ticket 20:10 < mmcgrath> .ticket 1250 20:10 < zodbot> mmcgrath: #1250 (Website) - Fedora Infrastructure - Trac - https://fedorahosted.org/fedora-infrastructure/ticket/1250 20:10 < mmcgrath> ricky: you all set for website stuff? 20:10 < ricky> Yup 20:10 -!- Gaaruto [n=Gaaruto at fedora/Gaaruto] has quit "Bye!" 20:10 < mmcgrath> Are you going to do the website launch or will you be disposed on release morning? 20:10 < ricky> f13 warned me about checksum filename changes, so that's the biggest change other than the get-prerelease page 20:11 < mmcgrath> and we have the banner ready? 20:11 < ricky> Hm, if it's a Tuesday, I probably won't be around in the morning 20:11 < ricky> Yup, the art team has sent us a banner 20:11 < mmcgrath> k 20:11 * SmootherFrOgZ here 20:12 < mmcgrath> ricky: go ahead and accept that ticket so we know who's got it. 20:12 < mmcgrath> .ticket 1251 20:12 < mmcgrath> this one's all but done. 20:12 < zodbot> mmcgrath: #1251 (We need to verify Mirror Space for the F11 release) - Fedora Infrastructure - Trac - https://fedorahosted.org/fedora-infrastructure/ticket/1251 20:12 < mmcgrath> I need to verify the updates/testing 7/8 content is deleted and good to go. 20:12 < mmcgrath> I'll probably close that right after the meeting 20:12 < mmcgrath> .ticket 1252 20:12 -!- Gaaruto [n=Gaaruto at fedora/Gaaruto] has joined #fedora-meeting 20:12 < zodbot> mmcgrath: #1252 (Release Day Ticket - F11 beta) - Fedora Infrastructure - Trac - https://fedorahosted.org/fedora-infrastructure/ticket/1252 20:12 -!- ldimaggi_ [n=ldimaggi at c-76-19-171-76.hsd1.ma.comcast.net] has quit "Leaving" 20:12 < mmcgrath> That's just the release day ticket, I'll close it when we're all done. 20:12 < mmcgrath> .ticket 1253 20:12 < zodbot> mmcgrath: #1253 (Mirror Manager Redirects) - Fedora Infrastructure - Trac - https://fedorahosted.org/fedora-infrastructure/ticket/1253 20:13 < mmcgrath> domsch did this earlier in the week, it's closed already. 20:13 < mmcgrath> .ticket 1254 20:13 < zodbot> mmcgrath: #1254 (Infrastructure Change Freeze) - Fedora Infrastructure - Trac - https://fedorahosted.org/fedora-infrastructure/ticket/1254 20:13 < mmcgrath> The change freeze has been in place. 20:13 < mmcgrath> Aside from transifex it's been very quiet and good. 20:13 < mmcgrath> and even with transifex things have been well, I think that team is happy with the work and have started using it. 20:13 < mmcgrath> .ticket 1255 20:13 < zodbot> mmcgrath: #1255 (Add new release to Mirror Manager) - Fedora Infrastructure - Trac - https://fedorahosted.org/fedora-infrastructure/ticket/1255 20:14 < mmcgrath> This should be automatic. I seem to remember it not being in the past though, we'll have to watch it on release day 20:14 -!- ldimaggi_ [n=ldimaggi at c-76-19-171-76.hsd1.ma.comcast.net] has joined #fedora-meeting 20:14 < mmcgrath> So really that's it for the release. 20:14 < mmcgrath> I'm going to try to do the mirror-rediness test again like I did for the alpha 20:14 < ricky> Hm, how much of the fullfilelist work has been done so that we can have less of a mirror sync delay? 20:14 * mmcgrath gets those notes 20:14 < mmcgrath> ricky: I know some of it has been done, i'm not sure how much. 20:15 < mmcgrath> I don't believe it's ready for the beta though 20:15 < mmcgrath> .any mdomsch 20:15 < zodbot> mmcgrath: mdomsch was last seen in #fedora-meeting 20 hours, 11 minutes, and 16 seconds ago: *** mdomsch has quit IRC ("Leaving") 20:15 < ricky> Ah, OK 20:15 < mmcgrath> http://mmcgrath.fedorapeople.org/alphaMirrorRediness.html 20:15 < mmcgrath> here's how it went last time. 20:15 -!- rogersinel1 [n=rogers at 88.80.164.157] has quit Read error: 104 (Connection reset by peer) 20:15 < mmcgrath> with hour 1 being the hour prior to release. 20:16 < mmcgrath> f13: have you talked to mdomsch in a while about the file lists change to make the mirrors sync faster? 20:16 < f13> no 20:16 < mmcgrath> k, i'm going to check the tickets and open one if it doesn't exist so we don't forget about it. 20:17 < mmcgrath> f13: what are our odds for a release on the 24th? 20:17 < mmcgrath> 90%? :) 20:18 < f13> 10% 20:18 < mmcgrath> ouch. 20:18 < mmcgrath> if we do slip, will it target one week later? 20:18 < mmcgrath> is it the anaconda storage stuff? 20:19 < f13> we're discussing it right now on the side, I odn't have full details/plans yet 20:19 < f13> but 99% certain there will be a slip, either a 2 day or 7 day slip 20:19 < mmcgrath> k. 20:19 < mmcgrath> 20:19 -!- Sonar_Guy [n=Who at fedora/sonarguy] has joined #fedora-meeting 20:20 < mmcgrath> So anyone have any questions about the beta release? 20:20 < ggruener> we get a new wiki site to test like the alpha-release? 20:21 < mmcgrath> ggruener: I believe the QA team will have that page up yes. 20:21 < ggruener> ah ok 20:21 < mmcgrath> ggruener: I'll make sure to send it to the fil when it's up. 20:22 < mmcgrath> K 20:22 < mmcgrath> so next item 20:22 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Wiki 20:22 < mmcgrath> So EPEL went up to 1.14.x for mediawiki. 20:22 < mmcgrath> we're going to have to upgrade soon. 20:22 < mmcgrath> Jose did some tests yesterday and it looks like it'll be painless. 20:22 < mmcgrath> I'm going to wait until after the beta to put it in though. 20:22 < mmcgrath> any questions / concerns on that? 20:23 < mmcgrath> k 20:23 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Cloud 20:23 < mmcgrath> So our cloud stuff is coming along, it seems all of our network stuff is configured. 20:23 < mmcgrath> the problem? Our cyclades stopped responding at some point between when it was installed and now. 20:23 < mmcgrath> I've got a ticket open and my understanding is they're working to get remote hands in place to figure out what's goin gon. 20:24 < mmcgrath> If we can't get it working by monday, it'll likely be another week before our tech gets back on site 20:24 < mmcgrath> he'll be traveling to Raleigh 20:24 -!- fugolini1 [n=francesc at host104-201-dynamic.21-87-r.retail.telecomitalia.it] has joined #fedora-meeting 20:24 < mmcgrath> So that's really all I have on that 20:24 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Open Floor 20:24 < mmcgrath> anyone have anything else they'd like to discuss? 20:25 < jds2001> .ticket 1279 20:25 < zodbot> jds2001: #1279 (FAS integration with Freemedia TRAC.) - Fedora Infrastructure - Trac - https://fedorahosted.org/fedora-infrastructure/ticket/1279 20:25 < jds2001> so we need some policy about when we'll do this. 20:25 < jds2001> I'm going to experiment with doing it with mod_auth_postgres, but that's not really scalable. 20:25 < mmcgrath> jds2001: I'm fine with doing it whenever, AFAIK their shipping for the month is currently closed. 20:26 < mmcgrath> jds2001: define scalable. 20:26 < jds2001> no, I mean for what other projects :) 20:26 < mmcgrath> oh 20:26 < mmcgrath> well, as far as I'm concerned, freemedia got grandfathered in. 20:26 < ricky> We should be making things private very very rarely, I'd hope 20:26 < jds2001> i.e. project X sees we did this and asks tomorrow. 20:26 < mmcgrath> jds2001: I'm fine taking the heat on that and just saying "no, we won't" 20:26 < mmcgrath> We can take it on a case by case basis. 20:27 < jds2001> sounds reasonable. 20:27 < mmcgrath> but AFAIK, no other projects are storing private data that would be covered by our privacy policy. 20:27 -!- JSchmitt [n=s4504kr at p4FDD1FB6.dip0.t-ipconnect.de] has quit Remote closed the connection 20:27 -!- josemmanimala [n=chatzill at 59.161.152.178] has quit "ChatZilla 0.9.84 [Firefox 3.0.7/2009021910]" 20:27 < jds2001> famna and famsco do, but they're using the private tickets plugin 20:27 < mmcgrath> jds2001: do they maintain all of that via trac directly? 20:28 -!- GeroldKa [n=GeroldKa at fedora/geroldka] has quit "Verlassend" 20:28 < jds2001> I packaged up the private tickets plugin for them and edited trac.ini 20:28 < jds2001> but other than that, they maintain it via trac. 20:28 < mmcgrath> k 20:29 < jds2001> but freemedia is a tad...larger :) 20:29 < mmcgrath> yeah 20:29 < mmcgrath> jds2001: thanks for taking a look at that ticket. Let me know if you want any help testing it. 20:29 < jds2001> cool, I'll probably work on hosted2 to start. 20:30 < mmcgrath> excellent 20:30 < mmcgrath> anyone have anything else? If not we'll close the meeting early today 20:31 < mmcgrath> ok, sounds good then we'll close in 30 20:32 < mmcgrath> 10 20:32 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Meeting Closed -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From ricky at fedoraproject.org Fri Mar 20 02:46:23 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Thu, 19 Mar 2009 22:46:23 -0400 Subject: [Change Request] Use single quotes for the mysql backup cronjob. Message-ID: <20090320024623.GA1850@sphe.res.cmu.edu> This has been causing us to get extra cron spam (and stalling mysql updates). I doubt anybody would consider this very risky :-) --- manifests/services/db.pp | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/manifests/services/db.pp b/manifests/services/db.pp index fbed669..b5a7a29 100644 --- a/manifests/services/db.pp +++ b/manifests/services/db.pp @@ -37,7 +37,7 @@ class mysqlBackup { } cron { mysql-backup: - command => "time /bin/sleep $(($RANDOM/20)) ; /var/lib/mysql/save-mysql", + command => 'time /bin/sleep $(($RANDOM/20)) ; /var/lib/mysql/save-mysql', user => mysql, minute => 40, hour => [ 2,8,14,20 ], -- 1.5.5.6 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Fri Mar 20 02:50:34 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 19 Mar 2009 21:50:34 -0500 (CDT) Subject: [Change Request] Use single quotes for the mysql backup cronjob. In-Reply-To: <20090320024623.GA1850@sphe.res.cmu.edu> References: <20090320024623.GA1850@sphe.res.cmu.edu> Message-ID: On Thu, 19 Mar 2009, Ricky Zhou wrote: > This has been causing us to get extra cron spam (and stalling mysql > updates). I doubt anybody would consider this very risky :-) > > --- > manifests/services/db.pp | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/manifests/services/db.pp b/manifests/services/db.pp > index fbed669..b5a7a29 100644 > --- a/manifests/services/db.pp > +++ b/manifests/services/db.pp > @@ -37,7 +37,7 @@ class mysqlBackup { > } > > cron { mysql-backup: > - command => "time /bin/sleep $(($RANDOM/20)) ; /var/lib/mysql/save-mysql", > + command => 'time /bin/sleep $(($RANDOM/20)) ; /var/lib/mysql/save-mysql', > user => mysql, > minute => 40, > hour => [ 2,8,14,20 ], Sorry about that, +1 -Mike From nigjones at redhat.com Fri Mar 20 03:06:27 2009 From: nigjones at redhat.com (Nigel Jones) Date: Thu, 19 Mar 2009 23:06:27 -0400 (EDT) Subject: [Change Request] Use single quotes for the mysql backup cronjob. In-Reply-To: <20090320024623.GA1850@sphe.res.cmu.edu> Message-ID: <13297989.21237518375153.JavaMail.nigjones@njones.bne.redhat.com> +1 ----- "Ricky Zhou" wrote: > This has been causing us to get extra cron spam (and stalling mysql > updates). I doubt anybody would consider this very risky :-) > > --- > manifests/services/db.pp | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/manifests/services/db.pp b/manifests/services/db.pp > index fbed669..b5a7a29 100644 > --- a/manifests/services/db.pp > +++ b/manifests/services/db.pp > @@ -37,7 +37,7 @@ class mysqlBackup { > } > > cron { mysql-backup: > - command => "time /bin/sleep $(($RANDOM/20)) ; > /var/lib/mysql/save-mysql", > + command => 'time /bin/sleep $(($RANDOM/20)) ; > /var/lib/mysql/save-mysql', > user => mysql, > minute => 40, > hour => [ 2,8,14,20 ], > -- > 1.5.5.6 > > Thanks, > Ricky > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list From mark at wormgoor.com Fri Mar 20 12:20:09 2009 From: mark at wormgoor.com (Mark Wormgoor) Date: Fri, 20 Mar 2009 13:20:09 +0100 Subject: [Change Request] Use single quotes for the mysql backup cronjob. In-Reply-To: <20090320024623.GA1850@sphe.res.cmu.edu> References: <20090320024623.GA1850@sphe.res.cmu.edu> Message-ID: <49C389F9.2030007@wormgoor.com> Ricky Zhou wrote: > This has been causing us to get extra cron spam (and stalling mysql > updates). I doubt anybody would consider this very risky :-) > > --- > manifests/services/db.pp | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/manifests/services/db.pp b/manifests/services/db.pp > index fbed669..b5a7a29 100644 > --- a/manifests/services/db.pp > +++ b/manifests/services/db.pp > @@ -37,7 +37,7 @@ class mysqlBackup { > } > > cron { mysql-backup: > - command => "time /bin/sleep $(($RANDOM/20)) ; /var/lib/mysql/save-mysql", > + command => 'time /bin/sleep $(($RANDOM/20)) ; /var/lib/mysql/save-mysql', Can you use $(($RANDOM/20)) between single quotes? Kind regards, Mark From stickster at gmail.com Fri Mar 20 12:32:08 2009 From: stickster at gmail.com (Paul W. Frields) Date: Fri, 20 Mar 2009 08:32:08 -0400 Subject: [Change Request] Use single quotes for the mysql backup cronjob. In-Reply-To: <49C389F9.2030007@wormgoor.com> References: <20090320024623.GA1850@sphe.res.cmu.edu> <49C389F9.2030007@wormgoor.com> Message-ID: <20090320123159.GB11465@localhost.localdomain> On Fri, Mar 20, 2009 at 01:20:09PM +0100, Mark Wormgoor wrote: > Ricky Zhou wrote: >> This has been causing us to get extra cron spam (and stalling mysql >> updates). I doubt anybody would consider this very risky :-) >> >> --- >> manifests/services/db.pp | 2 +- >> 1 files changed, 1 insertions(+), 1 deletions(-) >> >> diff --git a/manifests/services/db.pp b/manifests/services/db.pp >> index fbed669..b5a7a29 100644 >> --- a/manifests/services/db.pp >> +++ b/manifests/services/db.pp >> @@ -37,7 +37,7 @@ class mysqlBackup { >> } >> cron { mysql-backup: >> - command => "time /bin/sleep $(($RANDOM/20)) ; /var/lib/mysql/save-mysql", >> + command => 'time /bin/sleep $(($RANDOM/20)) ; /var/lib/mysql/save-mysql', > > Can you use $(($RANDOM/20)) between single quotes? Not in a bash shell, but these quotes aren't used in that context AIUI. -- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From tmz at pobox.com Fri Mar 20 15:06:45 2009 From: tmz at pobox.com (Todd Zullinger) Date: Fri, 20 Mar 2009 11:06:45 -0400 Subject: [Change Request] Use single quotes for the mysql backup cronjob. In-Reply-To: <20090320123159.GB11465@localhost.localdomain> References: <20090320024623.GA1850@sphe.res.cmu.edu> <49C389F9.2030007@wormgoor.com> <20090320123159.GB11465@localhost.localdomain> Message-ID: <20090320150645.GA27292@inocybe.teonanacatl.org> Paul W. Frields wrote: > On Fri, Mar 20, 2009 at 01:20:09PM +0100, Mark Wormgoor wrote: >> Ricky Zhou wrote: >>> This has been causing us to get extra cron spam (and stalling mysql >>> updates). I doubt anybody would consider this very risky :-) >>> >>> --- >>> manifests/services/db.pp | 2 +- >>> 1 files changed, 1 insertions(+), 1 deletions(-) >>> >>> diff --git a/manifests/services/db.pp b/manifests/services/db.pp >>> index fbed669..b5a7a29 100644 >>> --- a/manifests/services/db.pp >>> +++ b/manifests/services/db.pp >>> @@ -37,7 +37,7 @@ class mysqlBackup { >>> } >>> cron { mysql-backup: >>> - command => "time /bin/sleep $(($RANDOM/20)) ; /var/lib/mysql/save-mysql", >>> + command => 'time /bin/sleep $(($RANDOM/20)) ; /var/lib/mysql/save-mysql', >> >> Can you use $(($RANDOM/20)) between single quotes? > > Not in a bash shell, but these quotes aren't used in that context AIUI. Right, in puppet, using single quotes keeps puppet itself from trying to expand the variables. That way, the command you want gets passed to the shell. Knowing next to nothing about infra's puppet setup, the change looks sane to me -- double quotes would surely be broken. :) -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Every man should have a college education in order to show him how little the thing is really worth. -- Elbert Hubbard (1856-1915), "A Message to Garcia" -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available URL: From snow.open.ski at gmail.com Sat Mar 21 06:52:37 2009 From: snow.open.ski at gmail.com (Will) Date: Sat, 21 Mar 2009 02:52:37 -0400 Subject: Hello Message-ID: <49C48EB5.40006@gmail.com> Hi, My name is Will Morris. I thought that I would say hi, and mention some of my skills as that is what it says to do. I have an ever growing knowledge of HTML and CSS. I am starting to learn how to do shell scripting, as well as creating MySQL. I am looking to learn how to administer a larger network better than I currently do. I am currently running a medium sized home network, and hope to increase the size of. If you have any questions please feel free to email me or ask a question of me on the mailing list. Cheers! Will Morris From mmcgrath at redhat.com Sat Mar 21 14:45:16 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Sat, 21 Mar 2009 09:45:16 -0500 (CDT) Subject: Hello In-Reply-To: <49C48EB5.40006@gmail.com> References: <49C48EB5.40006@gmail.com> Message-ID: On Sat, 21 Mar 2009, Will wrote: > Hi, > > My name is Will Morris. I thought that I would say hi, and mention some of my > skills as that is what it says to do. I have an ever growing knowledge of HTML > and CSS. I am starting to learn how to do shell scripting, as well as creating > MySQL. I am looking to learn how to administer a larger network better than I > currently do. I am currently running a medium sized home network, and hope to > increase the size of. If you have any questions please feel free to email me > or ask a question of me on the mailing list. > We are always in need of css expertise. You may also want to join the fedora-websites-list to help with the various tasks that come up. We hang out in #fedora-admin on irc.freenode.net feel free to stop by any time. -Mike From tomek.walkuski at gmail.com Sat Mar 21 16:02:32 2009 From: tomek.walkuski at gmail.com (Tomek =?UTF-8?Q?Wa=C5=82kuski?=) Date: Sat, 21 Mar 2009 17:02:32 +0100 Subject: Another hello Message-ID: <1237651353.3498.27.camel@localhost.localdomain> Hi, my name is Tomek Walkuski. I want to introduce myself and write something about my skills, responsibilities at day job and so on. I am administering a few CentOS servers, two of these are under VERY high load running some Java and MySQL powered applications. One of these is running quite small Oracle instance. I am also using CentOS in my Master's degree thesis. What I want to achieve? Always learn something new (to be more proficient in Red Hat / CentOS / Fedora and to pass someday RHCE certificate), give my skills, experience (well...) and knowledge back. I think sticking to Fedora Infrastructure Team someday would be great opportunity to get involved in FOSS development. Now I will try to wander around a little :) During my free time, I am riding my bike, playing with Ada and Eiffel languages, "doing things". -- Tomek Wa?kuski tomek.walkuski at gmail.com tel. +48 505 766 148 From jonstanley at gmail.com Sat Mar 21 20:59:26 2009 From: jonstanley at gmail.com (Jon Stanley) Date: Sat, 21 Mar 2009 20:59:26 +0000 Subject: [Change Request] Make sure inactive accounts can't auth to other webapps In-Reply-To: <1237669166-3727-2-git-send-email-jonstanley@gmail.com> References: <1237669166-3727-1-git-send-email-jonstanley@gmail.com> <1237669166-3727-2-git-send-email-jonstanley@gmail.com> Message-ID: <1237669166-3727-3-git-send-email-jonstanley@gmail.com> --- configs/system/nagios-http.conf.erb | 1 + configs/web/balancer.conf.erb | 1 + configs/web/cacti-secure.conf.erb | 1 + configs/web/exclude.conf.erb | 1 + 4 files changed, 4 insertions(+), 0 deletions(-) diff --git a/configs/system/nagios-http.conf.erb b/configs/system/nagios-http.conf.erb index e845f48..4c04ccc 100644 --- a/configs/system/nagios-http.conf.erb +++ b/configs/system/nagios-http.conf.erb @@ -14,6 +14,7 @@ ScriptAlias /tac.cgi /usr/lib64/nagios/cgi-bin/tac.cgi Auth_PG_pwd_table people Auth_PG_uid_field username Auth_PG_pwd_field password + Auth_PG_whereclause " and status='active'" require valid-user diff --git a/configs/web/balancer.conf.erb b/configs/web/balancer.conf.erb index eae1fb4..81212db 100644 --- a/configs/web/balancer.conf.erb +++ b/configs/web/balancer.conf.erb @@ -16,6 +16,7 @@ RewriteRule ^/balancer.* /balancer$1 [L] Auth_PG_pwd_table people Auth_PG_uid_field username Auth_PG_pwd_field password + Auth_PG_whereclause " and status='active'" Auth_PG_grp_table user_group Auth_PG_grp_user_field username Auth_PG_grp_group_field groupname diff --git a/configs/web/cacti-secure.conf.erb b/configs/web/cacti-secure.conf.erb index f5b909c..3178fb2 100644 --- a/configs/web/cacti-secure.conf.erb +++ b/configs/web/cacti-secure.conf.erb @@ -10,6 +10,7 @@ Auth_PG_pwd_table people Auth_PG_uid_field username Auth_PG_pwd_field password + Auth_PG_whereclause " and status='active'" require valid-user diff --git a/configs/web/exclude.conf.erb b/configs/web/exclude.conf.erb index fd87430..d98dd37 100644 --- a/configs/web/exclude.conf.erb +++ b/configs/web/exclude.conf.erb @@ -19,6 +19,7 @@ Auth_PG_pwd_table people Auth_PG_uid_field username Auth_PG_pwd_field password + Auth_PG_whereclause " and status='active'" require valid-user Order deny,allow deny from all -- 1.5.5.6 From jonstanley at gmail.com Sat Mar 21 20:59:24 2009 From: jonstanley at gmail.com (Jon Stanley) Date: Sat, 21 Mar 2009 20:59:24 +0000 Subject: Don't allow inactive accounts to authenticate using basic auth Message-ID: <1237669166-3727-1-git-send-email-jonstanley@gmail.com> Inactive accounts could authenticate to sites using mod_auth_pgsql. Pretty sure all of these apps are not under freeze, but rather be safe. Some +1's? From jonstanley at gmail.com Sat Mar 21 20:59:25 2009 From: jonstanley at gmail.com (Jon Stanley) Date: Sat, 21 Mar 2009 20:59:25 +0000 Subject: [Change Request] make sure inactive accounts can't auth to trac In-Reply-To: <1237669166-3727-1-git-send-email-jonstanley@gmail.com> References: <1237669166-3727-1-git-send-email-jonstanley@gmail.com> Message-ID: <1237669166-3727-2-git-send-email-jonstanley@gmail.com> --- configs/web/applications/hosted.conf.erb | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/configs/web/applications/hosted.conf.erb b/configs/web/applications/hosted.conf.erb index e2a532e..5a5b78c 100644 --- a/configs/web/applications/hosted.conf.erb +++ b/configs/web/applications/hosted.conf.erb @@ -15,6 +15,7 @@ Auth_PG_pwd_table people Auth_PG_uid_field username Auth_PG_pwd_field password + Auth_PG_whereclause " and status='active'" Require valid-user @@ -32,6 +33,7 @@ Auth_PG_pwd_table people Auth_PG_uid_field username Auth_PG_pwd_field password + Auth_PG_whereclause " and status='active'" Auth_PG_grp_table user_group Auth_PG_grp_user_field username -- 1.5.5.6 From lmacken at redhat.com Sat Mar 21 20:59:11 2009 From: lmacken at redhat.com (Luke Macken) Date: Sat, 21 Mar 2009 16:59:11 -0400 Subject: [Change Request] Minor bodhi update Message-ID: <20090321205911.GA27553@x300> Hi guys, I'd like to do a low-risk bodhi upgrade this weekend. Changes include: * A new argument to the 'list' API method that will be utilized by Fedora Community. This does not break the existing API. * Added FormEncode validators to the 'list' API method, which fixes a couple of issues, and ensures we get the data that we expect. * Made some parts of the updates push process a bit more robust, so if there is a problem with 1 update, it won't effect the others. This will help us mitigate some recent explosions that we saw due to race-conditions. * Fixed some Koji session issues, which we have been hitting every now and then during pushes. luke From ricky at fedoraproject.org Sat Mar 21 21:20:28 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Sat, 21 Mar 2009 17:20:28 -0400 Subject: Don't allow inactive accounts to authenticate using basic auth In-Reply-To: <1237669166-3727-1-git-send-email-jonstanley@gmail.com> References: <1237669166-3727-1-git-send-email-jonstanley@gmail.com> Message-ID: <20090321212028.GD10181@sphe.res.cmu.edu> On 2009-03-21 08:59:24 PM, Jon Stanley wrote: > Inactive accounts could authenticate to sites using mod_auth_pgsql. > > Pretty sure all of these apps are not under freeze, but rather be safe. Some +1's? We tested this out on hosted1 with active and inactive accounts, so: +1 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From jonstanley at gmail.com Sat Mar 21 21:40:39 2009 From: jonstanley at gmail.com (Jon Stanley) Date: Sat, 21 Mar 2009 17:40:39 -0400 Subject: Don't allow inactive accounts to authenticate using basic auth In-Reply-To: <20090321212028.GD10181@sphe.res.cmu.edu> References: <1237669166-3727-1-git-send-email-jonstanley@gmail.com> <20090321212028.GD10181@sphe.res.cmu.edu> Message-ID: Oops, there's one more: diff --git a/modules/prelude/templates/prewikka-httpd.conf b/modules/prelude/templates/prewikka-httpd.conf index 3cabd5b..9486d2e 100644 --- a/modules/prelude/templates/prewikka-httpd.conf +++ b/modules/prelude/templates/prewikka-httpd.conf @@ -14,6 +14,7 @@ ScriptAlias /prewikka /usr/share/prewikka/cgi-bin/prewikka.cgi Auth_PG_pwd_table people Auth_PG_uid_field username Auth_PG_pwd_field password + Auth_PG_whereclause " and status='active'" Auth_PG_grp_table user_group Auth_PG_grp_user_field username Auth_PG_grp_group_field groupname 2009/3/21 Ricky Zhou : > On 2009-03-21 08:59:24 PM, Jon Stanley wrote: >> Inactive accounts could authenticate to sites using mod_auth_pgsql. >> >> Pretty sure all of these apps are not under freeze, but rather be safe. Some +1's? > We tested this out on hosted1 with active and inactive accounts, so: > +1 > > Thanks, > Ricky > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > From nigjones at redhat.com Sat Mar 21 22:26:42 2009 From: nigjones at redhat.com (Nigel Jones) Date: Sat, 21 Mar 2009 18:26:42 -0400 (EDT) Subject: [Change Request] Minor bodhi update In-Reply-To: <20090321205911.GA27553@x300> Message-ID: <30715331.81237674392107.JavaMail.nigjones@njones.bne.redhat.com> +1 seems sane ----- "Luke Macken" wrote: > Hi guys, > > I'd like to do a low-risk bodhi upgrade this weekend. Changes > include: > > * A new argument to the 'list' API method that will be utilized by > Fedora Community. This does not break the existing API. > * Added FormEncode validators to the 'list' API method, which fixes > a > couple of issues, and ensures we get the data that we expect. > * Made some parts of the updates push process a bit more robust, so > if > there is a problem with 1 update, it won't effect the others. > This > will help us mitigate some recent explosions that we saw due to > race-conditions. > * Fixed some Koji session issues, which we have been hitting > every now and then during pushes. > > luke > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list From mmcgrath at redhat.com Sun Mar 22 01:59:17 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Sat, 21 Mar 2009 20:59:17 -0500 (CDT) Subject: Don't allow inactive accounts to authenticate using basic auth In-Reply-To: <20090321212028.GD10181@sphe.res.cmu.edu> References: <1237669166-3727-1-git-send-email-jonstanley@gmail.com> <20090321212028.GD10181@sphe.res.cmu.edu> Message-ID: On Sat, 21 Mar 2009, Ricky Zhou wrote: > On 2009-03-21 08:59:24 PM, Jon Stanley wrote: > > Inactive accounts could authenticate to sites using mod_auth_pgsql. > > > > Pretty sure all of these apps are not under freeze, but rather be safe. Some +1's? > We tested this out on hosted1 with active and inactive accounts, so: > +1 > +1 -Mike From mmcgrath at redhat.com Sun Mar 22 01:59:35 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Sat, 21 Mar 2009 20:59:35 -0500 (CDT) Subject: [Change Request] Minor bodhi update In-Reply-To: <30715331.81237674392107.JavaMail.nigjones@njones.bne.redhat.com> References: <30715331.81237674392107.JavaMail.nigjones@njones.bne.redhat.com> Message-ID: On Sat, 21 Mar 2009, Nigel Jones wrote: > +1 seems sane > ----- "Luke Macken" wrote: > > > Hi guys, > > > > I'd like to do a low-risk bodhi upgrade this weekend. Changes > > include: > > > > * A new argument to the 'list' API method that will be utilized by > > Fedora Community. This does not break the existing API. > > * Added FormEncode validators to the 'list' API method, which fixes > > a > > couple of issues, and ensures we get the data that we expect. > > * Made some parts of the updates push process a bit more robust, so > > if > > there is a problem with 1 update, it won't effect the others. > > This > > will help us mitigate some recent explosions that we saw due to > > race-conditions. > > * Fixed some Koji session issues, which we have been hitting > > every now and then during pushes. > > > > luke > > +1 -Mike From sundaram at fedoraproject.org Sun Mar 22 02:18:00 2009 From: sundaram at fedoraproject.org (Rahul Sundaram) Date: Sun, 22 Mar 2009 07:48:00 +0530 Subject: Wordpress? In-Reply-To: <49C1348F.4050201@redhat.com> References: <914074.47996.qm@web50906.mail.re2.yahoo.com> <49B0F557.2080608@fedoraproject.org> <49B531CF.8000409@redhat.com> <49C1348F.4050201@redhat.com> Message-ID: <49C59FD8.2000504@fedoraproject.org> M?ir??n Duffy wrote: > Bret McMillan wrote: >> Rahul Sundaram wrote: >>> Clint Savage wrote: >>>> >>>> Mike, >>>> >>>> Do you have a link to the mailing list thread? I'd like to read up on >>>> it. I like MU, don't get me wrong, just wonder why it was chosen. >>> >>> We wanted it for a Fedora News site. Refer >>> >>> https://fedorahosted.org/fedora-infrastructure/ticket/178 >> >> At this point, I think we're blocked on a theme (outside my skillset). >> I think jonrob was going to look at this time-permitting. >> >> If we've made progress on this front, I can help w/ the puppetization, >> if that's still outstanding. > > Should be set: > > http://duffy.fedorapeople.org/webdesign/fedora-wordpress-theme/ Thanks Mo. Brett, can you help move this forward? Rahul From mmcgrath at redhat.com Sun Mar 22 03:26:21 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Sat, 21 Mar 2009 22:26:21 -0500 (CDT) Subject: Memory issue Message-ID: What am I missing here? This happened on db3 again - total used free shared buffers cached Mem: 18480632 18383512 97120 0 25968 17305332 -/+ buffers/cache: 1052212 17428420 Swap: 3145720 3145720 0 1) This box was swapping out like crazy. 2) All swap was full 3) oomkiller didn't start 4) Load went up a little bit, topped out at 3 5) no issues with the box at all, has postgres on it, kept running, wasn't slow, box was completely responsive. 6) It's done this before, and aside from nagios alerting us the swap was full, not had any issues with the box. 7) vm.swappiness = 60 which IIRC is the default -Mike From Matt_Domsch at dell.com Sun Mar 22 05:11:47 2009 From: Matt_Domsch at dell.com (Matt Domsch) Date: Sun, 22 Mar 2009 00:11:47 -0500 Subject: Memory issue In-Reply-To: References: Message-ID: <20090322051147.GA24134@auslistsprd01.us.dell.com> On Sat, Mar 21, 2009 at 10:26:21PM -0500, Mike McGrath wrote: > What am I missing here? This happened on db3 again - > > total used free shared buffers cached > Mem: 18480632 18383512 97120 0 25968 17305332 > -/+ buffers/cache: 1052212 17428420 > Swap: 3145720 3145720 0 > > > 1) This box was swapping out like crazy. > > 2) All swap was full > > 3) oomkiller didn't start > > 4) Load went up a little bit, topped out at 3 > > 5) no issues with the box at all, has postgres on it, kept running, wasn't > slow, box was completely responsive. > > 6) It's done this before, and aside from nagios alerting us the swap was > full, not had any issues with the box. There are ~30 postgres processes running, many with RSS > 1.6GB, and nearly all marked idle. If these processes aren't actively running, they each can get swapped out to free memory for use by the page cache. The page cache is consuming 17GB, which it's free to do if no applications are actually _running_ that need more memory. The processes that are running and touching the database will cause those disk accesses to get cached in the page cache. -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From a.badger at gmail.com Sun Mar 22 05:41:57 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Sat, 21 Mar 2009 22:41:57 -0700 Subject: Don't allow inactive accounts to authenticate using basic auth In-Reply-To: <1237669166-3727-1-git-send-email-jonstanley@gmail.com> References: <1237669166-3727-1-git-send-email-jonstanley@gmail.com> Message-ID: <49C5CFA5.4050205@gmail.com> Jon Stanley wrote: > Inactive accounts could authenticate to sites using mod_auth_pgsql. > > Pretty sure all of these apps are not under freeze, but rather be safe. Some +1's? > +1 -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From Axel.Thimm at ATrpms.net Sun Mar 22 10:02:41 2009 From: Axel.Thimm at ATrpms.net (Axel Thimm) Date: Sun, 22 Mar 2009 12:02:41 +0200 Subject: hosts for rawhide build chroots - different rpm versions? Message-ID: <20090322100241.GA11378@victor.nirvana> Hi, AFAIK the build hosts are RHEL5 (or maybe F10 by now?). At any rate the rpm used in rawhide is quite different than the ones from the hosts, how has this been solved in the build hosts? Has the hosting OS upgraded its rpm to be compatible to all hosted chroots? Or is the rpm within the chroot used? I'm asking in a double context: First I'd like to understand if smart can properly handle chroots of rawhide/F11 on F10/RHEL5 hosts. Anders Bj?rklund (in the Cc, please keep him there on replies) has put a great deal of effort to have smart working on F10 and F11, and a smart version for managing F11 and later chroots on F10 or earlier would be great. And second I'd like to know how to setup a build environment for F11 for getting some ATrpms packages out. Thanks! -- Axel.Thimm at ATrpms.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Sun Mar 22 15:52:48 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Sun, 22 Mar 2009 10:52:48 -0500 (CDT) Subject: Memory issue In-Reply-To: <20090322051147.GA24134@auslistsprd01.us.dell.com> References: <20090322051147.GA24134@auslistsprd01.us.dell.com> Message-ID: On Sun, 22 Mar 2009, Matt Domsch wrote: > On Sat, Mar 21, 2009 at 10:26:21PM -0500, Mike McGrath wrote: > > What am I missing here? This happened on db3 again - > > > > total used free shared buffers cached > > Mem: 18480632 18383512 97120 0 25968 17305332 > > -/+ buffers/cache: 1052212 17428420 > > Swap: 3145720 3145720 0 > > > > > > 1) This box was swapping out like crazy. > > > > 2) All swap was full > > > > 3) oomkiller didn't start > > > > 4) Load went up a little bit, topped out at 3 > > > > 5) no issues with the box at all, has postgres on it, kept running, wasn't > > slow, box was completely responsive. > > > > 6) It's done this before, and aside from nagios alerting us the swap was > > full, not had any issues with the box. > > There are ~30 postgres processes running, many with RSS > 1.6GB, and > nearly all marked idle. If these processes aren't actively running, > they each can get swapped out to free memory for use by the page > cache. The page cache is consuming 17GB, which it's free to do if no > applications are actually _running_ that need more memory. The > processes that are running and touching the database will cause those > disk accesses to get cached in the page cache. > Very interesting, I didn't realize that RSS could be swapped out for page cache on apps that weren't in the run state. -Mike From dennis at ausil.us Sun Mar 22 16:53:09 2009 From: dennis at ausil.us (Dennis Gilmore) Date: Sun, 22 Mar 2009 11:53:09 -0500 Subject: hosts for rawhide build chroots - different rpm versions? In-Reply-To: <20090322100241.GA11378@victor.nirvana> References: <20090322100241.GA11378@victor.nirvana> Message-ID: <200903221153.10378.dennis@ausil.us> On Sunday 22 March 2009 05:02:41 am Axel Thimm wrote: > Hi, > > AFAIK the build hosts are RHEL5 (or maybe F10 by now?). At any rate > the rpm used in rawhide is quite different than the ones from the > hosts, how has this been solved in the build hosts? Has the hosting OS > upgraded its rpm to be compatible to all hosted chroots? Or is the rpm > within the chroot used? > > I'm asking in a double context: First I'd like to understand if smart > can properly handle chroots of rawhide/F11 on F10/RHEL5 hosts. Anders > Bj?rklund (in the Cc, please keep him there on replies) has put a > great deal of effort to have smart working on F10 and F11, and a smart > version for managing F11 and later chroots on F10 or earlier would be > great. > > And second I'd like to know how to setup a build environment for F11 > for getting some ATrpms packages out. we are running a version of rpm 4.6.0 on rhel5. This is only so mock can populate chroots with rpms with stronger hashes rhel5's rpm doesnt support. All srpm creation now takes place in chroots so features of the target rpm are always available. rpm in F-10 updates is compatible with the new rpm features. but rpm from F-9 and RHEL4 and 5 can not handle the new rpm at all. you cannot make chroots on them with rawhide rpms. you could use koji on F-10/rawhide or F-9/RHEL5 by replacing the hosts rpm to build your packages. Dennis From trevor.jagoda at gmail.com Mon Mar 23 15:42:49 2009 From: trevor.jagoda at gmail.com (Trevor Jagoda) Date: Mon, 23 Mar 2009 11:42:49 -0400 Subject: Hello Message-ID: <5a2d44a90903230842u51fa939fi8cb58b8c1f783381@mail.gmail.com> Hello! I am a new prospect to the world of Fedora, and I'd like to help out in the infrastructure team. By day, I am an IT Administrator for a mid-sized manufacturing company, and am currently in the process of attaining a Bachelors Degree in Information Technology. Most of my experience thus far has been with Debian-based distributions, but that is still fairly light (I work for a windows-driven company, and have not had enough time to begin to change that). I would rank myself something above newbie, but certainly somewhere below intermediate. Additionally, I have the entire O'Reily library on Python, but I haven't yet had the time/motivation to start reading through it. I'm hoping that I'll find some projects here to encourage that process along! Hello again, to all! Trevor -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmcgrath at redhat.com Mon Mar 23 18:05:37 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 23 Mar 2009 13:05:37 -0500 (CDT) Subject: Hello In-Reply-To: <5a2d44a90903230842u51fa939fi8cb58b8c1f783381@mail.gmail.com> References: <5a2d44a90903230842u51fa939fi8cb58b8c1f783381@mail.gmail.com> Message-ID: On Mon, 23 Mar 2009, Trevor Jagoda wrote: > Hello! > > I am a new prospect to the world of Fedora, and I'd like to help out in the infrastructure team. > > By day, I am an IT Administrator for a mid-sized manufacturing company, and am currently in the process of attaining a > Bachelors Degree in Information Technology.? Most of my experience thus far has been with Debian-based distributions, but > that is still fairly light (I work for a windows-driven company, and have not had enough time to begin to change that).? > > I would rank myself something above newbie, but certainly somewhere below intermediate.? > > Additionally, I have the entire O'Reily library on Python, but I haven't yet had the time/motivation to start reading > through it.? I'm hoping that I'll find some projects here to encourage that process along! > > Hello again, to all!? > Hi Trevor! Welcome to the team, i see you're in #fedora-admin now and will talk to you there. -Mike From cralin at gmail.com Mon Mar 23 20:23:47 2009 From: cralin at gmail.com (cralin at gmail.com) Date: Mon, 23 Mar 2009 21:23:47 +0100 Subject: Introducing: Alin =?utf-8?b?Q3JlyJt1?= Message-ID: <1237839827.3911.19.camel@localhost.localdomain> Hello, I am snooping around to find some introduction documents or a presentation about procedures used by fedora infrastructure to operate/manages the servers in scope. Unfortunately I could not find any until now. Are there any such introduction documents ? If yes, could somebody actually point me to the right link/document ? It would be nice to have a look and get acquainted with the rules of the game before actually starting to play the game. ;) -------- Forwarded Message -------- > From: cralin at gmail.com > To: Fedora Infrastructure > Subject: Re: Introducing: Alin Cre?u > Date: Tue, 17 Mar 2009 23:23:20 +0100 > > > On Tue, 2009-03-17 at 08:24 -0500, Mike McGrath wrote: > > > Welcome Alin, was there a particular FIG you were interested in getting > > involved with? Feel free to stop by #fedora-admin on irc.freenode.net to > > say hello. > > > > -Mike > > _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list at redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > > > To be honest, at this moment I'm not really sure. > > I guess it's not really important for me to be part of one FIG or the > other as it is helping out whenever/wherever I can. > > Reading the descriptions of the FIGs I think I might be able to hep in > sysadmin, sysadmin-tools, sysadmin-backup and/or sysadmin-noc. However > the descriptions are somewhat short and it might take a while to get > used with the tools/procedures used in each FIG. > > Suggestions are always welcomed :) > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ranjithkannikara at gmail.com Tue Mar 24 01:34:40 2009 From: ranjithkannikara at gmail.com (ranjith kannikara) Date: Tue, 24 Mar 2009 07:04:40 +0530 Subject: Developer UI for PackageDB Message-ID: <20aa8c370903231834k521da689h5c2c8067e7e60961@mail.gmail.com> I name is Ranjith Babu Kannikara. I am a pre-final year student in govt.Engg College Thrissur, kerala(india). I have been learning c,python,and their APIs for quite good amount of time. And Java and Lisp as of now. I have little experience in working with some large code-base from the last year GSOC in which I have worked with the Zope Foundation in project 'Porting Zope2 to python2.5' . My GSOC proposal is for making the PackageDB Developer UI more flexible and friendly for the developers so that It wont waste the valuable time of the developer. The present Developer UI is outdated and needs serious changes and some additional options that will make it easy to handle the acls, within much lesser time and with much less effort. And it implemented by including more check boxes and buttons and by setting reminders for works to be done. The ideas are listed in detail in the wiki page https://fedorahosted.org/packagedb/wiki/NewDevUI The works to be done over the project have a flow like this.. * Aggregating the options that are to be there in the UI. * Arranging the options with check boxes and buttons instead of select boxes. :- ie arranging the options in rows and coloumns with each rows start with a user and the check boxes/buttons in the row contains the permissions that can be given to the user. :- if there is more choice of permissions for each user then checking itself will be annoying then there will be some extra coloumns( 2 or 3 ) of check boxes corresponding to each user like 'give full permissions' 'give minimal permissions' and a custom set . :- these boxes, as their names indicate, will automatically give checkings in a set of boxes the developer may define a custom set if he find himself giving a set of permissions together quite often. ( I can make a picture of how the UI will be like after the summer, and it will be easy for me if I could get the other options than 'Approve' and 'Awaiting for review' ) * After the list of the users a button to add new user can be given which will expand to a text box on click. And this check box will automatically search and match the text with the names in the list user as it is entered in the box. ( Implementing such a button and text box wont be difficult with javascript ). * Such a button can be provided for the co-maintainer/watcher or the button it will be enough to provide provisions in the first button it self to make the new user co-maintainer/watcher once a new user is added.( All these work belongs to the UI and it will not be difficult when each button are defined to perform the background works for these options assigned to them. * In the page, Toshio have given (https://admin.fedoraproject.org/ pkgdb/packages/name/python), we can see links to bug reports, package status etc. Another link named ' Active Requests' can be added there which will refer to a page that lists the active requests. The requests can also be arranged so that it can be handled within no time but this needs me to get an idea about the possible requests a developer can get. * As the requests are being listed it is easy to track what happens to the request and and if a request is being left unnoticed or in some state of waiting this track can be used to get the list of requests that needs sending remainders. ( Here i need some more help from some one else to generate the automatic reminders) * As our implementation of the new UI will be much like a new Interface with either the background or the existing page itself as background for the new UI. In such way of implementation it will be easy to show the respective EOL only and give options to switch in between them. Awaiting your reply Ranju -- http://www.ranjithkannikara.blogspot.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From nehal.dattani at gmail.com Tue Mar 24 09:22:41 2009 From: nehal.dattani at gmail.com (nehal dattani) Date: Tue, 24 Mar 2009 14:52:41 +0530 Subject: Participation in fedora infrastructure management Message-ID: <702a203e0903240222i6432a813tcf909409c475aef9@mail.gmail.com> Hello Everybody, I am member of fedora infrastructure group and fedora ambassadors for some time but was not able to contribute to infrastructure group actively. Now I want to be part of this team and want to contribute actively in infrastructure management. Presently I am working with a small company and managing few servers and desktops here. (We are using fedora on both desktop and server platforms.) I want somebody to help me and guide me about how can i contribute to the infrastructure management. Can anybody please help me? Regards, Nehal Dattani -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmcgrath at redhat.com Wed Mar 25 00:26:21 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 24 Mar 2009 19:26:21 -0500 (CDT) Subject: Participation in fedora infrastructure management In-Reply-To: <702a203e0903240222i6432a813tcf909409c475aef9@mail.gmail.com> References: <702a203e0903240222i6432a813tcf909409c475aef9@mail.gmail.com> Message-ID: On Tue, 24 Mar 2009, nehal dattani wrote: > Hello Everybody, > > I am member of fedora infrastructure group and fedora ambassadors for some time but was not able to contribute to > infrastructure group actively. Now I want to be part of this team and want to contribute actively in infrastructure > management. > Presently I am working with a small company and managing few servers and desktops here. (We are using fedora on both > desktop and server platforms.) > I want somebody to help me and guide me about how can i contribute to the infrastructure management. > > Can anybody please help me? > Welcome Nehal Dattani, You want to read our getting started page: http://fedoraproject.org/wiki/Infrastructure/GettingStarted -Mike From asgeirf at redhat.com Wed Mar 25 00:39:39 2009 From: asgeirf at redhat.com (Asgeir Frimannsson) Date: Tue, 24 Mar 2009 20:39:39 -0400 (EDT) Subject: Infrastructure freeze breakage request: Banner from DL linking to new Transifex In-Reply-To: <23995759.201237941025307.JavaMail.asgeirf@localhost.localdomain> Message-ID: <26878638.221237941576153.JavaMail.asgeirf@localhost.localdomain> Hi folks, Can I get an ack or two to commit a change in the Damned Lies CVS repository that adds a banner to the top of each page with the following content: These pages are served by Damned Lies. You can now use Transifex for all your translation needs, including viewing Translation Statistics, as well as downloading and committing translations. There might be better ways of saying this - but I'm not in creative-mode today, suggestions welcome :-) Patch follows below. cheers, asgeir Index: header.tmpl =================================================================== RCS file: /cvs/l10n/web/flpweb/templates/header.tmpl,v retrieving revision 1.24 diff -r1.24 header.tmpl 119d118 < From mmcgrath at redhat.com Wed Mar 25 00:54:03 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 24 Mar 2009 19:54:03 -0500 (CDT) Subject: Infrastructure freeze breakage request: Banner from DL linking to new Transifex In-Reply-To: <26878638.221237941576153.JavaMail.asgeirf@localhost.localdomain> References: <26878638.221237941576153.JavaMail.asgeirf@localhost.localdomain> Message-ID: On Tue, 24 Mar 2009, Asgeir Frimannsson wrote: > Hi folks, > > Can I get an ack or two to commit a change in the Damned Lies CVS repository that adds a banner to the top of each page with the following content: > > These pages are served by Damned Lies. You can now use Transifex for all your translation needs, including viewing Translation Statistics, as well as downloading and committing translations. > > There might be better ways of saying this - but I'm not in creative-mode today, suggestions welcome :-) > > Patch follows below. > +1 from me on the condition that the translation team know's its coming. I'd assumed they have started using tx but not being a translator I guess I don't know for sure :) -Mike From ricky at fedoraproject.org Wed Mar 25 00:57:24 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Tue, 24 Mar 2009 20:57:24 -0400 Subject: Infrastructure freeze breakage request: Banner from DL linking to new Transifex In-Reply-To: <26878638.221237941576153.JavaMail.asgeirf@localhost.localdomain> References: <23995759.201237941025307.JavaMail.asgeirf@localhost.localdomain> <26878638.221237941576153.JavaMail.asgeirf@localhost.localdomain> Message-ID: <20090325005724.GA11087@sphe.res.cmu.edu> On 2009-03-24 08:39:39 PM, Asgeir Frimannsson wrote: > Index: header.tmpl > =================================================================== > RCS file: /cvs/l10n/web/flpweb/templates/header.tmpl,v > retrieving revision 1.24 > diff -r1.24 header.tmpl > 119d118 > < +1, congratulations on the Transifex release! Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From indosoft at inbox.com Wed Mar 25 04:11:53 2009 From: indosoft at inbox.com (Indosoft) Date: Tue, 24 Mar 2009 20:11:53 -0800 Subject: Participation in fedora infrastructure management Message-ID: An HTML attachment was scrubbed... URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: A0000000.txt URL: From asgeirf at redhat.com Wed Mar 25 05:13:41 2009 From: asgeirf at redhat.com (Asgeir Frimannsson) Date: Wed, 25 Mar 2009 01:13:41 -0400 (EDT) Subject: Infrastructure freeze breakage request: Banner from DL linking to new Transifex In-Reply-To: Message-ID: <4995086.341237958017942.JavaMail.asgeirf@localhost.localdomain> ----- "Mike McGrath" wrote: > On Tue, 24 Mar 2009, Asgeir Frimannsson wrote: > > > Hi folks, > > > > Can I get an ack or two to commit a change in the Damned Lies CVS > repository that adds a banner to the top of each page with the > following content: > > > > These pages are served by Damned Lies. You can now use href="https://translate.fedoraproject.org/tx/">Transifex for all > your translation needs, including viewing Translation Statistics, as > well as downloading and committing translations. > > > > There might be better ways of saying this - but I'm not in > creative-mode today, suggestions welcome :-) > > > > Patch follows below. > > > > +1 from me on the condition that the translation team know's its > coming. > I'd assumed they have started using tx but not being a translator I > guess > I don't know for sure :) Thanks, all done now :-) Yes, the team should know this is coming by now. Having the banner on the page does make the transition a bit smoother when we finally move transifex from /tx/ to / after the freeze. cheers, asgeir From adrian at lisas.de Wed Mar 25 07:34:19 2009 From: adrian at lisas.de (Adrian Reber) Date: Wed, 25 Mar 2009 08:34:19 +0100 Subject: rsync errors on secondary Message-ID: <20090325073419.GD24724@lisas.de> I get rsync errors on secondary for the last couple of days: rsync: send_files failed to open "/updates/9/SRPMS/.kde-l10n-4.2.1-1.fc9.src.rpm.eGYiPW" (in fedora-secondary): Permission denied (13) Adrian From dimitris at glezos.com Wed Mar 25 10:39:39 2009 From: dimitris at glezos.com (Dimitris Glezos) Date: Wed, 25 Mar 2009 12:39:39 +0200 Subject: Infrastructure freeze breakage request: Banner from DL linking to new Transifex In-Reply-To: <4995086.341237958017942.JavaMail.asgeirf@localhost.localdomain> References: <4995086.341237958017942.JavaMail.asgeirf@localhost.localdomain> Message-ID: <6d4237680903250339jb6b3d0am55a9014cb74c7a96@mail.gmail.com> On Wed, Mar 25, 2009 at 7:13 AM, Asgeir Frimannsson wrote: > ----- "Mike McGrath" wrote: >> On Tue, 24 Mar 2009, Asgeir Frimannsson wrote: >> >> > Hi folks, >> > >> > Can I get an ack or two to commit a change in the Damned Lies CVS >> repository that adds a banner to the top of each page with the >> following content: >> > >> > These pages are served by Damned Lies. You can now use > href="https://translate.fedoraproject.org/tx/">Transifex for all >> your translation needs, including viewing Translation Statistics, as >> well as downloading and committing translations. >> > >> > There might be better ways of saying this - but I'm not in >> creative-mode today, suggestions welcome :-) >> > >> > Patch follows below. >> > >> >> +1 from me on the condition that the translation team know's its >> coming. >> I'd assumed they have started using tx but not being a translator I >> guess >> I don't know for sure :) > > Thanks, all done now :-) Yes, the team should know this is coming by now. Having the banner on the page does make the transition a bit smoother when we finally move transifex from /tx/ to / after the freeze. I've also hot-fixed such a banner in the old Tx instance at https://translate.fedoraproject.org/submit/ -d -- Dimitris Glezos Jabber ID: glezos at jabber.org, GPG: 0xA5A04C3B http://dimitris.glezos.com/ "He who gives up functionality for ease of use loses both and deserves neither." (Anonymous) -- From thinklinux.ssh at gmail.com Thu Mar 26 15:08:27 2009 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Thu, 26 Mar 2009 20:38:27 +0530 Subject: Please test our new calendering solutions. Message-ID: Hi, I am very happy to let you know that finally, fedora is going to have their much awaited calendering system. This is in response to infrastructure ticket #1197 opened a month ago. For testing purpose, I have tried out many solutions, but the two most suitable contenders are 1.Zikula 2.Citadel They are already on publictest15. Please refer to this[1] page,check them out, and put up your valuable comments. The links of the test instances along with username/passwd is on that page. With your help and feedbacks, we can move to production pretty soon. Thanks. [1] https://fedoraproject.org/wiki/Infrastructure/Test/Calendering_Solution -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= Sent from: Calcutta WB India. From simon at zikula.org Thu Mar 26 15:33:49 2009 From: simon at zikula.org (Simon Birtwistle) Date: Thu, 26 Mar 2009 15:33:49 -0000 Subject: Please test our new calendering solutions. In-Reply-To: References: Message-ID: <014d01c9ae28$43a6cea0$caf46be0$@org> > For testing purpose, I have tried out many solutions, but the two most > suitable contenders are > 1.Zikula > 2.Citadel I'm pleased that you're considering Zikula (I'm a member of the Zikula team for those who don't know). I notice the lack of an SMS module concerns you - but this should be simple to create depending on your required feature set. I'd be happy to either do it myself or get a community member to look into as it would be of general use to the Zikula community. Simon From herlo1 at gmail.com Thu Mar 26 16:11:09 2009 From: herlo1 at gmail.com (Clint Savage) Date: Thu, 26 Mar 2009 10:11:09 -0600 Subject: Please test our new calendering solutions. In-Reply-To: <014d01c9ae28$43a6cea0$caf46be0$@org> References: <014d01c9ae28$43a6cea0$caf46be0$@org> Message-ID: On Thu, Mar 26, 2009 at 9:33 AM, Simon Birtwistle wrote: >> For testing purpose, I have tried out many solutions, but the two most >> suitable contenders are >> 1.Zikula >> 2.Citadel > I'd like to throw in my previous email as a reference for this exact purpose. There was a long discussion[1] around which I already created a list of potential calendaring solutions[2]. Of which, we need to evaluate those as well since from what I can see, neither of these solutions allow me to update the calendar (my personal or a group calendar) with the caldav server type functionality. Maybe I missed that, but I think that's an integral part of the need for a calendaring solution IMO. if you follow the discussion held a while ago, the list suggested becomes more integral to the scheduling functionality needed in Fedora. I'm still under the impression that we should set up test servers for these other systems too as most (if not all) are FOSS as well and better fit the needs of a full calendaring free/busy type solution. Cheers, Clint 1 - https://www.redhat.com/archives/fedora-infrastructure-list/2009-February/msg00060.html 2 - https://fedoraproject.org/wiki/User:Herlo/Fedora_Calendar_Project_Desired_Features_%28Draft%29 From mmcgrath at redhat.com Thu Mar 26 16:56:29 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 26 Mar 2009 11:56:29 -0500 (CDT) Subject: Please test our new calendering solutions. In-Reply-To: References: <014d01c9ae28$43a6cea0$caf46be0$@org> Message-ID: On Thu, 26 Mar 2009, Clint Savage wrote: > On Thu, Mar 26, 2009 at 9:33 AM, Simon Birtwistle wrote: > >> For testing purpose, I have tried out many solutions, but the two most > >> suitable contenders are > >> 1.Zikula > >> 2.Citadel > > > > I'd like to throw in my previous email as a reference for this exact > purpose. There was a long discussion[1] around which I already > created a list of potential calendaring solutions[2]. Of which, we > need to evaluate those as well since from what I can see, neither of > these solutions allow me to update the calendar (my personal or a > group calendar) with the caldav server type functionality. Maybe I > missed that, but I think that's an integral part of the need for a > calendaring solution IMO. if you follow the discussion held a while > ago, the list suggested becomes more integral to the scheduling > functionality needed in Fedora. > > I'm still under the impression that we should set up test servers for > these other systems too as most (if not all) are FOSS as well and > better fit the needs of a full calendaring free/busy type solution. > > Cheers, > > Clint > > 1 - https://www.redhat.com/archives/fedora-infrastructure-list/2009-February/msg00060.html > 2 - https://fedoraproject.org/wiki/User:Herlo/Fedora_Calendar_Project_Desired_Features_%28Draft%29 > If you've got time to set some up we'd be happy to work with you on it, some of the projects we looked at got dropped for various reasons. SOGo requires ldap which we don't have, Bedework requires sun's java so it got dropped. If you had other specific ones you wanted us to look at please do update the ticket - https://fedorahosted.org/fedora-infrastructure/ticket/1197 I've never looked for FOSS calendar solutions, I don't think susmit has either so we're just googling and looking around for solutions that might work. susmit's done a great job of getting some of these up, I'm sure he can get others up too. -Mike From herlo1 at gmail.com Thu Mar 26 17:10:48 2009 From: herlo1 at gmail.com (Clint Savage) Date: Thu, 26 Mar 2009 11:10:48 -0600 Subject: Please test our new calendering solutions. In-Reply-To: References: <014d01c9ae28$43a6cea0$caf46be0$@org> Message-ID: On Thu, Mar 26, 2009 at 10:56 AM, Mike McGrath wrote: > On Thu, 26 Mar 2009, Clint Savage wrote: > >> On Thu, Mar 26, 2009 at 9:33 AM, Simon Birtwistle wrote: >> >> For testing purpose, I have tried out many solutions, but the two most >> >> suitable contenders are >> >> 1.Zikula >> >> 2.Citadel >> > >> >> I'd like to throw in my previous email as a reference for this exact >> purpose. ?There was a long discussion[1] around which I already >> created a list of potential calendaring solutions[2]. ?Of which, we >> need to evaluate those as well since from what I can see, neither of >> these solutions allow me to update the calendar (my personal or a >> group calendar) with the caldav server type functionality. ?Maybe I >> missed that, but I think that's an integral part of the need for a >> calendaring solution IMO. ?if you follow the discussion held a while >> ago, the list suggested becomes more integral to the scheduling >> functionality needed in Fedora. >> >> I'm still under the impression that we should set up test servers for >> these other systems too as most (if not all) are FOSS as well and >> better fit the needs of a full calendaring free/busy type solution. >> >> Cheers, >> >> Clint >> >> 1 - https://www.redhat.com/archives/fedora-infrastructure-list/2009-February/msg00060.html >> 2 - https://fedoraproject.org/wiki/User:Herlo/Fedora_Calendar_Project_Desired_Features_%28Draft%29 >> > > If you've got time to set some up we'd be happy to work with you on it, > some of the projects we looked at got dropped for various reasons. ?SOGo > requires ldap which we don't have, Bedework requires sun's java so it got > dropped. ?If you had other specific ones you wanted us to look at please > do update the ticket - > > https://fedorahosted.org/fedora-infrastructure/ticket/1197 > > I've never looked for FOSS calendar solutions, I don't think susmit has > either so we're just googling and looking around for solutions that might > work. ?susmit's done a great job of getting some of these up, I'm sure he > can get others up too. > > ? ? ? ?-Mike I'm completely happy to help, do I just need to put in an RFR to get started? I'll set them up and make them available for testing as quickly as I can once I get the resources. Clint From mmcgrath at redhat.com Thu Mar 26 18:04:51 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 26 Mar 2009 13:04:51 -0500 (CDT) Subject: Please test our new calendering solutions. In-Reply-To: References: <014d01c9ae28$43a6cea0$caf46be0$@org> Message-ID: On Thu, 26 Mar 2009, Clint Savage wrote: > On Thu, Mar 26, 2009 at 10:56 AM, Mike McGrath wrote: > > On Thu, 26 Mar 2009, Clint Savage wrote: > > > >> On Thu, Mar 26, 2009 at 9:33 AM, Simon Birtwistle wrote: > >> >> For testing purpose, I have tried out many solutions, but the two most > >> >> suitable contenders are > >> >> 1.Zikula > >> >> 2.Citadel > >> > > >> > >> I'd like to throw in my previous email as a reference for this exact > >> purpose. ?There was a long discussion[1] around which I already > >> created a list of potential calendaring solutions[2]. ?Of which, we > >> need to evaluate those as well since from what I can see, neither of > >> these solutions allow me to update the calendar (my personal or a > >> group calendar) with the caldav server type functionality. ?Maybe I > >> missed that, but I think that's an integral part of the need for a > >> calendaring solution IMO. ?if you follow the discussion held a while > >> ago, the list suggested becomes more integral to the scheduling > >> functionality needed in Fedora. > >> > >> I'm still under the impression that we should set up test servers for > >> these other systems too as most (if not all) are FOSS as well and > >> better fit the needs of a full calendaring free/busy type solution. > >> > >> Cheers, > >> > >> Clint > >> > >> 1 - https://www.redhat.com/archives/fedora-infrastructure-list/2009-February/msg00060.html > >> 2 - https://fedoraproject.org/wiki/User:Herlo/Fedora_Calendar_Project_Desired_Features_%28Draft%29 > >> > > > > If you've got time to set some up we'd be happy to work with you on it, > > some of the projects we looked at got dropped for various reasons. ?SOGo > > requires ldap which we don't have, Bedework requires sun's java so it got > > dropped. ?If you had other specific ones you wanted us to look at please > > do update the ticket - > > > > https://fedorahosted.org/fedora-infrastructure/ticket/1197 > > > > I've never looked for FOSS calendar solutions, I don't think susmit has > > either so we're just googling and looking around for solutions that might > > work. ?susmit's done a great job of getting some of these up, I'm sure he > > can get others up too. > > > > ? ? ? ?-Mike > > I'm completely happy to help, do I just need to put in an RFR to get > started? I'll set them up and make them available for testing as > quickly as I can once I get the resources. > > Clint > Naw, the RFR is only for projects themselves and this one (mostly) has been approved. Just request sysadmin-test access and work with susmit on the same server he's been on. I'll sponsor the test access and you'll have an account within an hour. -Mike From herlo1 at gmail.com Thu Mar 26 18:26:56 2009 From: herlo1 at gmail.com (Clint Savage) Date: Thu, 26 Mar 2009 12:26:56 -0600 Subject: Please test our new calendering solutions. In-Reply-To: References: <014d01c9ae28$43a6cea0$caf46be0$@org> Message-ID: 2009/3/26 Mike McGrath : > On Thu, 26 Mar 2009, Clint Savage wrote: > >> On Thu, Mar 26, 2009 at 10:56 AM, Mike McGrath wrote: >> > On Thu, 26 Mar 2009, Clint Savage wrote: >> > >> >> On Thu, Mar 26, 2009 at 9:33 AM, Simon Birtwistle wrote: >> >> >> For testing purpose, I have tried out many solutions, but the two most >> >> >> suitable contenders are >> >> >> 1.Zikula >> >> >> 2.Citadel >> >> > >> >> >> >> I'd like to throw in my previous email as a reference for this exact >> >> purpose. ?There was a long discussion[1] around which I already >> >> created a list of potential calendaring solutions[2]. ?Of which, we >> >> need to evaluate those as well since from what I can see, neither of >> >> these solutions allow me to update the calendar (my personal or a >> >> group calendar) with the caldav server type functionality. ?Maybe I >> >> missed that, but I think that's an integral part of the need for a >> >> calendaring solution IMO. ?if you follow the discussion held a while >> >> ago, the list suggested becomes more integral to the scheduling >> >> functionality needed in Fedora. >> >> >> >> I'm still under the impression that we should set up test servers for >> >> these other systems too as most (if not all) are FOSS as well and >> >> better fit the needs of a full calendaring free/busy type solution. >> >> >> >> Cheers, >> >> >> >> Clint >> >> >> >> 1 - https://www.redhat.com/archives/fedora-infrastructure-list/2009-February/msg00060.html >> >> 2 - https://fedoraproject.org/wiki/User:Herlo/Fedora_Calendar_Project_Desired_Features_%28Draft%29 >> >> >> > >> > If you've got time to set some up we'd be happy to work with you on it, >> > some of the projects we looked at got dropped for various reasons. ?SOGo >> > requires ldap which we don't have, Bedework requires sun's java so it got >> > dropped. ?If you had other specific ones you wanted us to look at please >> > do update the ticket - >> > >> > https://fedorahosted.org/fedora-infrastructure/ticket/1197 >> > >> > I've never looked for FOSS calendar solutions, I don't think susmit has >> > either so we're just googling and looking around for solutions that might >> > work. ?susmit's done a great job of getting some of these up, I'm sure he >> > can get others up too. >> > >> > ? ? ? ?-Mike >> >> I'm completely happy to help, do I just need to put in an RFR to get >> started? ?I'll set them up and make them available for testing as >> quickly as I can once I get the resources. >> >> Clint >> > > Naw, the RFR is only for projects themselves and this one (mostly) has > been approved. ?Just request sysadmin-test access and work with susmit on > the same server he's been on. ?I'll sponsor the test access and you'll > have an account within an hour. > Yeah, I thought so, but I had to check, I've already applied for that group. Thanks Mike. Susmit, come find me in IRC (herlo) or send me a private email so I can help set up these other systems. Cheers Clint From thinklinux.ssh at gmail.com Thu Mar 26 19:04:04 2009 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Fri, 27 Mar 2009 00:34:04 +0530 Subject: Please test our new calendering solutions. In-Reply-To: References: <014d01c9ae28$43a6cea0$caf46be0$@org> Message-ID: > Yeah, I thought so, but I had to check, I've already applied for that > group. ? Thanks Mike. > > Susmit, come find me in IRC (herlo) or send me a private email so I > can help set up these other systems. Letting us know what else are the packages you find appropriate. Then we can share those among you and me and set them up quickly. I want to push this. I just had a mail from Adam , he said "I will start putting QA events into the test systems and we'll see how that goes." -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= Sent from Calcutta, WB, India From thinklinux.ssh at gmail.com Thu Mar 26 20:09:15 2009 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Fri, 27 Mar 2009 01:39:15 +0530 Subject: Please test our new calendering solutions. In-Reply-To: <014d01c9ae28$43a6cea0$caf46be0$@org> References: <014d01c9ae28$43a6cea0$caf46be0$@org> Message-ID: > I'm pleased that you're considering Zikula (I'm a member of the Zikula team for those who don't know). ?I notice the lack of an SMS module concerns you - but this should be simple to create depending on your required feature set. ?I'd be happy to either do it myself or get a community member to look into as it would be of general use to the Zikula community. Also a caldav module...do you have any? I find an exsisting ticket at http://code.zikula.org/crpcalendar/ticket/54 Any update on it? -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= Sent from Calcutta, WB, India From laxathom at fedoraproject.org Thu Mar 26 22:35:44 2009 From: laxathom at fedoraproject.org (Xavier Lamien) Date: Thu, 26 Mar 2009 23:35:44 +0100 Subject: Meeting Log 2009-03-26 Message-ID: <62bc09df0903261535t14e8415eua9f877646d712631@mail.gmail.com> Here is the meeting log of this week. Also attached an html formatted's ----------- 15:07 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Who's here? 15:07 * skvidal is 15:08 * jds2001 is in the cheap seats 15:08 < ggruener> ping 15:08 -!- mdomsch [n=Matt_Dom at cpe-70-124-62-55.austin.res.rr.com] has joined #fedora-meeting 15:08 < mmcgrath> k, lets get started 15:08 * SmootherFrOgZ is 15:08 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Tickets 15:08 < mdomsch> yo 15:09 < mmcgrath> .tiny https://fedorahosted.org/fedora-infrastructure/query?status=new&status=assigned&status=reopened&group=milestone&keywords=~Meeting&order=priority 15:09 < zodbot> mmcgrath: http://tinyurl.com/47e37y 15:09 < mmcgrath> .ticket 1203 15:09 < dgilmore> sup yall 15:09 < zodbot> mmcgrath: #1203 (RFR: x86_64 host for composing spins) - Fedora Infrastructure - Trac - https://fedorahosted.org/fedora-infrastructure/ticket/1203 15:09 < mmcgrath> This one's still blocking on me, I'm working with one of the virt guys to figure out what's going on. 15:09 < mmcgrath> it's certainly a bug of somekind 15:09 < mmcgrath> So nothing new there 15:10 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Beta Release Tickets 15:10 < mmcgrath> https://fedorahosted.org/fedora-infrastructure/report/9 15:10 < skvidal> jds2001: there are expensive seats? 15:10 < mmcgrath> Everything here is still good from last week, just been delayed 15:10 -!- bpepple|lt [n=bpepple|@adsl-69-214-168-154.dsl.wotnoh.ameritech.net] has quit ["Ex-Chat"] 15:11 < mmcgrath> Right now we're scheduled to do a beta release on the 31st. 15:11 < mmcgrath> f13: that still the case? 15:12 * mmcgrath will assume it is unless he hears otherwise. 15:12 < mmcgrath> So that's it on that 15:12 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Calendar system 15:12 < mmcgrath> Did everyone here the email susmit sent out today? 15:12 < jds2001> no, but i saw it :) 15:12 < skvidal> heh 15:12 < dgilmore> I did 15:12 < mmcgrath> read it 15:12 < dgilmore> te3xt to speech in all its robotic goodness 15:13 < mmcgrath> my fingers can't keep up with my brain anymore, and it seems to be a UDP communication 15:13 < dgilmore> mmcgrath: my main question is how hard will it be to setup that desktop calandering apps can manage 15:13 < mmcgrath> herlo: you around? 15:14 < mmcgrath> dgilmore: no idea 15:15 < mmcgrath> we'll have to see what herlo and susmit come up with. 15:15 < mmcgrath> I'm not even sure what's available and stuff. 15:15 < mmcgrath> seems they're not really around though so we can move on. 15:15 < mmcgrath> anyone have any questions or comments more on the calendar stuff? susmit's not here so it's probably best to take it to the list anyway. 15:16 < dgilmore> take it to the list 15:16 < mmcgrath> cool 15:16 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Cloud Stuff 15:16 < mmcgrath> SmootherFrOgZ: you around? 15:16 < SmootherFrOgZ> yep 15:17 < mmcgrath> sweet 15:17 < mmcgrath> so the hardware finally has network. 15:17 < mmcgrath> as of yesterday 15:17 < mmcgrath> so woot. 15:17 < mmcgrath> I'm going through and getting the RSAII cards fixed up, next is going to be getting the sysadmin-cloud (or whatever that group was) on those hosts. 15:17 < mmcgrath> SmootherFrOgZ: have you seen the latest ovirt release? 15:18 < mmcgrath> 0.97 is out, but it's not obvious from the ovirt.org website, it's just up in their ovirt repo 15:18 < mmcgrath> http://ovirt.org/repos/ovirt/10/x86_64/ 15:18 < SmootherFrOgZ> yeah, i plan to give it a shot this week-end 15:18 < SmootherFrOgZ> and rebuild it for rhel 15:19 < jds2001> why rebuild for rhel? 15:19 < mmcgrath> SmootherFrOgZ: excellent, mind moving the cloud wiki page under Infrastructure/ some place? And I'll get the IP information in there soon. 15:19 < jds2001> these machines run fedora, no? 15:19 < jds2001> or am I missing info again? :D 15:19 < mmcgrath> jds2001: they actually will run Fedora, the nodes anyway 15:19 < SmootherFrOgZ> i don't 15:19 < mmcgrath> :) 15:20 < mmcgrath> So things are going ok there. 15:20 < mmcgrath> We continue to have some... less then easy to work with network restrictions. 15:20 < mmcgrath> for example outbound ntp is currently blocked. 15:20 < mmcgrath> but we're working with the network team to figure out what all to do about that. 15:20 < SmootherFrOgZ> so, will we keep fedora for those boxes ? 15:21 < jds2001> sync'ing time is dangerous stuff you know! 15:21 < mmcgrath> SmootherFrOgZ: probably, that's what their devs are using. 15:22 < SmootherFrOgZ> k. 15:23 < mmcgrath> Anyone have any other questions on that? 15:24 < mmcgrath> k 15:24 < mmcgrath> well with that 15:24 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Open Floor 15:26 < mmcgrath> anyone have anything to discuss? 15:26 < wwoods> a quick question: the current implementation of DebuginfoFS requires >200GB disk and a davfs server. 15:27 < mmcgrath> :) things have gotten quiet. 15:27 < wwoods> is that a ridiculous amount of disk to request in an RFR? 15:27 < mmcgrath> wwoods: you can request whatever you want, not sure we'll be able to accomidate it (at least not without ordering new hardware) 15:27 < mmcgrath> but ask for whatever you think you'll need and we'll see what we can do. 15:28 -!- neverho0d [n=psv at vpn-pool-78-139-211-211.tomtel.ru] has quit [Read error: 110 (Connection timed out)] 15:28 < jds2001> oh 15:28 < jds2001> if anyone has leads - http://newyork.craigslist.org/brk/hou/1093260152.html :D 15:28 < mmcgrath> wwoods: it gets easier if that 200G doesn't need to be highly available / redundant. 15:28 < mmcgrath> jds2001: heh 15:28 < wwoods> heh. I'm just trying to figure out whether to follow the "get new hardware" path or the "write code so we can just export the files from the RPMs" one 15:29 < mmcgrath> :) 15:29 < mmcgrath> wwoods: go ahead and create the ticket and we can discuss it more. 15:29 < wwoods> they're just unpacked debuginfo RPMs - don't need backups or real HA/redundancy 15:29 < wwoods> fair 'nuff 15:30 < skvidal> jds2001: move out of ny? 15:30 < jds2001> skvidal: more like move *to* ny :) 15:30 < jds2001> i live across the river in jersey now. 15:30 < mmcgrath> jds2001: Well good luck with that. 15:31 < mmcgrath> :) 15:31 < mmcgrath> Anyone have anything else? If not we can close the meeting early. 15:31 < mmcgrath> lots of stuff is on hold from the change freeze :-/ 15:31 < SmootherFrOgZ> just one 15:31 * mdomsch has a MM update pending thaw 15:31 < SmootherFrOgZ> do you guys know what do i need to help luke on getting epel works with bodhi ? 15:32 < SmootherFrOgZ> i'd like to help him and get things done asap 15:32 < mmcgrath> SmootherFrOgZ: I'm not actually sure, We basically have to duplicate (or hopefully simplify a bit) what releng is doing right now 15:32 < mmcgrath> which will mean we need another signing server for epel. 15:32 < mmcgrath> I can do that part. 15:32 < mmcgrath> But as for the coding side of thigns? I'm not sure. 15:32 < mmcgrath> SmootherFrOgZ: I know you use koji at work, is that still true? 15:33 < SmootherFrOgZ> yeah i know for this part but, bodhi need some code update that i can do :) 15:33 < SmootherFrOgZ> mmcgrath: correct 15:33 < mmcgrath> Do you use bodhi too? 15:33 < dgilmore> SmootherFrOgZ: he updated the ticket 15:33 < SmootherFrOgZ> yeah, just in pre-prod for now (i plan to add it to rpmfusion) 15:33 < mmcgrath> dgilmore: which ticket is it? 15:33 * mmcgrath hasn't looked at it in a bit. 15:34 < SmootherFrOgZ> dgilmore: execellent i'll have a look in a couple of minutes 15:34 < mmcgrath> Cool, anyone have anything else? 15:34 < mmcgrath> If not we'll close in 30 15:35 < mmcgrath> 10 15:35 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Meeting Closed 15:35 < mmcgrath> Thanks for coming everyone! -- Xavier.t Lamien -- http://fedoraproject.org/wiki/XavierLamien GPG-Key ID: F3903DEB Fingerprint: 0F2A 7A17 0F1B 82EE FCBF 1F51 76B7 A28D F390 3DEB -------------- next part -------------- An HTML attachment was scrubbed... URL: From stickster at gmail.com Fri Mar 27 00:59:35 2009 From: stickster at gmail.com (Paul W. Frields) Date: Thu, 26 Mar 2009 20:59:35 -0400 Subject: vBulletin experience? Message-ID: <20090327005935.GA19677@localhost.localdomain> Hello all you brawny bosses of bare metal, Is there anyone on the Infrastructure team looking for a side project to help the at-large Fedora user community? The Fedora Forum (http://fedoraforum.org) is looking for additional administrator help. The Fedora Forum is the unofficial help forum site for Fedora and has been helping the community for almost 5 years. To be involved, you would probably need to: * have experience with vBulletin administration * have knoweldge of, and skills in, general system administration theory and practice * build a trust relationship with the community admins already on the job through friendly, helpful discussion and action If you're interested, please get in touch with me and I'd be happy to make introductions if needed. -- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From affix at FedoraProject.org Fri Mar 27 01:30:40 2009 From: affix at FedoraProject.org (Keiran Smith) Date: Fri, 27 Mar 2009 01:30:40 +0000 Subject: vBulletin experience? In-Reply-To: <20090327005935.GA19677@localhost.localdomain> References: <20090327005935.GA19677@localhost.localdomain> Message-ID: Hi Paul, I have alot of experience with vBulletin and I run a 133,000 member forum currently. I will be more than happy to help you out. 2009/3/27 Paul W. Frields > Hello all you brawny bosses of bare metal, > > Is there anyone on the Infrastructure team looking for a side project > to help the at-large Fedora user community? The Fedora Forum > (http://fedoraforum.org) is looking for additional administrator help. > The Fedora Forum is the unofficial help forum site for Fedora and has > been helping the community for almost 5 years. To be involved, you > would probably need to: > > * have experience with vBulletin administration > > * have knoweldge of, and skills in, general system administration > theory and practice > > * build a trust relationship with the community admins already on the > job through friendly, helpful discussion and action > > If you're interested, please get in touch with me and I'd be happy to > make introductions if needed. > > -- > Paul W. Frields http://paul.frields.org/ > gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 > http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ > irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > -- Keiran Smith - Fedora Ambassador / BugZapper - - Free Software Foundation Associate - -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmcgrath at redhat.com Fri Mar 27 02:57:29 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 26 Mar 2009 21:57:29 -0500 (CDT) Subject: Pycon people Message-ID: Just a heads up, many of the Infrastructure Team members (including myself) will be at pycon (http://us.pycon.org/) so our online availability will be scarce. -Mike From angel at linux.org.bd Fri Mar 27 03:28:31 2009 From: angel at linux.org.bd (Ashiqur Rahman Angel) Date: Fri, 27 Mar 2009 09:28:31 +0600 Subject: vBulletin experience? In-Reply-To: <20090327005935.GA19677@localhost.localdomain> References: <20090327005935.GA19677@localhost.localdomain> Message-ID: Hi Paul, I was looking for a job on the Fedora Infrastructure team. And looks like, my experience is valuable here. I myself currently running a vBulletin forum. And did this job, lots of time. I?ll be happy to help you. 2009/3/27 Paul W. Frields > Hello all you brawny bosses of bare metal, > > Is there anyone on the Infrastructure team looking for a side project > to help the at-large Fedora user community? The Fedora Forum > (http://fedoraforum.org) is looking for additional administrator help. > The Fedora Forum is the unofficial help forum site for Fedora and has > been helping the community for almost 5 years. To be involved, you > would probably need to: > > * have experience with vBulletin administration > > * have knoweldge of, and skills in, general system administration > theory and practice > > * build a trust relationship with the community admins already on the > job through friendly, helpful discussion and action > > If you're interested, please get in touch with me and I'd be happy to > make introductions if needed. > > -- > Paul W. Frields http://paul.frields.org/ > gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 > http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ > irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > -- Angel http://fedoraproject.org/wiki/User:Angel 0DF8 3CD4 AFE3 68C6 2CDA 9F17 14B8 1A15 E5F7 73C2 Fedora -- Freedom? and rapid innovation -------------- next part -------------- An HTML attachment was scrubbed... URL: From smooge at gmail.com Fri Mar 27 03:31:32 2009 From: smooge at gmail.com (Stephen John Smoogen) Date: Thu, 26 Mar 2009 21:31:32 -0600 Subject: Pycon people In-Reply-To: References: Message-ID: <80d7e4090903262031n5c2b47a5t2aa2d4743bcf1c8f@mail.gmail.com> On Thu, Mar 26, 2009 at 8:57 PM, Mike McGrath wrote: > Just a heads up, many of the Infrastructure Team members (including > myself) will be at pycon (http://us.pycon.org/) so our online availability > will be scarce. > Who are the backups in case of emergency. I can probably work out some time off if you need it. -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" From draciron at gmail.com Fri Mar 27 04:28:50 2009 From: draciron at gmail.com (Dan Smith) Date: Thu, 26 Mar 2009 23:28:50 -0500 Subject: vBulletin experience? In-Reply-To: <20090327005935.GA19677@localhost.localdomain> References: <20090327005935.GA19677@localhost.localdomain> Message-ID: I've done a bit of vBulliten work, set it up more than a few times and been an admin a time or two. A bit rusty, been a few years. I'd be happy to help out with things. 2009/3/26 Paul W. Frields : > Hello all you brawny bosses of bare metal, > > Is there anyone on the Infrastructure team looking for a side project > to help the at-large Fedora user community? The Fedora Forum > (http://fedoraforum.org) is looking for additional administrator help. > The Fedora Forum is the unofficial help forum site for Fedora and has > been helping the community for almost 5 years. To be involved, you > would probably need to: > > * have experience with vBulletin administration > > * have knoweldge of, and skills in, general system administration > theory and practice > > * build a trust relationship with the community admins already on the > job through friendly, helpful discussion and action > > If you're interested, please get in touch with me and I'd be happy to > make introductions if needed. > > -- > Paul W. Frields http://paul.frields.org/ > gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 > http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ > irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > From skvidal at fedoraproject.org Fri Mar 27 04:29:54 2009 From: skvidal at fedoraproject.org (Seth Vidal) Date: Fri, 27 Mar 2009 00:29:54 -0400 (EDT) Subject: Pycon people In-Reply-To: <80d7e4090903262031n5c2b47a5t2aa2d4743bcf1c8f@mail.gmail.com> References: <80d7e4090903262031n5c2b47a5t2aa2d4743bcf1c8f@mail.gmail.com> Message-ID: On Thu, 26 Mar 2009, Stephen John Smoogen wrote: > On Thu, Mar 26, 2009 at 8:57 PM, Mike McGrath wrote: >> Just a heads up, many of the Infrastructure Team members (including >> myself) will be at pycon (http://us.pycon.org/) so our online availability >> will be scarce. >> > > Who are the backups in case of emergency. I can probably work out some > time off if you need it. I'm here and around and I get the pages. -sv From nigjones at redhat.com Fri Mar 27 05:04:39 2009 From: nigjones at redhat.com (Nigel Jones) Date: Fri, 27 Mar 2009 01:04:39 -0400 (EDT) Subject: Pycon people In-Reply-To: <932684.121238130149282.JavaMail.nigjones@njones.bne.redhat.com> Message-ID: <19415050.141238130265161.JavaMail.nigjones@njones.bne.redhat.com> I'll be around from basically 8am to "Very Late" (anything up to 1 or 2 am) AEST (UTC+10). I don't get pages but I have contact details in the sysadmin repo store (http://fedoraproject.org/wiki/Sysadmin-only_shared_filesystem_Infrastructure_SOP) (I'll also set my Work Phone to 'follow me' just in case). - Nigel ----- "Stephen John Smoogen" wrote: > On Thu, Mar 26, 2009 at 8:57 PM, Mike McGrath > wrote: > > Just a heads up, many of the Infrastructure Team members (including > > myself) will be at pycon (http://us.pycon.org/) so our online > availability > > will be scarce. > > > > Who are the backups in case of emergency. I can probably work out > some > time off if you need it. > > > > -- > Stephen J Smoogen. -- BSD/GNU/Linux > How far that little candle throws his beams! So shines a good deed > in a naughty world. = Shakespeare. "The Merchant of Venice" > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list From ricky at fedoraproject.org Fri Mar 27 05:08:05 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Fri, 27 Mar 2009 01:08:05 -0400 Subject: Pycon people In-Reply-To: <80d7e4090903262031n5c2b47a5t2aa2d4743bcf1c8f@mail.gmail.com> References: <80d7e4090903262031n5c2b47a5t2aa2d4743bcf1c8f@mail.gmail.com> Message-ID: <20090327050805.GA5439@sphe.res.cmu.edu> On 2009-03-26 09:31:32 PM, Stephen John Smoogen wrote: > Who are the backups in case of emergency. I can probably work out some > time off if you need it. I'll be around as well. Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From thinklinux.ssh at gmail.com Fri Mar 27 05:34:09 2009 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Fri, 27 Mar 2009 11:04:09 +0530 Subject: Please test our new calendering solutions. In-Reply-To: References: <014d01c9ae28$43a6cea0$caf46be0$@org> Message-ID: > > I'd like to throw in my previous email as a reference for this exact > purpose. ?There was a long discussion[1] around which I already > created a list of potential calendaring solutions[2]. > 2 - https://fedoraproject.org/wiki/User:Herlo/Fedora_Calendar_Project_Desired_Features_%28Draft%29 I am very sorry to let you know that I have tried out almost all the solutions that you mentioned in that page. For details please refer to ticket 1197 1.http://trac.calendarserver.org/ (Apache v2.0) : No Web based GUI. 2 Bongo Project - http://bongo-project.org/Main_Page (formerly Hula) (GPLv2): Alpha, in their own terms, not suitable for production. 3. Bedework - http://www.bedework.org/bedework/ (BSD License): Requires sun JAVA. 4. DAViCal - http://rscds.sourceforge.net/ (GPLv2): Need stand alone clients, no web based frontend!! 5. Zikula - http://zikula.org/ [A CMS being packaged by Docs, has some calendaring support] (GPLv2+) : Candidate 6. Chandler Project - http://chandlerproject.org/ (Apache v2.0): Will try out today. 7. OpenGroupWare - http://www.opengroupware.org/ (GPL or LGPL): Too messy. 8. Citadel : Candidate Do we have any licensing issues with Zimbra? Or is CalDev is available on the community version of Zimbra? If not we can give a go. -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= Sent from Calcutta, WB, India From mmcgrath at redhat.com Fri Mar 27 12:49:51 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 27 Mar 2009 07:49:51 -0500 (CDT) Subject: Building fedora guest on RHEL5.3 Message-ID: FYI, if you've been following our little "Buidling Fedora 9 or later on a RHEL5.3 host" issues, I think we've figured it out: https://bugzilla.redhat.com/show_bug.cgi?id=492523 I'll test turning the NX flag on soon. -Mike From herlo1 at gmail.com Fri Mar 27 14:36:08 2009 From: herlo1 at gmail.com (Clint Savage) Date: Fri, 27 Mar 2009 08:36:08 -0600 Subject: Please test our new calendering solutions. In-Reply-To: References: <014d01c9ae28$43a6cea0$caf46be0$@org> Message-ID: On Thu, Mar 26, 2009 at 11:34 PM, susmit shannigrahi wrote: >> >> I'd like to throw in my previous email as a reference for this exact >> purpose. ?There was a long discussion[1] around which I already >> created a list of potential calendaring solutions[2]. > >> 2 - https://fedoraproject.org/wiki/User:Herlo/Fedora_Calendar_Project_Desired_Features_%28Draft%29 > > I am very sorry to let you know that I have tried out almost all the > solutions that you mentioned in that page. > For details please refer to ticket 1197 > > 1.http://trac.calendarserver.org/ (Apache v2.0) : ?No Web based GUI. > 2 Bongo Project - http://bongo-project.org/Main_Page (formerly Hula) > (GPLv2): Alpha, in their own terms, not suitable for production. > 3. Bedework - http://www.bedework.org/bedework/ (BSD License): > Requires sun JAVA. > 4. DAViCal - http://rscds.sourceforge.net/ (GPLv2): Need stand alone > clients, no web based frontend!! > > 5. Zikula - http://zikula.org/ [A CMS being packaged by Docs, has some > calendaring support] (GPLv2+) : Candidate > 6. Chandler Project - http://chandlerproject.org/ (Apache v2.0): Will > try out today. > > 7. OpenGroupWare - http://www.opengroupware.org/ (GPL or LGPL): Too messy. > > 8. Citadel : Candidate > > > Do we have any licensing issues with Zimbra? Or is CalDev is available > on the community version of Zimbra? If not we can give a go. > Susmit, with regards, I didn't understand that a GUI was an *absolute* requirement. I don't see any list on the page you mentioned of features or requirements. The story as I understand it was, install opengroupware. In our email discussions previously, I found that many people were interested in a 'Google Calendar' like project that could be used across many different applications. The general idea I have seen is that it should have both a web interface and a CalDav/iCal interface. Cheers, Clint From thinklinux.ssh at gmail.com Fri Mar 27 14:41:30 2009 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Fri, 27 Mar 2009 20:11:30 +0530 Subject: Please test our new calendering solutions. In-Reply-To: References: <014d01c9ae28$43a6cea0$caf46be0$@org> Message-ID: > Susmit, > > with regards, I didn't understand that a GUI was an *absolute* > requirement. By Web based GUI I meant web interface. :) Sorry for bad choice of words. >In our email discussions previously, I found that many > people were interested in a 'Google Calendar' like project that could > be used across many different applications. ?The general idea I have > seen is that it should have both a web interface and a CalDav/iCal > interface. This is exactly we are desperately trying to find out, but there is no clear winner so far... Some don't have web interface, some don't have caldev support!!!! -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= Sent from: Calcutta WB India. From herlo1 at gmail.com Fri Mar 27 14:54:13 2009 From: herlo1 at gmail.com (Clint Savage) Date: Fri, 27 Mar 2009 08:54:13 -0600 Subject: Please test our new calendering solutions. In-Reply-To: References: <014d01c9ae28$43a6cea0$caf46be0$@org> Message-ID: On Fri, Mar 27, 2009 at 8:41 AM, susmit shannigrahi wrote: >> Susmit, >> >> with regards, I didn't understand that a GUI was an *absolute* >> requirement. > By Web based GUI I meant web interface. :) > Sorry for bad choice of words. Oh, I understood that. :) >>In our email discussions previously, I found that many >> people were interested in a 'Google Calendar' like project that could >> be used across many different applications. ?The general idea I have >> seen is that it should have both a web interface and a CalDav/iCal >> interface. > > This is exactly we are desperately trying to find out, but there is no > clear winner so far... > Some don't have web interface, some don't have caldev support!!!! > Yeah, I completely agree. This is of great interest to me because I can see great opportunities for many types of networks and such. One application that was brought up that I like, although it's more than just a caldav/web interface. That application in Zimbra. I understand it to be exactly what we want with the exception of the mail component. Maybe there's a way to rip that out (or not set it up). Also, the licensing may be an issue, but I don't know much about that off-hand. Cheers, Clint From ivazqueznet at gmail.com Fri Mar 27 15:42:34 2009 From: ivazqueznet at gmail.com (Ignacio Vazquez-Abrams) Date: Fri, 27 Mar 2009 11:42:34 -0400 Subject: [Fwd: Cron /usr/share/clamav/freshclam-sleep] Message-ID: <1238168554.27479.10.camel@ignacio.lan> We're getting these every 3 hours. Could someone take a look at it please? Thanks. -------- Forwarded Message -------- From: Cron Daemon To: root at fedoraproject.org, postmaster at fedoraproject.org, webmaster at fedoraproject.org, clamav at fedoraproject.org Subject: Cron /usr/share/clamav/freshclam-sleep Date: Fri, 27 Mar 2009 15:00:01 +0000 (UTC) WARNING: update of clamav database is disabled; please see '/etc/sysconfig/freshclam' for information how to enable the periodic update resp. how to turn off this message. -- Ignacio Vazquez-Abrams -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From smooge at gmail.com Fri Mar 27 16:13:13 2009 From: smooge at gmail.com (Stephen John Smoogen) Date: Fri, 27 Mar 2009 10:13:13 -0600 Subject: Pycon people In-Reply-To: <20090327050805.GA5439@sphe.res.cmu.edu> References: <80d7e4090903262031n5c2b47a5t2aa2d4743bcf1c8f@mail.gmail.com> <20090327050805.GA5439@sphe.res.cmu.edu> Message-ID: <80d7e4090903270913i3c9784b6l1bdd3b3a839e99df@mail.gmail.com> 2009/3/26 Ricky Zhou : > On 2009-03-26 09:31:32 PM, Stephen John Smoogen wrote: >> Who are the backups in case of emergency. I can probably work out some >> time off if you need it. > I'll be around as well. > > Thanks, > Ricky Ok.. cool. I was afraid it was just going to be Seth, 12 oz of concentrated espresso beans, and a pager. -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" From mmcgrath at redhat.com Fri Mar 27 16:26:42 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 27 Mar 2009 11:26:42 -0500 (CDT) Subject: [Fwd: Cron /usr/share/clamav/freshclam-sleep] In-Reply-To: <1238168554.27479.10.camel@ignacio.lan> References: <1238168554.27479.10.camel@ignacio.lan> Message-ID: On Fri, 27 Mar 2009, Ignacio Vazquez-Abrams wrote: > We're getting these every 3 hours. Could someone take a look at it > please? Thanks. > This was me, I'm working on a clamav module for puppet.. That's quite a bitch that it is this noisy by default. -Mike > -------- Forwarded Message -------- > From: Cron Daemon > To: root at fedoraproject.org, postmaster at fedoraproject.org, > webmaster at fedoraproject.org, clamav at fedoraproject.org > Subject: Cron /usr/share/clamav/freshclam-sleep > Date: Fri, 27 Mar 2009 15:00:01 +0000 (UTC) > > WARNING: update of clamav database is disabled; please see > '/etc/sysconfig/freshclam' > for information how to enable the periodic update resp. how to turn > off this message. > > -- > Ignacio Vazquez-Abrams > From dennis at ausil.us Fri Mar 27 16:54:00 2009 From: dennis at ausil.us (Dennis Gilmore) Date: Fri, 27 Mar 2009 11:54:00 -0500 Subject: Pycon people In-Reply-To: References: <80d7e4090903262031n5c2b47a5t2aa2d4743bcf1c8f@mail.gmail.com> Message-ID: <200903271154.01575.dennis@ausil.us> On Thursday 26 March 2009 11:29:54 pm Seth Vidal wrote: > On Thu, 26 Mar 2009, Stephen John Smoogen wrote: > > On Thu, Mar 26, 2009 at 8:57 PM, Mike McGrath wrote: > >> Just a heads up, many of the Infrastructure Team members (including > >> myself) will be at pycon (http://us.pycon.org/) so our online > >> availability will be scarce. > > > > Who are the backups in case of emergency. I can probably work out some > > time off if you need it. > > I'm here and around and I get the pages. Im here also Dennis From skvidal at fedoraproject.org Fri Mar 27 17:11:43 2009 From: skvidal at fedoraproject.org (Seth Vidal) Date: Fri, 27 Mar 2009 13:11:43 -0400 (EDT) Subject: Pycon people In-Reply-To: <80d7e4090903270913i3c9784b6l1bdd3b3a839e99df@mail.gmail.com> References: <80d7e4090903262031n5c2b47a5t2aa2d4743bcf1c8f@mail.gmail.com> <20090327050805.GA5439@sphe.res.cmu.edu> <80d7e4090903270913i3c9784b6l1bdd3b3a839e99df@mail.gmail.com> Message-ID: On Fri, 27 Mar 2009, Stephen John Smoogen wrote: > 2009/3/26 Ricky Zhou : >> On 2009-03-26 09:31:32 PM, Stephen John Smoogen wrote: >>> Who are the backups in case of emergency. I can probably work out some >>> time off if you need it. >> I'll be around as well. >> >> Thanks, >> Ricky > > Ok.. cool. I was afraid it was just going to be Seth, 12 oz of > concentrated espresso beans, and a pager. You wound me, sir. WOUND! :) -sv From awilliam at redhat.com Fri Mar 27 17:52:56 2009 From: awilliam at redhat.com (Adam Williamson) Date: Fri, 27 Mar 2009 10:52:56 -0700 Subject: Please test our new calendering solutions. In-Reply-To: References: <014d01c9ae28$43a6cea0$caf46be0$@org> Message-ID: <1238176376.4338.45.camel@adam.local.net> On Thu, 2009-03-26 at 10:11 -0600, Clint Savage wrote: > On Thu, Mar 26, 2009 at 9:33 AM, Simon Birtwistle wrote: > >> For testing purpose, I have tried out many solutions, but the two most > >> suitable contenders are > >> 1.Zikula > >> 2.Citadel > > > > I'd like to throw in my previous email as a reference for this exact > purpose. There was a long discussion[1] around which I already > created a list of potential calendaring solutions[2]. Of which, we > need to evaluate those as well since from what I can see, neither of > these solutions allow me to update the calendar (my personal or a > group calendar) with the caldav server type functionality. Maybe I > missed that, but I think that's an integral part of the need for a > calendaring solution IMO. if you follow the discussion held a while > ago, the list suggested becomes more integral to the scheduling > functionality needed in Fedora. > > I'm still under the impression that we should set up test servers for > these other systems too as most (if not all) are FOSS as well and > better fit the needs of a full calendaring free/busy type solution. Just wanted to back up Clint on this: as the guy who started the ball rolling, CalDAV support was one of the deal-breakers for me. I don't think we can expect everyone to work through a web front end, it's important to have the flexibility to let people access the calendar and publish to it via their PIM client (or even via, say, Google Calendar, which has CalDAV support these days). Google finds some references to Citadel planning CalDAV support, but they seem sketchy and not currently active. Thanks a lot to you guys for your work on this! Of the two current test systems, I agree with Neville's comments: zikula is the nicer because it's a simple calendar-based layout. Citadel is nice, but it's a complete groupware system, which isn't exactly what we're trying to put in place here - we're not trying to provide people with email and contact management, doing that via the Fedora project doesn't really make sense. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org http://www.happyassassin.net From awilliam at redhat.com Fri Mar 27 17:55:06 2009 From: awilliam at redhat.com (Adam Williamson) Date: Fri, 27 Mar 2009 10:55:06 -0700 Subject: Please test our new calendering solutions. In-Reply-To: References: <014d01c9ae28$43a6cea0$caf46be0$@org> Message-ID: <1238176506.4338.47.camel@adam.local.net> On Fri, 2009-03-27 at 08:54 -0600, Clint Savage wrote: > Yeah, I completely agree. This is of great interest to me because I > can see great opportunities for many types of networks and such. One > application that was brought up that I like, although it's more than > just a caldav/web interface. That application in Zimbra. I > understand it to be exactly what we want with the exception of the > mail component. Maybe there's a way to rip that out (or not set it > up). Also, the licensing may be an issue, but I don't know much about > that off-hand. FWIW, Zimbra is what Red Hat uses internally. It does, indeed, have functional CalDAV support. >From what I've heard it was a bit of a big effort to get implemented, though. It's a fairly big project. It may be subject to the same objections I made to Citadel - it's overkill for a pure calendaring system, and the extra functions aren't necessarily something that add any value if provided by the Fedora project. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org http://www.happyassassin.net From thinklinux.ssh at gmail.com Fri Mar 27 18:07:59 2009 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Fri, 27 Mar 2009 23:37:59 +0530 Subject: Please test our new calendering solutions. In-Reply-To: <1238176376.4338.45.camel@adam.local.net> References: <014d01c9ae28$43a6cea0$caf46be0$@org> <1238176376.4338.45.camel@adam.local.net> Message-ID: > Just wanted to back up Clint on this: as the guy who started the ball > rolling, CalDAV support was one of the deal-breakers for me. I don't > think we can expect everyone to work through a web front end, it's > important to have the flexibility to let people access the calendar and > publish to it via their PIM client (or even via, say, Google Calendar, > which has CalDAV support these days). If web-interface isn't a necessity, I have a davical server up for testing. :) http://publictest15.fedoraproject.org/davical/ We can easily sync that to our personal devices. -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= Sent from: Calcutta WB India. From thinklinux.ssh at gmail.com Fri Mar 27 18:10:28 2009 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Fri, 27 Mar 2009 23:40:28 +0530 Subject: Please test our new calendering solutions. In-Reply-To: References: <014d01c9ae28$43a6cea0$caf46be0$@org> <1238176376.4338.45.camel@adam.local.net> Message-ID: > If web-interface isn't a necessity, I have a davical server up for testing. :) > http://publictest15.fedoraproject.org/davical/ > We can easily sync that to our personal devices. username/passwd for syncing is testuser/testuser. -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= Sent from: Calcutta WB India. From laxathom at fedoraproject.org Fri Mar 27 18:25:05 2009 From: laxathom at fedoraproject.org (Xavier Lamien) Date: Fri, 27 Mar 2009 19:25:05 +0100 Subject: Pycon people In-Reply-To: <200903271154.01575.dennis@ausil.us> References: <80d7e4090903262031n5c2b47a5t2aa2d4743bcf1c8f@mail.gmail.com> <200903271154.01575.dennis@ausil.us> Message-ID: <62bc09df0903271125h6b7f388eu86c947295c8f8c00@mail.gmail.com> On Fri, Mar 27, 2009 at 5:54 PM, Dennis Gilmore wrote: > On Thursday 26 March 2009 11:29:54 pm Seth Vidal wrote: >> On Thu, 26 Mar 2009, Stephen John Smoogen wrote: >> > On Thu, Mar 26, 2009 at 8:57 PM, Mike McGrath wrote: >> >> Just a heads up, many of the Infrastructure Team members (including >> >> myself) will be at pycon (http://us.pycon.org/) so our online >> >> availability will be scarce. >> > >> > Who are the backups in case of emergency. I can probably work out some >> > time off if you need it. >> >> I'm here and around and I get the pages. > > Im here also > I'm around too. -- Xavier.t Lamien -- http://fedoraproject.org/wiki/XavierLamien GPG-Key ID: F3903DEB Fingerprint: 0F2A 7A17 0F1B 82EE FCBF 1F51 76B7 A28D F390 3DEB From herlo1 at gmail.com Fri Mar 27 20:03:05 2009 From: herlo1 at gmail.com (Clint Savage) Date: Fri, 27 Mar 2009 14:03:05 -0600 Subject: Please test our new calendering solutions. In-Reply-To: References: <014d01c9ae28$43a6cea0$caf46be0$@org> <1238176376.4338.45.camel@adam.local.net> Message-ID: I On Fri, Mar 27, 2009 at 12:10 PM, susmit shannigrahi wrote: >> If web-interface isn't a necessity, I have a davical server up for testing. :) >> http://publictest15.fedoraproject.org/davical/ >> We can easily sync that to our personal devices. > > username/passwd for syncing is testuser/testuser. > I will set up Thunderbird with Lightning and start testing on this. However, I kind of think a mixed solution (web and caldav/ical support) is what fits us best. For now, this might be the best direction to go and just build something out of it, thoughts? Cheers, Clint From smooge at gmail.com Fri Mar 27 22:18:01 2009 From: smooge at gmail.com (Stephen John Smoogen) Date: Fri, 27 Mar 2009 16:18:01 -0600 Subject: Pycon people In-Reply-To: References: <80d7e4090903262031n5c2b47a5t2aa2d4743bcf1c8f@mail.gmail.com> <20090327050805.GA5439@sphe.res.cmu.edu> <80d7e4090903270913i3c9784b6l1bdd3b3a839e99df@mail.gmail.com> Message-ID: <80d7e4090903271518u1c0cc5cap84701e212594604f@mail.gmail.com> On Fri, Mar 27, 2009 at 11:11 AM, Seth Vidal wrote: > > > On Fri, 27 Mar 2009, Stephen John Smoogen wrote: > >> 2009/3/26 Ricky Zhou : >>> >>> On 2009-03-26 09:31:32 PM, Stephen John Smoogen wrote: >>>> >>>> Who are the backups in case of emergency. I can probably work out some >>>> time off if you need it. >>> >>> I'll be around as well. >>> >>> Thanks, >>> Ricky >> >> Ok.. cool. I was afraid it was just going to be Seth, 12 oz of >> concentrated espresso beans, and a pager. > > You wound me, sir. > > WOUND! :) Hey I was just trying to look out for you. I mean after the 60th hour the hallucinations and heart palpitations kick in. -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" From mmcgrath at redhat.com Sat Mar 28 02:11:56 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 27 Mar 2009 21:11:56 -0500 (CDT) Subject: Change Request: Test_Day namespace change Message-ID: I'd like to do http://pastebin.ca/1374517 for https://fedorahosted.org/fedora-infrastructure/ticket/1293 -Mike From ricky at fedoraproject.org Sat Mar 28 02:34:13 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Fri, 27 Mar 2009 22:34:13 -0400 Subject: Change Request: Test_Day namespace change In-Reply-To: References: Message-ID: <20090328023413.GA9724@sphe.res.cmu.edu> On 2009-03-27 09:11:56 PM, Mike McGrath wrote: > I'd like to do > > http://pastebin.ca/1374517 > > for > > https://fedorahosted.org/fedora-infrastructure/ticket/1293 +1 with the fixes agreed upon in IRC (increment the values of the constants and change the names to NS_TEST_DAY and NS_TEST_DAY_TALK). Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From thinklinux.ssh at gmail.com Sat Mar 28 03:00:15 2009 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Sat, 28 Mar 2009 08:30:15 +0530 Subject: Please test our new calendering solutions. In-Reply-To: References: <014d01c9ae28$43a6cea0$caf46be0$@org> <1238176376.4338.45.camel@adam.local.net> Message-ID: > I will set up Thunderbird with Lightning and start testing on this. > However, I kind of think a mixed solution (web and caldav/ical > support) is what fits us best. ?For now, this might be the best > direction to go and just build something out of it, thoughts? Let's look into another two test apps... 1. PHP iCalendar (http://phpicalendar.net/): PHP-based iCAL v.2.0 file parser / displayer. One sends/retrieves the files via WebDAV: PHP iCalendar itself is view-only. http://publictest15.fedoraproject.org/phpical/phpicalendar/ and 2. Webcalender (webcalendar.sourceforge.net/) : http://publictest15.fedoraproject.org/webcalender/ Can you please test the required functionalities are available or not? passwd same as usual. Thanks. -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= Sent from: Calcutta WB India. From herlo1 at gmail.com Sat Mar 28 04:15:36 2009 From: herlo1 at gmail.com (Clint Savage) Date: Fri, 27 Mar 2009 22:15:36 -0600 Subject: Please test our new calendering solutions. In-Reply-To: References: <014d01c9ae28$43a6cea0$caf46be0$@org> <1238176376.4338.45.camel@adam.local.net> Message-ID: On Fri, Mar 27, 2009 at 9:00 PM, susmit shannigrahi wrote: >> I will set up Thunderbird with Lightning and start testing on this. >> However, I kind of think a mixed solution (web and caldav/ical >> support) is what fits us best. ?For now, this might be the best >> direction to go and just build something out of it, thoughts? > > > Let's look into another two test apps... > > 1. PHP iCalendar (http://phpicalendar.net/): PHP-based iCAL v.2.0 file > parser / displayer. One sends/retrieves the files via WebDAV: PHP > iCalendar itself is view-only. > http://publictest15.fedoraproject.org/phpical/phpicalendar/ > > and > > 2. Webcalender (webcalendar.sourceforge.net/) : > http://publictest15.fedoraproject.org/webcalender/ > > Can you please test the required functionalities are available or not? > passwd same as usual. > Thanks. Can do, probably get back with you tomorrow nightish. If anyone else can do it sooner, that'd be great. Clint From a.badger at gmail.com Sat Mar 28 19:28:25 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Sat, 28 Mar 2009 14:28:25 -0500 Subject: Change Request: Test_Day namespace change In-Reply-To: <20090328023413.GA9724@sphe.res.cmu.edu> References: <20090328023413.GA9724@sphe.res.cmu.edu> Message-ID: <49CE7A59.7010304@gmail.com> Ricky Zhou wrote: > On 2009-03-27 09:11:56 PM, Mike McGrath wrote: >> I'd like to do >> >> http://pastebin.ca/1374517 >> >> for >> >> https://fedorahosted.org/fedora-infrastructure/ticket/1293 > +1 with the fixes agreed upon in IRC (increment the values of the > constants and change the names to NS_TEST_DAY and NS_TEST_DAY_TALK). > +1 -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From thinklinux.ssh at gmail.com Sun Mar 29 03:20:06 2009 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Sun, 29 Mar 2009 08:50:06 +0530 Subject: Fedora Calendering system: listing clear requirements. Message-ID: Hi, The other mail was getting too long. I am writing this as I think I have found the solution. (by using zicula and phpical together) So I want to understand the required functionalities. What I have got so far: 1. Having a calender. ;) 2. Updating and Syncing from different clients using caldev protocol. 3. Having a web-interface to view/update/sync the calenders. Right? Thanks. -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= Sent from: Calcutta WB India. From patelbhavin27 at gmail.com Sun Mar 29 17:22:31 2009 From: patelbhavin27 at gmail.com (Bhavinkumar patel) Date: Sun, 29 Mar 2009 13:22:31 -0400 Subject: My Experience and Skills Message-ID: <89fb7d600903291022q21d2c410u703a6579b3c5dee3@mail.gmail.com> Hi Everyone, I have just joined th Fedora Developer community. I know C, C++, JAVA, Perl , SQL, Javascript, JSP, HTML,CSS. I don't have much experience but I can work on any of this languages. Currently I am working on the perl automation. Thanks, -------------------------- Bhavinkumar G Patel -------------- next part -------------- An HTML attachment was scrubbed... URL: From diegobz at gmail.com Sun Mar 29 18:21:40 2009 From: diegobz at gmail.com (=?ISO-8859-1?Q?Diego_B=FArigo_Zacar=E3o?=) Date: Sun, 29 Mar 2009 15:21:40 -0300 Subject: [Request] Transifex 0.5.1 Message-ID: <6600c1b10903291121g707bc12ct1f906447c6e3c49e@mail.gmail.com> Can we have +1's to update Tx on app1? It's only a maintenance release and should not break anything. Regards -- Diego B?rigo Zacar?o http://diegobz.net Linux User #402589 USE SOFTWARE LIVRE -------------- next part -------------- An HTML attachment was scrubbed... URL: From affix at FedoraProject.org Sun Mar 29 18:23:07 2009 From: affix at FedoraProject.org (Keiran Smith) Date: Sun, 29 Mar 2009 19:23:07 +0100 Subject: My Experience and Skills In-Reply-To: <89fb7d600903291022q21d2c410u703a6579b3c5dee3@mail.gmail.com> References: <89fb7d600903291022q21d2c410u703a6579b3c5dee3@mail.gmail.com> Message-ID: Welcome to fedora :) We look forward to your contributions 2009/3/29 Bhavinkumar patel > Hi Everyone, > > I have just joined th Fedora Developer community. > > I know C, C++, JAVA, Perl , SQL, Javascript, JSP, HTML,CSS. > > I don't have much experience but I can work on any of this languages. > > Currently I am working on the perl automation. > > Thanks, > -------------------------- > Bhavinkumar G Patel > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > -- Keiran Smith - Fedora Ambassador / BugZapper - - Free Software Foundation Associate - -------------- next part -------------- An HTML attachment was scrubbed... URL: From dimitris at glezos.com Sun Mar 29 18:58:28 2009 From: dimitris at glezos.com (Dimitris Glezos) Date: Sun, 29 Mar 2009 21:58:28 +0300 Subject: [Request] Transifex 0.5.1 In-Reply-To: <6600c1b10903291121g707bc12ct1f906447c6e3c49e@mail.gmail.com> References: <6600c1b10903291121g707bc12ct1f906447c6e3c49e@mail.gmail.com> Message-ID: <6d4237680903291158l3035bf5fneec27f23a4e930c7@mail.gmail.com> 2009/3/29 Diego B?rigo Zacar?o : > Can we have +1's to update Tx on app1? It's only a maintenance release and > should not break anything. The changes can be found in the release notes: http://docs.transifex.org/releases/0.5.html#transifex-0-5-1-aurora -d -- Dimitris Glezos Jabber ID: glezos at jabber.org, GPG: 0xA5A04C3B http://dimitris.glezos.com/ "He who gives up functionality for ease of use loses both and deserves neither." (Anonymous) -- From ricky at fedoraproject.org Sun Mar 29 20:49:58 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Sun, 29 Mar 2009 16:49:58 -0400 Subject: [Request] Transifex 0.5.1 In-Reply-To: <6600c1b10903291121g707bc12ct1f906447c6e3c49e@mail.gmail.com> References: <6600c1b10903291121g707bc12ct1f906447c6e3c49e@mail.gmail.com> Message-ID: <20090329204958.GB16795@sphe.res.cmu.edu> On 2009-03-29 03:21:40 PM, Diego B?rigo Zacar?o wrote: > Can we have +1's to update Tx on app1? It's only a maintenance release and > should not break anything. +1 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Mon Mar 30 00:06:39 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Sun, 29 Mar 2009 19:06:39 -0500 (CDT) Subject: Fedora Calendering system: listing clear requirements. In-Reply-To: References: Message-ID: On Sun, 29 Mar 2009, susmit shannigrahi wrote: > Hi, > The other mail was getting too long. > I am writing this as I think I have found the solution. (by using > zicula and phpical together) > > > So I want to understand the required functionalities. > > What I have got so far: > > 1. Having a calender. ;) > 2. Updating and Syncing from different clients using caldev protocol. > 3. Having a web-interface to view/update/sync the calenders. > > Right? > I'd think those are the main features people will be looking for. -Mike From mmcgrath at redhat.com Mon Mar 30 00:43:07 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Sun, 29 Mar 2009 19:43:07 -0500 (CDT) Subject: [Request] Transifex 0.5.1 In-Reply-To: <20090329204958.GB16795@sphe.res.cmu.edu> References: <6600c1b10903291121g707bc12ct1f906447c6e3c49e@mail.gmail.com> <20090329204958.GB16795@sphe.res.cmu.edu> Message-ID: On Sun, 29 Mar 2009, Ricky Zhou wrote: > On 2009-03-29 03:21:40 PM, Diego B?rigo Zacar?o wrote: > > Can we have +1's to update Tx on app1? It's only a maintenance release and > > should not break anything. > +1 > +1 -Mike From diegobz at gmail.com Mon Mar 30 12:08:05 2009 From: diegobz at gmail.com (=?ISO-8859-1?Q?Diego_B=FArigo_Zacar=E3o?=) Date: Mon, 30 Mar 2009 09:08:05 -0300 Subject: [Change Request] Transifex 0.5.1-2 Message-ID: <6600c1b10903300508l424667cdxe80384ca130bdfff@mail.gmail.com> I'm sorry guys, but we had a minor problem with the tar.gz on the previous RPM. Can I have +1's for a new update on app1 to the 0.5.1-2 building? http://buildsys.fedoraproject.org/plague-results/fedora-5-epel/transifex/0.5.1-2.el5/noarch/ Thanks -- Diego B?rigo Zacar?o http://diegobz.net Linux User #402589 USE SOFTWARE LIVRE -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmcgrath at redhat.com Mon Mar 30 13:22:27 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 30 Mar 2009 08:22:27 -0500 (CDT) Subject: [Change Request] Transifex 0.5.1-2 In-Reply-To: <6600c1b10903300508l424667cdxe80384ca130bdfff@mail.gmail.com> References: <6600c1b10903300508l424667cdxe80384ca130bdfff@mail.gmail.com> Message-ID: On Mon, 30 Mar 2009, Diego B?rigo Zacar?o wrote: > I'm sorry guys, but we had a minor problem with the tar.gz on the previous RPM. > Can I have +1's for a new update on app1 to the 0.5.1-2 building? > > http://buildsys.fedoraproject.org/plague-results/fedora-5-epel/transifex/0.5.1-2.el5/noarch/ > +1 -Mike From laxathom at fedoraproject.org Mon Mar 30 13:26:47 2009 From: laxathom at fedoraproject.org (Xavier Lamien) Date: Mon, 30 Mar 2009 15:26:47 +0200 Subject: [Change Request] Transifex 0.5.1-2 In-Reply-To: References: <6600c1b10903300508l424667cdxe80384ca130bdfff@mail.gmail.com> Message-ID: <62bc09df0903300626k19987255tef5bc046920b8c08@mail.gmail.com> 2009/3/30 Mike McGrath : > On Mon, 30 Mar 2009, Diego B?rigo Zacar?o wrote: > >> I'm sorry guys, but we had a minor problem with the tar.gz on the previous RPM. >> Can I have +1's for a new update on app1 to the 0.5.1-2 building? >> >> http://buildsys.fedoraproject.org/plague-results/fedora-5-epel/transifex/0.5.1-2.el5/noarch/ >> > > +1 +1 -- Xavier.t Lamien -- http://fedoraproject.org/wiki/XavierLamien GPG-Key ID: F3903DEB Fingerprint: 0F2A 7A17 0F1B 82EE FCBF 1F51 76B7 A28D F390 3DEB From mmcgrath at redhat.com Mon Mar 30 14:34:00 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 30 Mar 2009 09:34:00 -0500 (CDT) Subject: Intrusion Update Message-ID: For those not on the announce list: https://www.redhat.com/archives/fedora-announce-list/2009-March/msg00010.html -Mike From mmcgrath at redhat.com Mon Mar 30 14:52:11 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 30 Mar 2009 09:52:11 -0500 (CDT) Subject: Intrusion Update In-Reply-To: References: Message-ID: On Mon, 30 Mar 2009, Mike McGrath wrote: > For those not on the announce list: > > https://www.redhat.com/archives/fedora-announce-list/2009-March/msg00010.html > Oh! I forgot something too, I've been waiting for this to go out so we could discuss authentication mechanisms. Passwords + ssh keys just aren't the most secure method of authentication. Our policy on private keys is pretty clear now but there's always room for improvement. So I'm not quite sure how to 'fix' this problem. By that I mean, even if we knew this attack was going to happen I'm not totally sure of a feasible solution, using only free software, that we could have used to fix it. Obviously a physical rsa key or the like would have worked but I don't think we have the manpower nor budget to implement such a system. So I ask the list, any ideas? -Mike From thinklinux.ssh at gmail.com Mon Mar 30 15:01:31 2009 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Mon, 30 Mar 2009 20:31:31 +0530 Subject: Intrusion Update In-Reply-To: References: Message-ID: > So I'm not quite sure how to 'fix' this problem. ?By that I mean, even if > we knew this attack was going to happen I'm not totally sure of a feasible > solution, using only free software, that we could have used to fix it. > Obviously a physical rsa key or the like would have worked but I don't > think we have the manpower nor budget to implement such a system. ?So I > ask the list, any ideas? A single use random code/passwd mailed/texted each time one tries to login and invalidated just after use?? Basically I am referring to RFC 2289[1] [1]http://www.ietf.org/rfc/rfc2289.txt Thanks. -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= Sent from: Calcutta WB India. From damian.myerscough at gmail.com Mon Mar 30 15:14:03 2009 From: damian.myerscough at gmail.com (Damian Myerscough) Date: Mon, 30 Mar 2009 16:14:03 +0100 Subject: Intrusion Update In-Reply-To: References: Message-ID: <49D0E1BB.7040401@gmail.com> Hello, What about the use of S/Key (one-time passwords) I think it is possible to deploy SSH with S/Key authentication. I haven't look into it that much but it could be a possible solution? susmit shannigrahi wrote: >> So I'm not quite sure how to 'fix' this problem. By that I mean, even if >> we knew this attack was going to happen I'm not totally sure of a feasible >> solution, using only free software, that we could have used to fix it. >> Obviously a physical rsa key or the like would have worked but I don't >> think we have the manpower nor budget to implement such a system. So I >> ask the list, any ideas? > > A single use random code/passwd mailed/texted each time one tries to > login and invalidated just after use?? > > Basically I am referring to RFC 2289[1] > > [1]http://www.ietf.org/rfc/rfc2289.txt > > Thanks. > -- Regards, Damian Myerscough From damian.myerscough at gmail.com Mon Mar 30 15:15:21 2009 From: damian.myerscough at gmail.com (Damian Myerscough) Date: Mon, 30 Mar 2009 16:15:21 +0100 Subject: Intrusion Update In-Reply-To: References: Message-ID: <49D0E209.10401@gmail.com> Opps Sorry I didn't check the link Susmit posted. susmit shannigrahi wrote: >> So I'm not quite sure how to 'fix' this problem. By that I mean, even if >> we knew this attack was going to happen I'm not totally sure of a feasible >> solution, using only free software, that we could have used to fix it. >> Obviously a physical rsa key or the like would have worked but I don't >> think we have the manpower nor budget to implement such a system. So I >> ask the list, any ideas? > > A single use random code/passwd mailed/texted each time one tries to > login and invalidated just after use?? > > Basically I am referring to RFC 2289[1] > > [1]http://www.ietf.org/rfc/rfc2289.txt > > Thanks. > -- Regards, Damian Myerscough From a.badger at gmail.com Mon Mar 30 15:36:57 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Mon, 30 Mar 2009 10:36:57 -0500 Subject: [Change Request] Transifex 0.5.1-2 In-Reply-To: <62bc09df0903300626k19987255tef5bc046920b8c08@mail.gmail.com> References: <6600c1b10903300508l424667cdxe80384ca130bdfff@mail.gmail.com> <62bc09df0903300626k19987255tef5bc046920b8c08@mail.gmail.com> Message-ID: <49D0E719.9010600@gmail.com> Xavier Lamien wrote: > 2009/3/30 Mike McGrath : >> On Mon, 30 Mar 2009, Diego B?rigo Zacar?o wrote: >> >>> I'm sorry guys, but we had a minor problem with the tar.gz on the previous RPM. >>> Can I have +1's for a new update on app1 to the 0.5.1-2 building? >>> >>> http://buildsys.fedoraproject.org/plague-results/fedora-5-epel/transifex/0.5.1-2.el5/noarch/ >>> >> +1 > > +1 > +1 -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From mmcgrath at redhat.com Mon Mar 30 15:46:37 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 30 Mar 2009 10:46:37 -0500 (CDT) Subject: Intrusion Update In-Reply-To: <49D0E1BB.7040401@gmail.com> References: <49D0E1BB.7040401@gmail.com> Message-ID: On Mon, 30 Mar 2009, Damian Myerscough wrote: > Hello, > > What about the use of S/Key (one-time passwords) I think it is possible to > deploy SSH with S/Key authentication. I haven't look into it that much but it > could be a possible solution? > If someone had my username, password, and ssh key. How would that prevent them from getting a otp? -Mike > susmit shannigrahi wrote: > > > So I'm not quite sure how to 'fix' this problem. By that I mean, even if > > > we knew this attack was going to happen I'm not totally sure of a feasible > > > solution, using only free software, that we could have used to fix it. > > > Obviously a physical rsa key or the like would have worked but I don't > > > think we have the manpower nor budget to implement such a system. So I > > > ask the list, any ideas? > > > > A single use random code/passwd mailed/texted each time one tries to > > login and invalidated just after use?? > > > > Basically I am referring to RFC 2289[1] > > > > [1]http://www.ietf.org/rfc/rfc2289.txt > > > > Thanks. > > > > -- > Regards, > Damian Myerscough > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > From damian.myerscough at gmail.com Mon Mar 30 15:52:24 2009 From: damian.myerscough at gmail.com (Damian Myerscough) Date: Mon, 30 Mar 2009 16:52:24 +0100 Subject: Intrusion Update In-Reply-To: References: <49D0E1BB.7040401@gmail.com> Message-ID: <49D0EAB8.7060707@gmail.com> I have just done some research on SSH and S/Key and I read that S/Key cannot withstand a brute forced attack [1] [1] http://www.gentoo-wiki.info/OpenSSH_skey Mike McGrath wrote: > On Mon, 30 Mar 2009, Damian Myerscough wrote: > >> Hello, >> >> What about the use of S/Key (one-time passwords) I think it is possible to >> deploy SSH with S/Key authentication. I haven't look into it that much but it >> could be a possible solution? >> > > If someone had my username, password, and ssh key. How would that prevent > them from getting a otp? > > -Mike > >> susmit shannigrahi wrote: >>>> So I'm not quite sure how to 'fix' this problem. By that I mean, even if >>>> we knew this attack was going to happen I'm not totally sure of a feasible >>>> solution, using only free software, that we could have used to fix it. >>>> Obviously a physical rsa key or the like would have worked but I don't >>>> think we have the manpower nor budget to implement such a system. So I >>>> ask the list, any ideas? >>> A single use random code/passwd mailed/texted each time one tries to >>> login and invalidated just after use?? >>> >>> Basically I am referring to RFC 2289[1] >>> >>> [1]http://www.ietf.org/rfc/rfc2289.txt >>> >>> Thanks. >>> >> -- >> Regards, >> Damian Myerscough >> >> _______________________________________________ >> Fedora-infrastructure-list mailing list >> Fedora-infrastructure-list at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list >> > -- Regards, Damian Myerscough From thinklinux.ssh at gmail.com Mon Mar 30 15:56:53 2009 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Mon, 30 Mar 2009 21:26:53 +0530 Subject: Intrusion Update In-Reply-To: References: <49D0E1BB.7040401@gmail.com> Message-ID: > If someone had my username, password, and ssh key. ?How would that prevent > them from getting a otp? Supposedly, they will not have access to the mobile device/pager where this single time password will be sent. -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= Sent from: Calcutta WB India. From mgalgoci at redhat.com Mon Mar 30 16:01:01 2009 From: mgalgoci at redhat.com (Matthew Galgoci) Date: Mon, 30 Mar 2009 12:01:01 -0400 (EDT) Subject: Intrusion Update In-Reply-To: <49D0EAB8.7060707@gmail.com> References: <49D0E1BB.7040401@gmail.com> <49D0EAB8.7060707@gmail.com> Message-ID: > Date: Mon, 30 Mar 2009 16:52:24 +0100 > From: Damian Myerscough > To: Mike McGrath > Cc: Fedora Infrastructure > Subject: Re: Intrusion Update > > I have just done some research on SSH and S/Key and I read that S/Key cannot > withstand a brute forced attack [1] > > [1] http://www.gentoo-wiki.info/OpenSSH_skey In addition, skey-like authentication schemes only work if the end users of aren't automating their login process and keep the skey-like program on a separate system like a pda. Believe me, if you implement an skey-alike you will have users dumb enough to automate their login processes and run the skey-like calculator on the same machine they are logging in from. -- Matthew Galgoci Network Operations Red Hat, Inc 919.754.3700 x44155 From jim at meyering.net Mon Mar 30 16:01:51 2009 From: jim at meyering.net (Jim Meyering) Date: Mon, 30 Mar 2009 18:01:51 +0200 Subject: Intrusion Update In-Reply-To: (Mike McGrath's message of "Mon, 30 Mar 2009 10:46:37 -0500 (CDT)") References: <49D0E1BB.7040401@gmail.com> Message-ID: <87ljqnxamo.fsf@meyering.net> Mike McGrath wrote: > On Mon, 30 Mar 2009, Damian Myerscough wrote: >> What about the use of S/Key (one-time passwords) I think it is possible to >> deploy SSH with S/Key authentication. I haven't look into it that much but it >> could be a possible solution? > > If someone had my username, password, and ssh key. How would that prevent > them from getting a otp? To do that, they'd need to know your otp passphrase. From mmcgrath at redhat.com Mon Mar 30 16:02:22 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 30 Mar 2009 11:02:22 -0500 (CDT) Subject: Intrusion Update In-Reply-To: References: <49D0E1BB.7040401@gmail.com> Message-ID: On Mon, 30 Mar 2009, susmit shannigrahi wrote: > > If someone had my username, password, and ssh key. ?How would that prevent > > them from getting a otp? > > > Supposedly, they will not have access to the mobile device/pager where > this single time password will be sent. > Interestingly I saw someone doing something very similar to this at pycon using asterisk. -Mike From thinklinux.ssh at gmail.com Mon Mar 30 16:05:36 2009 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Mon, 30 Mar 2009 21:35:36 +0530 Subject: Intrusion Update In-Reply-To: <49D0EAB8.7060707@gmail.com> References: <49D0E1BB.7040401@gmail.com> <49D0EAB8.7060707@gmail.com> Message-ID: On Mon, Mar 30, 2009 at 9:22 PM, Damian Myerscough wrote: > I have just done some research on SSH and S/Key and I read that S/Key cannot > withstand a brute forced attack [1] > > [1] http://www.gentoo-wiki.info/OpenSSH_skey True, but We can lock out an account after 10 (or 100) invalid attempts. Brute-force will require more than that number of attempts. A six latter password will require few hundred (~380) million generations. -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= Sent from: Calcutta WB India. From thinklinux.ssh at gmail.com Mon Mar 30 16:08:02 2009 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Mon, 30 Mar 2009 21:38:02 +0530 Subject: Intrusion Update In-Reply-To: References: <49D0E1BB.7040401@gmail.com> Message-ID: >> Supposedly, they will not have access to the mobile device/pager where >> this single time password will be sent. >> > > Interestingly I saw someone doing something very similar to this at pycon > using asterisk. You mean, pretend to be another number using asterix and grab this single time passwd? -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= Sent from: Calcutta WB India. From smooge at gmail.com Mon Mar 30 16:13:02 2009 From: smooge at gmail.com (Stephen John Smoogen) Date: Mon, 30 Mar 2009 10:13:02 -0600 Subject: Intrusion Update In-Reply-To: References: <49D0E1BB.7040401@gmail.com> Message-ID: <80d7e4090903300913q1bfed70bmbebe93c0235a331b@mail.gmail.com> On Mon, Mar 30, 2009 at 9:46 AM, Mike McGrath wrote: > On Mon, 30 Mar 2009, Damian Myerscough wrote: > >> Hello, >> >> What about the use of S/Key (one-time passwords) I think it is possible to >> deploy SSH with S/Key authentication. I haven't look into it that much but it >> could be a possible solution? >> > > If someone had my username, password, and ssh key. ?How would that prevent > them from getting a otp? > > ? ? ? ?-Mike > Well normally they would have only your 1st password... and you would need a new OTP to become root etc. The big problem with S/KEY is the short search space (8 ASCII characters basically which can still take Petabytes for a dictionary attack). A place I used to work at had a similar problem a couple of years ago. Lessons learned was that OTP passwords were one of the most effective limiters. The second limiter was time limits on kerberos keys which limited how long having an OTP was useful to the attacker. Where people had gotten around this, we ran into issues: 1) Kerberos tickets with long lifes. 2) Forwarding tickets with high trust between all systems. 3) Proxiable tickets working between clusters 4) sudo without password Where people run into problems are: 1) Writing down the OTP passwords in their computer 2) Running the OTP calculator on their computer versus seperate device. 3) OTP passwords with 2 short of a length (8 minimum) Also in the end some processes MUST have human interaction. Depending on the level of trust you wish to impart on something, packages may only be signed on certain machines, from certain terminals, booted from cold boot via secure media, etc etc. -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" From jim at meyering.net Mon Mar 30 16:14:02 2009 From: jim at meyering.net (Jim Meyering) Date: Mon, 30 Mar 2009 18:14:02 +0200 Subject: Intrusion Update In-Reply-To: <49D0EAB8.7060707@gmail.com> (Damian Myerscough's message of "Mon, 30 Mar 2009 16:52:24 +0100") References: <49D0E1BB.7040401@gmail.com> <49D0EAB8.7060707@gmail.com> Message-ID: <87fxgvxa2d.fsf@meyering.net> Damian Myerscough wrote: > I have just done some research on SSH and S/Key and I read that S/Key > cannot withstand a brute forced attack [1] > > [1] http://www.gentoo-wiki.info/OpenSSH_skey OTPW looks better: http://en.wikipedia.org/wiki/OTPW From mmcgrath at redhat.com Mon Mar 30 16:22:08 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 30 Mar 2009 11:22:08 -0500 (CDT) Subject: Intrusion Update In-Reply-To: References: <49D0E1BB.7040401@gmail.com> Message-ID: On Mon, 30 Mar 2009, susmit shannigrahi wrote: > >> Supposedly, they will not have access to the mobile device/pager where > >> this single time password will be sent. > >> > > > > Interestingly I saw someone doing something very similar to this at pycon > > using asterisk. > > > You mean, pretend to be another number using asterix > and grab this single time passwd? > > I mean calling people when they try to log in. -Mike From dennis at ausil.us Mon Mar 30 17:57:23 2009 From: dennis at ausil.us (Dennis Gilmore) Date: Mon, 30 Mar 2009 12:57:23 -0500 Subject: More auth options Message-ID: <200903301257.24803.dennis@ausil.us> So doing a liitle looking around I cane across some options that look interesting, the following options would mean you need to physically have something to login. yubikey http://www.yubico.com/products/yubikey/ It would require a pam module and for us to setup a server for managing keys. it looks to be fairly low cost. it would implement a 2 facter authentication. etoken http://www.aladdin.com/etoken/devices/pro-usb.aspx it moves the public key from your hard drive to something you physically need to have ubikey is max USD$25 where the etoken is probably at least USD$30. I would think that with yubikey we could work out a deal with them to get a discount in return for us being a case study/prominent user of there product. all of the software for yubikey AFAICT is open source. some of it would require packaging. Dennis From mgalgoci at redhat.com Mon Mar 30 18:12:24 2009 From: mgalgoci at redhat.com (Matthew Galgoci) Date: Mon, 30 Mar 2009 14:12:24 -0400 (EDT) Subject: More auth options In-Reply-To: <200903301257.24803.dennis@ausil.us> References: <200903301257.24803.dennis@ausil.us> Message-ID: > Date: Mon, 30 Mar 2009 12:57:23 -0500 > From: Dennis Gilmore > Reply-To: Fedora Infrastructure > To: Fedora Infrastructure > Subject: More auth options > > So doing a liitle looking around I cane across some options that look > interesting, the following options would mean you need to physically have > something to login. > > yubikey > http://www.yubico.com/products/yubikey/ > It would require a pam module and for us to setup a server for managing keys. > it looks to be fairly low cost. it would implement a 2 facter > authentication. > > etoken > http://www.aladdin.com/etoken/devices/pro-usb.aspx > > it moves the public key from your hard drive to something you physically need > to have > > > ubikey is max USD$25 where the etoken is probably at least USD$30. I would > think that with yubikey we could work out a deal with them to get a discount > in return for us being a case study/prominent user of there product. all of > the software for yubikey AFAICT is open source. some of it would require > packaging. Just FYI, Aladdin refused, REFUSED to sell me 4 keys when I attempted to purchase them through CDW because I did have or want to have an Aladdin PKI Console software license. Nevermind that I didn't actually need their Console software or that Red Hat has a PKI management product. In my opinion, avoid Aladdin even if you can manage to get keys through a tertiary party. -- Matthew Galgoci Network Operations Red Hat, Inc 919.754.3700 x44155 From david at gnsa.us Mon Mar 30 18:17:41 2009 From: david at gnsa.us (David Nalley) Date: Mon, 30 Mar 2009 14:17:41 -0400 Subject: More auth options In-Reply-To: References: <200903301257.24803.dennis@ausil.us> Message-ID: On Mon, Mar 30, 2009 at 2:12 PM, Matthew Galgoci wrote: >> Date: Mon, 30 Mar 2009 12:57:23 -0500 >> From: Dennis Gilmore >> Reply-To: Fedora Infrastructure >> To: Fedora Infrastructure >> Subject: More auth options >> >> So doing a liitle looking around I cane across some options that look >> interesting, ?the following options would mean you need to physically have >> something to login. >> >> yubikey >> http://www.yubico.com/products/yubikey/ >> It would require a pam module and for us to setup a server for managing keys. >> it looks to be fairly low cost. ? it would implement a 2 facter >> authentication. >> >> etoken >> http://www.aladdin.com/etoken/devices/pro-usb.aspx >> >> it moves the public key from your hard drive to something you physically need >> to have >> >> >> ubikey is max USD$25 where ?the etoken is probably at least USD$30. ?I would >> think that with yubikey we could work out a deal with them to get a discount >> in return for us being a case study/prominent user of there product. ?all of >> the software for yubikey AFAICT is open source. ?some of it would require >> packaging. > > Just FYI, Aladdin refused, REFUSED to sell me 4 keys when I attempted > to purchase them through CDW because I did have or want to have an > Aladdin PKI Console software license. Nevermind that I didn't actually > need their Console software or that Red Hat has a PKI management > product. > > In my opinion, avoid Aladdin even if you can manage to get keys through > a tertiary party. +1 - Aladdin makes a lot of DRM (for software, not media (that I know of)) stuff too; all the more reason to avoid them. If Ubikey is supplying an open source stack to go with their hardware that sounds a more logical fit for the Fedora Project, and a more symbiotic relationship. From mgalgoci at redhat.com Mon Mar 30 18:21:19 2009 From: mgalgoci at redhat.com (Matthew Galgoci) Date: Mon, 30 Mar 2009 14:21:19 -0400 (EDT) Subject: More auth options In-Reply-To: <200903301257.24803.dennis@ausil.us> References: <200903301257.24803.dennis@ausil.us> Message-ID: > Date: Mon, 30 Mar 2009 12:57:23 -0500 > From: Dennis Gilmore > Reply-To: Fedora Infrastructure > To: Fedora Infrastructure > Subject: More auth options > > So doing a liitle looking around I cane across some options that look > interesting, the following options would mean you need to physically have > something to login. > > yubikey > http://www.yubico.com/products/yubikey/ > It would require a pam module and for us to setup a server for managing keys. > it looks to be fairly low cost. it would implement a 2 facter > authentication. > > etoken > http://www.aladdin.com/etoken/devices/pro-usb.aspx > > it moves the public key from your hard drive to something you physically need > to have > > > ubikey is max USD$25 where the etoken is probably at least USD$30. I would > think that with yubikey we could work out a deal with them to get a discount > in return for us being a case study/prominent user of there product. all of > the software for yubikey AFAICT is open source. some of it would require > packaging. Dennis, I know RSA is a bit expensive, but it might be worth thinking about RSA tokens as well. They have a OTP that changes every 60 seconds plus you have to add a PIN as well. Matt -- Matthew Galgoci Network Operations Red Hat, Inc 919.754.3700 x44155 From smooge at gmail.com Mon Mar 30 18:21:07 2009 From: smooge at gmail.com (Stephen John Smoogen) Date: Mon, 30 Mar 2009 12:21:07 -0600 Subject: More auth options In-Reply-To: <200903301257.24803.dennis@ausil.us> References: <200903301257.24803.dennis@ausil.us> Message-ID: <80d7e4090903301121h680f33e0n2215f4d41459bff2@mail.gmail.com> On Mon, Mar 30, 2009 at 11:57 AM, Dennis Gilmore wrote: > So doing a liitle looking around I cane across some options that look > interesting, ?the following options would mean you need to physically have > something to login. > > yubikey > http://www.yubico.com/products/yubikey/ > It would require a pam module and for us to setup a server for managing keys. > it looks to be fairly low cost. ? it would implement a 2 facter > authentication. > > etoken > http://www.aladdin.com/etoken/devices/pro-usb.aspx > These do look interesting and maybe better than the S/Key 64 bit key. I remember some bad stories about one of the 'Aladdin' companies (there are quite a few who use that name for security products).. but not sure which. The bigger question is who can we get some 'professional' opinions from? My crypto math is not good so I could not give an opinion of whether one usage of AES-128 versus another usage was equivalent, better, or worse. I would hate for us to end up with any solution that would end up on Shneier's Snake Oil pages. [I remember one token device that some people I know evaluated a while back that while it stored the key encrypted in AES-128 etc.. it had a register where it stored the unencrypted user token and could be looked at under any OS other than Windows.] -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" From rino.mardo at gmail.com Mon Mar 30 18:31:35 2009 From: rino.mardo at gmail.com (Rino Mardo) Date: Mon, 30 Mar 2009 21:31:35 +0300 Subject: An Introduction Message-ID: Hello, my name is Ferino Mardo but you can call me Rino. I am a network professional having been in the industry for more than 18 years. I used to be a coder (from assembler to C) but now working as a network manager. I don't consider myself a newbie though I also don't call myself a h4ck3r :-) but I do know my way around computers and the Internet. I have time available and want to contribute it to this dynamic team. i used to do shell scripts but that part is now rusted because my company now is using closed source softwares. As the nature of things outside of the US, we techies don't have any specialization to speak of. If you know a little sql command, bang!, you're the dba. but i do know my dns (also rusty), firewalls (closed source too), WAN management, UTP network cabling (handmade), install and maintain server OS, do patches, and other things as needed to do the job. Lookin at the FIG, I'm not sure which to join I hope someone can suggest a starting point? Am looking forward to contribute and hope to "see" you soon! Regards, Rino Mardo Key fingerprint = 71E1 31C1 7CE8 9E5A 295E 36B9 8BE8 C3B5 414B FCBD From rino.mardo at gmail.com Mon Mar 30 18:50:42 2009 From: rino.mardo at gmail.com (Rino Mardo) Date: Mon, 30 Mar 2009 21:50:42 +0300 Subject: sysadmin group Message-ID: ok i found a FIG and it's called sysadmin. i think this is the closest to my actual experience. i want to join sysadmin. should i apply now or wait for a nod? From tmz at pobox.com Mon Mar 30 20:00:56 2009 From: tmz at pobox.com (Todd Zullinger) Date: Mon, 30 Mar 2009 16:00:56 -0400 Subject: More auth options In-Reply-To: <200903301257.24803.dennis@ausil.us> References: <200903301257.24803.dennis@ausil.us> Message-ID: <20090330200056.GA17880@inocybe.teonanacatl.org> Dennis Gilmore wrote: > ubikey is max USD$25 where the etoken is probably at least USD$30. > I would think that with yubikey we could work out a deal with them > to get a discount in return for us being a case study/prominent user > of there product. all of the software for yubikey AFAICT is open > source. some of it would require packaging. A friend of mine bought a Yubikey recently and I helped him package up libyubikey-client and pam_yubico. In case anyone wants to look into this and doesn't want to have to start completely from stratch, these spec files might help: http://tmz.fedorapeople.org/specs/ -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I am free of all prejudice. I hate everyone equally. -- W. C. Fields -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available URL: From jkeating at redhat.com Mon Mar 30 20:44:29 2009 From: jkeating at redhat.com (Jesse Keating) Date: Mon, 30 Mar 2009 20:44:29 +0000 Subject: [PATCH] Add dist-f12 to the static repos. Message-ID: <1238445869-29032-1-git-send-email-jkeating@redhat.com> We're allowing for early branching now. --- configs/build/update-static-repos.py | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/configs/build/update-static-repos.py b/configs/build/update-static-repos.py index 16ee6ac..98d48c9 100755 --- a/configs/build/update-static-repos.py +++ b/configs/build/update-static-repos.py @@ -4,7 +4,7 @@ import os import sys import koji -TAGS = ('dist-olpc2-build', 'dist-olpc3-build', 'dist-olpc4-build', 'dist-f8-build', 'dist-f9-build', 'dist-f10-build', 'dist-f11-build', 'dist-rawhide', 'olpc2-update1', 'olpc2-ship2') +TAGS = ('dist-olpc2-build', 'dist-olpc3-build', 'dist-olpc4-build', 'dist-f9-build', 'dist-f10-build', 'dist-f11-build', 'dist-f12-build', 'dist-rawhide', 'olpc2-update1', 'olpc2-ship2') STATICPATH = '/mnt/koji/static-repos' SUFFIX = '-current' -- 1.5.5.6 From ricky at fedoraproject.org Mon Mar 30 21:12:48 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Mon, 30 Mar 2009 17:12:48 -0400 Subject: [PATCH] Add dist-f12 to the static repos. In-Reply-To: <1238445869-29032-1-git-send-email-jkeating@redhat.com> References: <1238445869-29032-1-git-send-email-jkeating@redhat.com> Message-ID: <20090330211248.GC26772@sphe.res.cmu.edu> On 2009-03-30 08:44:29 PM, Jesse Keating wrote: > We're allowing for early branching now. > --- > configs/build/update-static-repos.py | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/configs/build/update-static-repos.py b/configs/build/update-static-repos.py > index 16ee6ac..98d48c9 100755 > --- a/configs/build/update-static-repos.py > +++ b/configs/build/update-static-repos.py > @@ -4,7 +4,7 @@ import os > import sys > import koji > > -TAGS = ('dist-olpc2-build', 'dist-olpc3-build', 'dist-olpc4-build', 'dist-f8-build', 'dist-f9-build', 'dist-f10-build', 'dist-f11-build', 'dist-rawhide', 'olpc2-update1', 'olpc2-ship2') > +TAGS = ('dist-olpc2-build', 'dist-olpc3-build', 'dist-olpc4-build', 'dist-f9-build', 'dist-f10-build', 'dist-f11-build', 'dist-f12-build', 'dist-rawhide', 'olpc2-update1', 'olpc2-ship2') > STATICPATH = '/mnt/koji/static-repos' > SUFFIX = '-current' > > -- +1 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Mon Mar 30 21:42:40 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 30 Mar 2009 16:42:40 -0500 (CDT) Subject: An Introduction In-Reply-To: References: Message-ID: On Mon, 30 Mar 2009, Rino Mardo wrote: > Hello, my name is Ferino Mardo but you can call me Rino. I am a > network professional having been in the industry for more than 18 > years. I used to be a coder (from assembler to C) but now working as a > network manager. I don't consider myself a newbie though I also don't > call myself a h4ck3r :-) but I do know my way around computers and the > Internet. > > I have time available and want to contribute it to this dynamic team. > i used to do shell scripts but that part is now rusted because my > company now is using closed source softwares. As the nature of things > outside of the US, we techies don't have any specialization to speak > of. If you know a little sql command, bang!, you're the dba. but i do > know my dns (also rusty), firewalls (closed source too), WAN > management, UTP network cabling (handmade), install and maintain > server OS, do patches, and other things as needed to do the job. > > Lookin at the FIG, I'm not sure which to join I hope someone can > suggest a starting point? > > Am looking forward to contribute and hope to "see" you soon! > > > Regards, > > Rino Mardo > Welcome Rino, a good place to start is to stop by #fedora-admin on irc.freenode.net and say hey. If you cannot thats totally ok too and you can participate on the list. -Mike From mmcgrath at redhat.com Mon Mar 30 21:43:15 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 30 Mar 2009 16:43:15 -0500 (CDT) Subject: sysadmin group In-Reply-To: References: Message-ID: On Mon, 30 Mar 2009, Rino Mardo wrote: > ok i found a FIG and it's called sysadmin. i think this is the closest > to my actual experience. > > i want to join sysadmin. should i apply now or wait for a nod? > Yep, that's a good one to apply for as any other sysadmin-* groups require it. Let me know once you've applied and I'll make sure to sponsor you... beware though... you'll start getting nagios alerts. -Mike From mmcgrath at redhat.com Mon Mar 30 21:43:52 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 30 Mar 2009 16:43:52 -0500 (CDT) Subject: More auth options In-Reply-To: <20090330200056.GA17880@inocybe.teonanacatl.org> References: <200903301257.24803.dennis@ausil.us> <20090330200056.GA17880@inocybe.teonanacatl.org> Message-ID: On Mon, 30 Mar 2009, Todd Zullinger wrote: > Dennis Gilmore wrote: > > ubikey is max USD$25 where the etoken is probably at least USD$30. > > I would think that with yubikey we could work out a deal with them > > to get a discount in return for us being a case study/prominent user > > of there product. all of the software for yubikey AFAICT is open > > source. some of it would require packaging. > > A friend of mine bought a Yubikey recently and I helped him package up > libyubikey-client and pam_yubico. In case anyone wants to look into > this and doesn't want to have to start completely from stratch, these > spec files might help: http://tmz.fedorapeople.org/specs/ > Interesting, if you wouldn't mind having him join the list or blog about his experiences, I'd be interested in reading it. -Mike From mmcgrath at redhat.com Mon Mar 30 21:44:10 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 30 Mar 2009 16:44:10 -0500 (CDT) Subject: [PATCH] Add dist-f12 to the static repos. In-Reply-To: <20090330211248.GC26772@sphe.res.cmu.edu> References: <1238445869-29032-1-git-send-email-jkeating@redhat.com> <20090330211248.GC26772@sphe.res.cmu.edu> Message-ID: On Mon, 30 Mar 2009, Ricky Zhou wrote: > On 2009-03-30 08:44:29 PM, Jesse Keating wrote: > > We're allowing for early branching now. > > --- > > configs/build/update-static-repos.py | 2 +- > > 1 files changed, 1 insertions(+), 1 deletions(-) > > > > diff --git a/configs/build/update-static-repos.py b/configs/build/update-static-repos.py > > index 16ee6ac..98d48c9 100755 > > --- a/configs/build/update-static-repos.py > > +++ b/configs/build/update-static-repos.py > > @@ -4,7 +4,7 @@ import os > > import sys > > import koji > > > > -TAGS = ('dist-olpc2-build', 'dist-olpc3-build', 'dist-olpc4-build', 'dist-f8-build', 'dist-f9-build', 'dist-f10-build', 'dist-f11-build', 'dist-rawhide', 'olpc2-update1', 'olpc2-ship2') > > +TAGS = ('dist-olpc2-build', 'dist-olpc3-build', 'dist-olpc4-build', 'dist-f9-build', 'dist-f10-build', 'dist-f11-build', 'dist-f12-build', 'dist-rawhide', 'olpc2-update1', 'olpc2-ship2') > > STATICPATH = '/mnt/koji/static-repos' > > SUFFIX = '-current' > > > > -- > +1 > +1 -Mike