Latewst announcew list posting

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



For those curious about the status of updates here is te latest scoop.

11]
https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01215.html
Intrusion Recovery Slow and Steady

A politely phrased request[1] was made on 25-08-2008 by Mike Chambers
for information about when normal service would resume in the Fedora
Project after the disruptions[1a]. Enigmatically Dominik 'Rathann'
Mierzejewski observed[2] that there had been "some speculation on
fedora-advisory-board that might explain the information blackout, so
please don't jump to conclusions until you really know what happened"
This led Chris Adams to observe that the list archives appeared to be
offline and to restate the request for information "[...] in the absence
of information, rumors and speculation fill the gap (which is not good)."

[1]
https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01102.html

[1a]
https://fedoraproject.org/wiki/FWN/Issue140#Mysterious_Fedora_Compromise

[2]
https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01122.html

Several days later (on 28-08-2008) a similar request was made[3] by Alan
Dunn. He wondered whether bodhi was pushing updates out again, and Josh
Boyer responded[4] that planning and implementation of "how to revoke
the current gpg key used to sign RPMs" were in progress. Jesse Keating
cautioned[5] that the migration to a new key would be slow "I'm
currently re-signing all of the 8 and 9 content with these new keys so
that we can make them available along with the new updates with the new
key for these product lines. This is going to take some time due to the
nature of how our signing works."

[3]
https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01308.html

[4]
https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01309.html

[5]
https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01310.html

A proposal mooted[6] on @rel-eng by Warren Togami and others provided
some insight into at least the part of the plans that involve the
problem of how to distribute a new package signing key.

[6] http://lists.fedoraproject.org/pipermail/rel-eng/2008-August/001627.html

"nodata" asked[7] whether the new plans included a means to push out
critical security updates even while there was a general outage. The
thinking behind this seems to be that an attacker could decide to knock
out Fedora infrastructure in order to gain some time to exploit a known
vulnerability even if a simple fix existed. Jesse Keating replied[8]
confidently that in such a scenario the Fedora Project would do
"whatever it takes [...] to get a critical update onto a public
webserver should the need arise" and cautioned against wasting time
trying to plan for every possible scenario. Toshio Kuratomi added[9]
that although it might be possible to speed up recovery "[...]
unfortunately if the infrastructure problem is bad enough, there's no
way we can push package X out until the problem is at least partially
resolved."

[7]
https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01313.html

[8]
https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01314.html

[9]
https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01316.html

On 27-08-2008 Paul Johnson noted that it was possible to "compose and
build" and asked "when will updates via yum become available for
rawhide?" Jeremy Katz responded[10] that "[a]t the moment, the compose
is falling over for new reasons unrelated to the infrastructure changes.
Hopefully we'll see a rawhide make its way out to the masses real soon now."

[10]
https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01249.html

Later Mike Chambers and Ola Thoresen reported[11] that updating from
Fedora 9 to Rawhide seemed to be working. Several Rawhide Reports also
appeared[12].

[11]
https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01350.html

[12]
https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01339.html

= Infrastructure =

This section contains the discussion happening on the
fedora-infrastructure-list

http://fedoraproject.org/wiki/Infrastructure

Contributing Writer: HuzaifaSidhpurwala
Some noteworty praise

Paul W. Frields writes for fedora-infrastructure-list [1]

Paul forwarded a mail [2] send by Tim Burke, who is the Director of
Linux Development inside Red Hat, praising the efforts of fedorans who
rose to the occasion to bring things back on track after the recent
incidents in Fedora infrastructure.

[1]
https://www.redhat.com/archives/fedora-infrastructure-list/2008-August/msg00149.html

[2]
https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01023.html
Maintaining a partial cvs workarea

Axel Thimm writes for fedora-infrastructure-list [3]

Axel described how he was keeping a partial check-out of packages, ie
the ones which he was maintaining. Now he would like to be able to cvs
up and have all updates flow in, but if he does do so cvs will want to
get all other thousand packages in. He is currently using a for loop
with pushd/popd, but this process is extremely slow. Axel asked if there
was a better way of doing this?




--
=======================================================================
Most public domain software is free, at least at first glance.
=======================================================================
Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam@xxxxxxxxxxxxx


-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux