For those curious about the status of updates here is te latest scoop. 11] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01215.html Intrusion Recovery Slow and Steady A politely phrased request[1] was made on 25-08-2008 by Mike Chambers for information about when normal service would resume in the Fedora Project after the disruptions[1a]. Enigmatically Dominik 'Rathann' Mierzejewski observed[2] that there had been "some speculation on fedora-advisory-board that might explain the information blackout, so please don't jump to conclusions until you really know what happened" This led Chris Adams to observe that the list archives appeared to be offline and to restate the request for information "[...] in the absence of information, rumors and speculation fill the gap (which is not good)." [1] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01102.html [1a] https://fedoraproject.org/wiki/FWN/Issue140#Mysterious_Fedora_Compromise [2] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01122.html Several days later (on 28-08-2008) a similar request was made[3] by Alan Dunn. He wondered whether bodhi was pushing updates out again, and Josh Boyer responded[4] that planning and implementation of "how to revoke the current gpg key used to sign RPMs" were in progress. Jesse Keating cautioned[5] that the migration to a new key would be slow "I'm currently re-signing all of the 8 and 9 content with these new keys so that we can make them available along with the new updates with the new key for these product lines. This is going to take some time due to the nature of how our signing works." [3] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01308.html [4] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01309.html [5] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01310.html A proposal mooted[6] on @rel-eng by Warren Togami and others provided some insight into at least the part of the plans that involve the problem of how to distribute a new package signing key. [6] http://lists.fedoraproject.org/pipermail/rel-eng/2008-August/001627.html "nodata" asked[7] whether the new plans included a means to push out critical security updates even while there was a general outage. The thinking behind this seems to be that an attacker could decide to knock out Fedora infrastructure in order to gain some time to exploit a known vulnerability even if a simple fix existed. Jesse Keating replied[8] confidently that in such a scenario the Fedora Project would do "whatever it takes [...] to get a critical update onto a public webserver should the need arise" and cautioned against wasting time trying to plan for every possible scenario. Toshio Kuratomi added[9] that although it might be possible to speed up recovery "[...] unfortunately if the infrastructure problem is bad enough, there's no way we can push package X out until the problem is at least partially resolved." [7] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01313.html [8] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01314.html [9] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01316.html On 27-08-2008 Paul Johnson noted that it was possible to "compose and build" and asked "when will updates via yum become available for rawhide?" Jeremy Katz responded[10] that "[a]t the moment, the compose is falling over for new reasons unrelated to the infrastructure changes. Hopefully we'll see a rawhide make its way out to the masses real soon now." [10] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01249.html Later Mike Chambers and Ola Thoresen reported[11] that updating from Fedora 9 to Rawhide seemed to be working. Several Rawhide Reports also appeared[12]. [11] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01350.html [12] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01339.html = Infrastructure = This section contains the discussion happening on the fedora-infrastructure-list http://fedoraproject.org/wiki/Infrastructure Contributing Writer: HuzaifaSidhpurwala Some noteworty praise Paul W. Frields writes for fedora-infrastructure-list [1] Paul forwarded a mail [2] send by Tim Burke, who is the Director of Linux Development inside Red Hat, praising the efforts of fedorans who rose to the occasion to bring things back on track after the recent incidents in Fedora infrastructure. [1] https://www.redhat.com/archives/fedora-infrastructure-list/2008-August/msg00149.html [2] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01023.html Maintaining a partial cvs workarea Axel Thimm writes for fedora-infrastructure-list [3] Axel described how he was keeping a partial check-out of packages, ie the ones which he was maintaining. Now he would like to be able to cvs up and have all updates flow in, but if he does do so cvs will want to get all other thousand packages in. He is currently using a for loop with pushd/popd, but this process is extremely slow. Axel asked if there was a better way of doing this? -- ======================================================================= Most public domain software is free, at least at first glance. ======================================================================= Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam@xxxxxxxxxxxxx -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
