FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 08-14-2008, 11:15 PM
"Paul W. Frields"
 
Default Important infrastructure announcement

The Fedora Infrastructure team is currently investigating an issue in
the infrastructure systems. That process may result in service outages,
for which we apologize in advance. We're still assessing the end-user
impact of the situation, but as a precaution, we recommend you not
download or update any additional packages on your Fedora systems.

We'll share updates as we develop more information. Those updates will
be published here on the public fedora-announce-list:
https://redhat.com/mailman/listinfo/fedora-announce-list

Thanks for your patience as we continue working on this.


--
Paul W. Frields
gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717
http://paul.frields.org/ - - http://pfrields.fedorapeople.org/
irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 08-14-2008, 11:15 PM
"Paul W. Frields"
 
Default Important infrastructure announcement

The Fedora Infrastructure team is currently investigating an issue in
the infrastructure systems. That process may result in service outages,
for which we apologize in advance. We're still assessing the end-user
impact of the situation, but as a precaution, we recommend you not
download or update any additional packages on your Fedora systems.

We'll share updates as we develop more information. Those updates will
be published here on the public fedora-announce-list:
https://redhat.com/mailman/listinfo/fedora-announce-list

Thanks for your patience as we continue working on this.


--
Paul W. Frields
gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717
http://paul.frields.org/ - - http://pfrields.fedorapeople.org/
irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug
_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
 
Old 08-14-2008, 11:30 PM
"Paul W. Frields"
 
Default Important infrastructure announcement

The Fedora Infrastructure team is currently investigating an issue in
the infrastructure systems. That process may result in service outages,
for which we apologize in advance. We're still assessing the end-user
impact of the situation, but as a precaution, we recommend you not
download or update any additional packages on your Fedora systems.

We'll share updates as we develop more information. Those updates will
be published here on the public fedora-announce-list:
https://redhat.com/mailman/listinfo/fedora-announce-list

Thanks for your patience as we continue working on this.


--
Paul W. Frields
gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717
http://paul.frields.org/ - - http://pfrields.fedorapeople.org/
irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug
--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-announce-list______________________________________________ _
fedora-advisory-board mailing list
fedora-advisory-board@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
 
Old 08-14-2008, 11:30 PM
"Paul W. Frields"
 
Default Important infrastructure announcement

The Fedora Infrastructure team is currently investigating an issue in
the infrastructure systems. That process may result in service outages,
for which we apologize in advance. We're still assessing the end-user
impact of the situation, but as a precaution, we recommend you not
download or update any additional packages on your Fedora systems.

We'll share updates as we develop more information. Those updates will
be published here on the public fedora-announce-list:
https://redhat.com/mailman/listinfo/fedora-announce-list

Thanks for your patience as we continue working on this.


--
Paul W. Frields
gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717
http://paul.frields.org/ - - http://pfrields.fedorapeople.org/
irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug
--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-announce-list--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 08-14-2008, 11:30 PM
"Paul W. Frields"
 
Default Important infrastructure announcement

The Fedora Infrastructure team is currently investigating an issue in
the infrastructure systems. That process may result in service outages,
for which we apologize in advance. We're still assessing the end-user
impact of the situation, but as a precaution, we recommend you not
download or update any additional packages on your Fedora systems.

We'll share updates as we develop more information. Those updates will
be published here on the public fedora-announce-list:
https://redhat.com/mailman/listinfo/fedora-announce-list

Thanks for your patience as we continue working on this.


--
Paul W. Frields
gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717
http://paul.frields.org/ - - http://pfrields.fedorapeople.org/
irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug
--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-announce-list______________________________________________ _
fedora-advisory-board mailing list
fedora-advisory-board@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
 
Old 08-14-2008, 11:30 PM
"Paul W. Frields"
 
Default Important infrastructure announcement

The Fedora Infrastructure team is currently investigating an issue in
the infrastructure systems. That process may result in service outages,
for which we apologize in advance. We're still assessing the end-user
impact of the situation, but as a precaution, we recommend you not
download or update any additional packages on your Fedora systems.

We'll share updates as we develop more information. Those updates will
be published here on the public fedora-announce-list:
https://redhat.com/mailman/listinfo/fedora-announce-list

Thanks for your patience as we continue working on this.


--
Paul W. Frields
gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717
http://paul.frields.org/ - - http://pfrields.fedorapeople.org/
irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug
--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-announce-list--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 08-15-2008, 03:35 AM
Danny Yee
 
Default Important infrastructure announcement

Uh oh. This sounds very much like there's been a security breach
on infrastructure systems, which may have compromised packages or
even repositories.

I've disabled automatic installation of updates for the moment;
I'm sure what else we can do.

Danny.

Paul W. Frields wrote:
> The Fedora Infrastructure team is currently investigating an issue in
> the infrastructure systems. That process may result in service outages,
> for which we apologize in advance. We're still assessing the end-user
> impact of the situation, but as a precaution, we recommend you not
> download or update any additional packages on your Fedora systems.
>
> We'll share updates as we develop more information. Those updates will
> be published here on the public fedora-announce-list:
> https://redhat.com/mailman/listinfo/fedora-announce-list
>
> Thanks for your patience as we continue working on this.
>
>
> --
> Paul W. Frields
> gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717
> http://paul.frields.org/ - - http://pfrields.fedorapeople.org/
> irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug
>
> --
> fedora-devel-list mailing list
> fedora-devel-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-devel-list

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 08-15-2008, 06:03 AM
Leszek Matok
 
Default Important infrastructure announcement

Dnia 2008-08-15, o godz. 13:35:46 Danny Yee <danny@anatomy.usyd.edu.au>
napisaƂ(a):

> Uh oh. This sounds very much like there's been a security breach
> on infrastructure systems, which may have compromised packages or
> even repositories.
>
> I've disabled automatic installation of updates for the moment;
> I'm sure what else we can do.
Actually, I think thousands of users are downloading at least the metadata
because there was no clear way of disabling PackageKit on update. And the
metadata, in theory, can exploit a bug in yum, all out of sight of users.

That's what you get when you force users to download things in the background
for them. Told ya!

Lam
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 08-15-2008, 07:54 AM
Richard Hughes
 
Default Important infrastructure announcement

On Fri, 2008-08-15 at 08:03 +0200, Leszek Matok wrote:
> Actually, I think thousands of users are downloading at least the
> metadata because there was no clear way of disabling PackageKit on
> update. And the metadata, in theory, can exploit a bug in yum, all out
> of sight of users.

Nice speculation, but I would rather wait for hard facts.

> That's what you get when you force users to download things in the
> background for them. Told ya!

Apple and Microsoft both do the same. Unless we download and install
security updates automatically then we are not a serious contender for
the home market.

PackageKit will only allow automatic updates of signed packages. If
we're pumping out invalid signed updates then, well, meh.

Richard.


--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 08-15-2008, 12:57 PM
Danny Yee
 
Default Important infrastructure announcement

Richard Hughes wrote:
> PackageKit will only allow automatic updates of signed packages. If
> we're pumping out invalid signed updates then, well, meh.

The implication of the announcement is that signed updates may be
compromised (or possibly even the key). How else can we read this?

"as a precaution, we recommend you not download or update
any additional packages on your Fedora systems"

Danny.

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 

Thread Tools




All times are GMT. The time now is 04:00 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org