Till Maas wrote:

On Mon August 25 2008, Dennis Gilmore wrote:


i use vi and it honestly is as expected. could you email me your copy of
one of the ca certs so i can see on the file you got. ive not been able
to reproduce it at all.


I can reproduce it with:
curl --silent https://admin.fedoraproject.org/accounts/fedora-server-ca.cert |
xxd | head -n 241


Regards,
Till




It is also very easy to see if you go to the page in Firefox and do
Edit->Select All. The trailing whitespace is very visible.


rob
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list

Rob Crittenden wrote:

Till Maas wrote:

On Mon August 25 2008, Dennis Gilmore wrote:

i use vi and it honestly is as expected. could you email me your
copy of
one of the ca certs so i can see on the file you got. ive not been
able

to reproduce it at all.


I can reproduce it with:
curl --silent
https://admin.fedoraproject.org/accounts/fedora-server-ca.cert | xxd
| head -n 241


Regards,
Till




It is also very easy to see if you go to the page in Firefox and do
Edit->Select All. The trailing whitespace is very visible.


rob



Dennis,

It would be very fine if you have confirmed that you see the spaces as
well. Otherwise, in the context of recent events, our concern may grow a
lot...



~buc

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list

> rm ~/.fedora-server-ca.cert ~/.fedora-upload-ca.cert
> fedora-packager-setup

Anyone else seeing issues when running the f-p-s process on Fedora 9?

I'm seeing the following errors

$ fedora-packager-setup
Setting up Koji client...
Cannot specify -r, -p or -N if -O is given.
Usage: wget [OPTION]... [url]...
$

Regards,
Peter

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list

Peter Robinson wrote:
>> rm ~/.fedora-server-ca.cert ~/.fedora-upload-ca.cert
>> fedora-packager-setup
>
> Anyone else seeing issues when running the f-p-s process on Fedora 9?
>
> I'm seeing the following errors
>
> $ fedora-packager-setup
> Setting up Koji client...
> Cannot specify -r, -p or -N if -O is given.
> Usage: wget [OPTION]... [url]...

You likely have timestamping=on in a wgetrc file. For a while now,
wget has gone stupid when using -N (aka timestamping=on) and -O.

[I think this has changed from an error to a warning wget now, though
I'm not sure if that's in a released version of wget or not. I simply
use curl instead of wget where possible these days.]

--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~
I don't know the key to success, but the key to failure is to try to
please everyone.
-- Bill Cosby

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list

Dmitry Butskoy wrote:

Rob Crittenden wrote:

Till Maas wrote:

On Mon August 25 2008, Dennis Gilmore wrote:

i use vi and it honestly is as expected. could you email me your
copy of
one of the ca certs so i can see on the file you got. ive not been
able

to reproduce it at all.


I can reproduce it with:
curl --silent
https://admin.fedoraproject.org/accounts/fedora-server-ca.cert | xxd
| head -n 241


Regards,
Till




It is also very easy to see if you go to the page in Firefox and do
Edit->Select All. The trailing whitespace is very visible.


rob



Dennis,

It would be very fine if you have confirmed that you see the spaces as
well. Otherwise, in the context of recent events, our concern may grow a
lot...


I can confirm that I get the version with extra spaces and that the
extra spaces are present in the cert that's in puppet (and from there
pushed out to the web server). I'll let Dennis handle anything else
about this, though.


-Toshio

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list

Axel Thimm wrote:

Could perhaps Fedora/RHEL drop these certificates under
/etc/pki/tls/certs/ to automatically trust them?

If one trusts the Fedora/RHEL keys and packages like firefox for
serving the https connections, then there is not much more further
trust needed to blindly add these.


No comments? I thought this sounded like a good idea...

--
Matthew
Person A: It's an ISO standard.
Person B: ...And that means what?
--mal (http://theangryadmin.blogspot.com/2008/04/future.html)

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list

On Tuesday 26 August 2008, Todd Zullinger wrote:
> Peter Robinson wrote:
> >> rm ~/.fedora-server-ca.cert ~/.fedora-upload-ca.cert
> >> fedora-packager-setup
> >
> > Anyone else seeing issues when running the f-p-s process on Fedora 9?
> >
> > I'm seeing the following errors
> >
> > $ fedora-packager-setup
> > Setting up Koji client...
> > Cannot specify -r, -p or -N if -O is given.
> > Usage: wget [OPTION]... [url]...

A fix/workaround against f-p-s 0.3.1 for that is at
https://bugzilla.redhat.com/459826

> You likely have timestamping=on in a wgetrc file. For a while now,
> wget has gone stupid when using -N (aka timestamping=on) and -O.

Right, https://bugzilla.redhat.com/441862

> [I think this has changed from an error to a warning wget now, though
> I'm not sure if that's in a released version of wget or not.

Yep, released upstream (1.11.3+) I hear, but the new version is only in
Rawhide in Fedora. Hopefully the wget maintainer acts on this soon for
released distro versions (see above bug report).

> I simply use curl instead of wget where possible these days.]

Ditto, and have ported a bunch of apps to do that too. Upstreams have been
quite receptive to these changes.


--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list