FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 08-25-2008, 05:46 PM
"Daniel B. Thurman"
 
Default F8/F9 updates

Has there been any updates as of 1 week or so. Seems that
I am not getting any updates since the announcement.

Do I need to do anything if there were updates?

Thanks!
Dan

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-25-2008, 05:54 PM
Bruno Wolff III
 
Default F8/F9 updates

On Mon, Aug 25, 2008 at 10:46:35 -0700,
"Daniel B. Thurman" <dant@cdkkt.com> wrote:
>
> Has there been any updates as of 1 week or so. Seems that
> I am not getting any updates since the announcement.

Pending updates are flowing again. They seem to be stuck in pending right now.
So you do have the option of grabbing things one off from Koji if you are
looking for something in particular.

There are reasons that they might not be able to be pushed out yet. I asked
in another thread today if there was an estimate for when these might get
pushed to updates and updates-testing.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-25-2008, 10:38 PM
Rahul Sundaram
 
Default F8/F9 updates

Bruno Wolff III wrote:

On Mon, Aug 25, 2008 at 10:46:35 -0700,
"Daniel B. Thurman" <dant@cdkkt.com> wrote:

Has there been any updates as of 1 week or so. Seems that
I am not getting any updates since the announcement.


Pending updates are flowing again. They seem to be stuck in pending right now.
So you do have the option of grabbing things one off from Koji if you are
looking for something in particular.

There are reasons that they might not be able to be pushed out yet. I asked
in another thread today if there was an estimate for when these might get
pushed to updates and updates-testing.


Since Fedora has changed its key now, new pushes requires packages to be
(re)signed with the new key. Release engineering is still working out
the details with Fedora Engineering Steering Committee.


Rahul

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-26-2008, 07:06 AM
Bruno Wolff III
 
Default F8/F9 updates

On Tue, Aug 26, 2008 at 04:08:30 +0530,
Rahul Sundaram <sundaram@fedoraproject.org> wrote:
>
> Since Fedora has changed its key now, new pushes requires packages to be
> (re)signed with the new key. Release engineering is still working out
> the details with Fedora Engineering Steering Committee.

Thanks for the update.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-26-2008, 11:06 PM
Kevin Kofler
 
Default F8/F9 updates

Rahul Sundaram <sundaram <at> fedoraproject.org> writes:
> Since Fedora has changed its key now, new pushes requires packages to be
> (re)signed with the new key. Release engineering is still working out
> the details with Fedora Engineering Steering Committee.

IMHO it would be much safer to push them out with the old key (I sure hope the
private key was kept around somewhere - it's also needed to generate
revocations!) in the meantime than not to push any updates at all. Some of
those updates are security updates, not pushing them effectively means the
intruder was successful at DoSing our flow of security updates and rendering
target systems vulnerable. I consider the threat of not applying security
updates to be much higher than the threat of a potentially compromised (*)
signature: many people install completely unsigned packages, e.g. "I just
fetched build $nevr from Koji", Rawhide packages, third-party packages with no
signature (even from servers where it isn't clear whether they can be trusted);
people also import signing keys from many third-party repositories whose
security practices (or even whose own trustworthiness) are not controlled by
the Fedora Project.

(*) (even not taking into account the fact that the signing key probably wasn't
actually compromised in the first place according to the announcement)

Kevin Kofler

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
 

Thread Tools




All times are GMT. The time now is 06:43 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org