I bumped into a recent post that describes the way someone could get
access to your account using facebook oauth. According to the
> Every website with "Connect Facebook account and log in with it" is
> vulnerable to account hijacking.
Facebook will not fix this anytime soon. Should we disable facebook
login until this gets resolved?
FAS : axilleas
GPG : 0xABF99BE5
The infrastructure team will be having it's weekly meeting tomorrow,
2014-02-13 at 19:00 UTC in #fedora-meeting on the freenode network.
#topic New folks introductions and Apprentice tasks.
If any new folks want to give a quick one line bio or any apprentices
would like to ask general questions, they can do so in this part of the
meeting. Don't be shy!
#topic Applications status / discussion
Check in on status of our applications: pkgdb, fas, bodhi, koji,
community, voting, tagger, packager, dpsearch, etc.
If there's new releases, bugs we need to work around or things to note.
#topic Sysadmin status / discussion
Here we talk about sysadmin related happenings from the previous week,
or things that are upcoming.
#topic Upcoming Tasks/Items
#topic Open Floor
Submit your agenda items, as tickets in the trac instance and send a
note replying to this thread.
More info here:
IRC handle: ruchikasb
Skills: I have worked as a Linux Administrator( Redhat mainly). I have
been part of large infrastructure setup.Lately, I am unemployed and would
like to be into the Linux world too. I am looking forward to use my
knowledge here and gain some from the community
Work: I would like to get involved in Linux infrastructure setup with
different services running. I would like to work towards security hardening
of the system.
Looking forward to get involved.
I've created a ticket to add some missing web apps to apps.fp.o.
The question (as discussed in irc just now) is should copr be added at
this stage. So, does "wide beta" equate to production enough to make it
Any other apps that you can think of that are missing, then add them to
the ticket and I'll get the info together for them as well. Will aim to
have it done about mid week at this stage.
Good morning everyone,
As you know Ralph and I went to DevConf last week-end, and of course, what
happens when you put two hackers in the same room? Well they go crazy and start
hacking... The result of this is summershum.
The idea originates from a discussion between Mickael Scherrer, Ralph and I on
Friday evening. Could we track all the files in every packages in the
Ideally, this would allow us to investigate questions like:
- How many copies of the GPL license are shipped?
- How many GPL license still ship the old FSF address?
- How many copies of jquery or md5.c?
- How many files changed between two releases?
So Ralph and I wrote summershum, it's a simple database storing for each file in
- the packages name
- the filename
- the sha1sum of the file
- the tarball name
- the md5sum of the tarball
- a creation date
Next to the database is a fedmsg consumer that for each new upload on the
lookaside cache, download the new tarball, extracts it and fills the database
with the sha1sum of every file found.
There is a RFE opened on the project to store the same information for the
binary/rpm themselves. This would work for each successful build on koji.
The project is currently at: https://github.com/ralphbean/summershum
It comes with a summershum-cli which fills the database using datagrepper to
retrieve the recent uploads to the lookaside cache and load them in the
I think the current state is good enough to start deploying it but we wanted to
announce/discuss about it before taking any further action.
So, what do you think?
Good morning all,
i have a short and maybe noob question.
I keep my eyes on nagios from time to time trying to get an better
knowledge on how the fedora servers work.
Now, how can i access the machines? mostly my login try gets rejected.
So i dont know if i am doing something wrong or i just really dont have
access to these machines.
I will be creating Nagios alerts and testing it. If you will see Copr alerts feel free to ignore them until I say otherwise.
Miroslav Suchy, RHCE, RHCDS
Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys