#140: Fedora 20 release flyer for developers ----------------------------------+------------------------------ Reporter: ankursinha | Owner: Type: task | Status: new Priority: major | Milestone: Future releases Component: Release deliverables | Severity: not-urgent Keywords: | Blocked By: Blocking: | ----------------------------------+------------------------------ A flyer showcasing new features for developers would be great to have too.
#140: Fedora 20 release flyer for developers -----------------------------------+------------------------ Reporter: ankursinha | Owner: Type: task | Status: new Priority: major | Milestone: Fedora 20 Component: Release deliverables | Severity: not-urgent Resolution: | Keywords: Blocked By: | Blocking: -----------------------------------+------------------------ Changes (by ankursinha):
* milestone: Future releases => Fedora 20
Hi all,
Greetings! I have been watching the e-mail traffic for a while now, but have not yet introduced myself. My first distro of Fedora was Fedora 10. I love Fedora.
I have a question that might be a stumbling block to those who might be considering leaving the mainstream OS lot permanently and switching to Fedora:
Does anyone know if Bug 877623 fixed now? This is the issue in which fedup does not verify online update sources and might be vulnerable to man-in-the-middle attacks. For someone who is still using their first distro of Fedora and who is looking to upgrade, this bug could be a show stopper that might drive her/him away from Fedora.
I read the comments in https://bugzilla.redhat.com/show_bug.cgi?id=877623 and it looks like the bug might have been at least partially fixed by a gentleman by the name of Will Woods. Confirmation of this resolution would be handy in marketing Fedora as secure. If it is indeed fixed, then the warning on the Fedup page (http://fedoraproject.org/wiki/FedUp) should be removed as it might alarm people.
I am interested in what the rest of the group has to say about this.
I wish all a pleasant evening/day (depending on your respective time-zones).
clear skies, ______________________________________ Joe Rauch ______________________________________
On Fri, Sep 20, 2013 at 11:04:24PM -0700, Joe Rauch wrote:
I read the comments in https://bugzilla.redhat.com/show_bug.cgi?id=877623 and it looks like the bug might have been at least partially fixed by a gentleman by the name of Will Woods. Confirmation of this resolution would be handy in marketing Fedora as secure. If it is indeed fixed, then the warning on the Fedup page (http://fedoraproject.org/wiki/FedUp) should be removed as it might alarm people.
So, reading this - it seems that Will is saying that verifying the server is not needed. The packages are signed - and if they are good, it doesn't really matter if the server is what it says it is. Make sense? You care about the packages, not the source of the packages (in this scenario).
I am interested in what the rest of the group has to say about this.
That's how I interpret it - but, at any rate, I think this is something that should be followed up on devel rather than marketing.
Best,
jzb
#140: Fedora 20 release flyer for developers -----------------------------------+------------------------ Reporter: ankursinha | Owner: Type: task | Status: closed Priority: major | Milestone: Fedora 20 Component: Release deliverables | Severity: not-urgent Resolution: invalid | Keywords: Blocked By: | Blocking: -----------------------------------+------------------------ Changes (by chrisroberts):
* status: new => closed * resolution: => invalid
marketing@lists.fedoraproject.org