We should move to something more secure than md5 for the uploaded sources.
This patch series implements the client-side part of this change.
We might want to drop the md5 fallback once we have migrated completely, that
is when:
1. all archives on the lookaside have been moved to a stronger hash
2. the "sources" file in all git repos has been updated to the same hash
https://fedorahosted.org/rel-eng/ticket/5846
#5846: move away from md5 for look-aside cache
------------------+------------------------
Reporter: till | Owner: rel-eng@…
Type: task | Status: new
Milestone: | Component: other
Keywords: | Blocked By:
Blocking: |
------------------+------------------------
The lookaside cache uses md5, but something more secure like sha-256 or
sha-512 should be used instead. Maybe it should even be made to allow easy
changes in the future.
--
Ticket URL: <https://fedorahosted.org/rel-eng/ticket/5846>
Fedora Release Engineering <http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project
#5992: Create new fedora-ca certificates without SHA1
-----------------------------+------------------------
Reporter: till | Owner: rel-eng@…
Type: task | Status: new
Milestone: Fedora 20 Final | Component: koji
Keywords: | Blocked By:
Blocking: |
-----------------------------+------------------------
Currently .fedora-server-ca.cert and .fedora-upload-ca.cert use SHA1 for
their self-signatures. Since SHA1 support is phased out, it might be a
good idea to re-create the signatures.
--
Ticket URL: <https://fedorahosted.org/rel-eng/ticket/5992>
Fedora Release Engineering <http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project
#6096: add individual email addressses to Fedoras GPG keys
-----------------------------+------------------------
Reporter: till | Owner: rel-eng@…
Type: task | Status: new
Milestone: Fedora 21 Final | Component: koji
Keywords: meeting | Blocked By:
Blocking: |
-----------------------------+------------------------
In
https://lists.fedoraproject.org/pipermail/devel/2015-January/207255.html
it was announced that Fedora user's gpg keys are now distributed via
DNSSEC protected DNS. To also be able to distribute the release GPG keys,
they need a email address properly identifies them. We could use something
like {{{RPM-GPG-KEY-fedora-22-primary(a)fedoraproject.org}}} or
{{{fedora-22-primary(a)fedoraproject.org}}}
--
Ticket URL: <https://fedorahosted.org/rel-eng/ticket/6096>
Fedora Release Engineering <http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project
#6023: allow Peter Robinson to restart sigul bridges
-----------------------------+------------------------
Reporter: till | Owner: rel-eng@…
Type: task | Status: new
Milestone: Fedora 20 Final | Component: koji
Keywords: meeting | Blocked By:
Blocking: |
-----------------------------+------------------------
The sigul bridges are very unstable, but currently nobody from Europe can
restart it, therefore it might be unusable for a long time until Dennis
Gilmore or Kevin Fenzi find the time to restart it. Especially to get the
autosigner run smoothly it would be better to have at least one more being
able to restart the bridges. Peter Robinson would be a good candidate.
--
Ticket URL: <https://fedorahosted.org/rel-eng/ticket/6023>
Fedora Release Engineering <http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project
#6085: f22-ghc buildtag for ghc-7.8
-----------------------------+------------------------
Reporter: petersen | Owner: rel-eng@…
Type: task | Status: new
Milestone: Fedora 22 Alpha | Component: koji
Keywords: | Blocked By:
Blocking: |
-----------------------------+------------------------
I want to build ghc-7.8 soon in Rawhide.
In the past (before ARM primary) we have done major ghc version updates in
rawhide directly but I am cautious about doing this now because of ARM.
Building will also take longer now because of armv7.
So I would like to request a f22-ghc buildtag for building ghc-7.8.
I estimate a 7-10 days may be needed to complete this work
though I will try to get it done quicker if possible.
cf https://fedoraproject.org/wiki/Changes/GHC_7.8
(Note this change was previously approved for F21 but for various reasons
we didn't manage to land it during the F21 devel cycle.)
--
Ticket URL: <https://fedorahosted.org/rel-eng/ticket/6085>
Fedora Release Engineering <http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project
#6093: Request for f22-boost dist tag
-----------------------------+------------------------
Reporter: pmachata | Owner: rel-eng@…
Type: task | Status: new
Milestone: Fedora 22 Alpha | Component: koji
Keywords: | Blocked By:
Blocking: |
-----------------------------+------------------------
As part of the regular Boost rebase ritual, I would like to ask for a side
tag for rebuild of Boost dependencies. The approved change is here:
https://fedoraproject.org/wiki/Changes/F22Boost158
The expected life-time of the tag is under a week--I expect to merge on
Thursday Jan 29 at the latest, maybe Friday Jan 30 in wee hours of UTC.
--
Ticket URL: <https://fedorahosted.org/rel-eng/ticket/6093>
Fedora Release Engineering <http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project
#6092: f22-kde build target
-----------------------------+------------------------
Reporter: rdieter | Owner: rel-eng@…
Type: task | Status: new
Milestone: Fedora 22 Alpha | Component: koji
Keywords: | Blocked By:
Blocking: |
-----------------------------+------------------------
Work in earnest will begin to import Plasma5 into rawhide as part of
http://fedoraproject.org/wiki/Changes/Plasma_5
and would be nicer to all if this were done initially in a side tag, to
avoid a week (or more) of transition and broken dependencies.
Please create f22-kde tag/target for this purpose, thanks.
--
Ticket URL: <https://fedorahosted.org/rel-eng/ticket/6092>
Fedora Release Engineering <http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project
#6091: Remove orphaned "ipa" package
-----------------------------+------------------------
Reporter: mkosek | Owner: rel-eng@…
Type: task | Status: new
Milestone: Fedora 21 Final | Component: koji
Keywords: | Blocked By:
Blocking: |
-----------------------------+------------------------
Fedora package database contains "ipa" package:
https://admin.fedoraproject.org/pkgdb/package/ipa/
However, this is a retired package that was never used, FreeIPA package in
Fedora is called "freeipa":
https://admin.fedoraproject.org/pkgdb/package/freeipa/
Can you please remove/block/disable "ipa" package in pkgdb and especially
in Bugzilla? I sometimes see that FreeIPA bugzillas are being created for
"ipa" component where they might get lost.
CCing simo who is the assumed Administrator for the "ipa" package.
Thank you.
--
Ticket URL: <https://fedorahosted.org/rel-eng/ticket/6091>
Fedora Release Engineering <http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project