Fedora 33 System-Wide Change proposal: systemd-resolved
by Ben Cotton
https://fedoraproject.org/wiki/Changes/systemd-resolved
== Summary ==
Enable systemd-resolved by default. glibc will perform name resolution
using nss-resolve rather than nss-dns.
== Owner ==
* Name: [[User:catanzaro| Michael Catanzaro]]
* Email: <mcatanzaro(a)redhat.com>
== Detailed Description ==
We will enable systemd-resolved by default.
# We will change the
[https://src.fedoraproject.org/rpms/fedora-release/blob/f4cc5b6ce095bb4233...
fedora-release presets] to enable systemd-resolved instead of disable
it.
# systemd-libs currently has
[https://src.fedoraproject.org/rpms/systemd/blob/bb79fb73875f8e71841a1ee8e...
a %post scriplet] to enable nss-myhostname and nss-systemd by either
(a) modifying authselect's user-nsswitch.conf template, if authselect
is in use, or (b) directly modifying /etc/nsswitch.conf otherwise. We
will work with the systemd maintainers to enable nss-resolve here as
well.
# We will work with the authselect maintainers to update authselect's
minimal and nis profiles to enforce nss-resolve. These profiles modify
the hosts line of /etc/resolv.conf. (By default, Fedora uses
authselect's sssd profile, which does not modify the hosts line and
therefore does not have this problem.)
# We will remove our downstream patch to systemd that prevents systemd
from symlinking /etc/resolv.conf to
/run/systemd/resolve/stub-resolv.conf on new installs. For system
upgrades, a systemd-libs %post scriptlet will be used to reassign the
symlink during upgrade. Upon detecting this symlink, NetworkManager
will automatically enable its systemd-resolved support and configure
split DNS as appropriate.
systemd-resolved has been enabled by default in Ubuntu since Ubuntu
16.10, but please note we are doing this differently than Ubuntu has.
Ubuntu does not use nss-resolve. Instead, Ubuntu uses the traditional
nss-dns provided by glibc upstream, so glibc on Ubuntu continues to
read /etc/resolv.conf, as is traditional. This extra step is not
useful and not recommended by upstream. We want to follow upstream
recommendations in using nss-resolve instead.
If you do not wish to use systemd-resolved, then manual intervention
will be required to disable it:
* Modify /etc/authselect/user-nsswitch.conf and remove `resolve
[!UNAVAIL=return]` from the hosts line. Run `authselect
apply-changes`. (If you have disabled authselect, then edit
/etc/nsswitch.conf directly.)
* Disable and stop systemd-resolved.service.
* Restart the NetworkManager service. NetworkManager will then create
a traditional /etc/resolv.conf. (If you are not using NetworkManager,
you may create your own /etc/resolv.conf.)
== Benefit to Fedora ==
=== Standardization ===
Fedora will continue its history of enabling new systemd-provided
services whenever it makes sense to do so. Standardizing on upstream
systemd services is beneficial to the broader Linux ecosystem in
addition to Fedora, since standardizing reduces behavior differences
between different Linux distributions. Sadly, Fedora is no longer
leading in this area. Ubuntu has enabled systemd-resolved by default
since Ubuntu 16.10, so by the time Fedora 33 is released, we will be
three years behind Ubuntu here.
=== resolvectl ===
`resolvectl` has several useful functions (e.g. `resolvectl status` or
`resolvectl query`) that will be enabled out-of-the-box.
=== Caching ===
systemd-resolved caches DNS queries for a short while. This can
[https://gitlab.gnome.org/GNOME/glib/-/merge_requests/682#note_441846
dramatically] improve performance for applications that do not already
manually cache their own DNS results. (Generally, only web browsers
bother with manually caching DNS results.)
=== Split DNS ===
When systemd-resolved is enabled, users who use multiple VPNs at the
same time will notice that DNS requests are now sent to the correct
DNS server by default. Previously, this scenario would result in
embarrassing "DNS leaks" and, depending on the order that the VPN
connections were established, possible failure to resolve private
resources. These scenarios will now work properly. For example,
consider the scenario of Distrustful Denise, who (quite reasonably)
does not trust her ISP. Denise uses a public VPN service,
public-vpn.example.com, to hide her internet activity from her ISP,
but she also needs to use her employer's corporate VPN,
corporation.example.com, in order to access internal company resources
while working from home. Using the Network panel in System Settings,
Denise has configured her employer's VPN to "use this connection only
for resources on its network." Distrustful Denise expects that her
employer's VPN will receive all traffic for corporation.example.com,
and no other traffic. And while this mostly works in Fedora 32, she
discovers that it does not work properly for DNS:
* If Denise connects to public-vpn.example.com first and
corporation.example.com second, she is unable to access internal
company resources. All DNS requests are sent to
public-vpn.example.com's DNS server, so she is unable to resolve names
for internal company websites.
* If Denise connects to corporation.example.com first and
public-vpn.example.com second, then she is able to access internal
company resources. However, it only works because ''all'' her DNS
requests are sent to corporation.example.com's DNS server. Sadly for
Distrustful Denise, her employer discovers that she has been making
some embarrassing DNS requests that she had expected to go through
public-vpn.example.com instead.
Whichever VPN Denise connects to first receives all DNS requests
because glibc's nss-dns module is not smart enough to split the
requests. /etc/resolv.conf is just a list of DNS servers to try in
order, and NetworkManager has no plausible way to decide which to list
first, because both ways are broken, so it just prefers whichever was
connected first. And if one server fails to respond, then the next
server in the list will be tried, likely resulting in a DNS leak. In
contrast, when systemd-resolved is enabled, it will send each DNS
request only to the correct DNS server. The DNS server that will be
used for each tun interface can be inspected using the resolvectl
tool.
Migrating away from /etc/resolv.conf will also avoid an annoying
footgun with this legacy file: only the first three listed nameservers
are respected. All further nameservers are silently ignored.
NetworkManager adds a warning comment when writing more than three
nameservers to this file, but it cannot do any better than that.
=== DNS over TLS ===
systemd-resolved supports DNS over TLS (different from DNS over
HTTPS). Although this feature will not initially be enabled by
default, using systemd-resolved will enable us to turn on DNS over TLS
in a future Fedora release, providing improved security if the user's
DNS server supports DNS over TLS.
== Scope ==
* Proposal owners: We will update Fedora presets to enable
systemd-resolved by default.
* Other developers: This change requires coordination with the systemd
and authselect maintainers.
* Release engineering: [https://pagure.io/releng/issue/9367 #9367]
* Policies and guidelines: none required
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
systemd-resolved will be enabled automatically when upgrading to
Fedora 33. After upgrade, /etc/resolv.conf will be managed by systemd
and symlinked to /run/systemd/resolve/stub-resolv.conf. '''glibc will
no longer look at /etc/resolv.conf when performing name resolution.'''
Instead, glibc will communicate directly with systemd-resolved via
nss-resolve. systemd adds a large warning comment to the top of
/etc/resolv.conf to warn system administrators that changes to this
file will be ignored; however, scripts that edit this file manually
will break. Because this file is usually managed by NetworkManager,
impact to Fedora users will be limited to users who have manually
disabled NetworkManager; such users are expected to be experienced
system administrators who should be comfortable adapting to the change
(or disabling systemd-resolved).
Any applications that bypass glibc and read /etc/resolv.conf directly
will still work because /etc/resolv.conf will point to
systemd-resolved's stub resolver running on 127.0.0.53. Nevertheless,
/etc/resolv.conf is provided only for compatibility purposes, and
applications should prefer to use either glibc or the systemd-resolved
D-Bus API instead; see systemd-resolved(8) for details.
In short, '''applications that read /etc/resolv.conf will continue to
work as before.''' Applications that write to it will no longer work
as expected, but this only previously worked if NetworkManager is
disabled, a non-default configuration. It remains possible to disable
systemd-resolved if desired. Otherwise, any custom system
administration scripts that manage /etc/resolv.conf will need to be
updated.
=== DNSSEC ===
systemd-resolved's DNSSEC support is known to cause compatibility
problems with certain network access points. Per recommendation from
the systemd developers, we will change the default value of this
setting in Fedora from the upstream default `DNSSEC=allow-downgrade`
to `DNSSEC=no` by building systemd with the build option
`-Ddefault-dnssec=no`. The upstream default attempts to use DNSSEC if
it is working, but automatically disable it otherwise, allowing
man-in-the-middle attackers to disable DNSSEC. Sadly, even the
allow-downgrade setting suffers known compatibility problems. Because
Fedora is not prepared to handle an influx of DNSSEC-related bug
reports, we will disable this feature altogether. We anticipate that
enabling DNSSEC by default will not be possible in the foreseeable
future, or perhaps ever. Instead, enabling DNS over TLS (when
supported by the DNS server) seems likely in the near future.
=== Multicast DNS ===
systemd-resolved's multicast DNS support conflicts with Avahi. Per
recommendation from the systemd developers, we will change the default
value of this setting in Fedora from the upstream default
`MulticastDNS=yes` to `MulticastDNS=resolve`. Multicast DNS resolving
will be enabled, but responding will be disabled. This will require
adding a new systemd build option to control the default value of the
MulticastDNS setting, similar to the existing `default-dnssec` and
`default-dns-over-tls` build options.
== How To Test ==
Load any website in a web browser. If you succeed, then name
resolution probably works.
Try using `resolvectl status` and, for example, `resolvectl query
fedoraproject.org`, to see how they work and sanity-check their
output.
Users who use multiple VPNs at the same time are encouraged to test
DNS in a multiple VPN scenario, to ensure that DNS requests are sent
to the expected DNS server.
== User Experience ==
See the Benefit to Fedora section, above, for direct benefits to users
who use multiple VPNs at the same time.
Users will be able to use the resolvectl tool and the functionality it provides.
/etc/resolv.conf will now be managed by systemd rather than by
NetworkManager. As before, this file must not be modified directly
when it is managed.
== Dependencies ==
In Fedora, /etc/nsswitch.conf is managed by authselect. By default,
authselect uses the sssd profile to generate configuration compatible
with sssd. In this mode of operation, it does not modify the hosts
line in /etc/nsswitch.conf. This is also true if using the winbind
profile instead of the sssd profile. However, authselect's minimal and
nis profiles do modify the hosts line. These authselect profiles must
be updated to enable nss-resolved. If you are using authselect in one
of these modes, it will not be possible to cleanly disable
systemd-resolved because the hosts line in /etc/nsswitch.conf will be
clobbered whenever 'authselect apply-changes' is run. If you wish to
disable systemd-resolved and you are using authselect in one of these
modes, then you should stop using authselect. This is not expected to
cause many problems because virtually all Fedora users will be using
the default sssd profile.
We do not need to directly make any changes to the /etc/nsswitch.conf
shipped by glibc. Changes will be applied in the systemd-libs %post
scriptlet.
== Contingency Plan ==
The contingency plan, in the unlikely event of unexpected problems, is
simply to revert any changes and not enable systemd-resolved.
* Contingency deadline: beta freeze
* Blocks release? No
* Blocks product? No
== Documentation ==
* systemd-resolved is documented in several manpages: resolvectl(1),
resolved.conf(5), nss-resolve(8), systemd-resolved(8).
* [https://wiki.archlinux.org/index.php/Systemd-resolved Arch Wiki
documentation]
* [https://wiki.gnome.org/Projects/NetworkManager/DNS NetworkManager
DNS documentation]
== Release Notes ==
systemd-resolved is now enabled by default. systemd-resolved provides
a system-level DNS cache that can substantially improve performance
for applications that do not cache their own DNS results, allows
correct handling of split DNS scenarios such as when multiple VPNs are
in use, and will allow Fedora to enable DNS over TLS in the future.
/etc/resolv.conf will now be managed by systemd-resolved rather than
by NetworkManager. /etc/resolv.conf will no longer be read when
performing name resolution using glibc; however, it is still provided
for compatibility with applications that manually read this file to
perform name resolution. Writing to /etc/resolv.conf will no longer
work as expected.
--
Ben Cotton
He / Him / His
Senior Program Manager, Fedora & CentOS Stream
Red Hat
TZ=America/Indiana/Indianapolis
4 years
Fedora 33 Self-Contained Change proposal: Update Erlang/OTP to
version 23
by Ben Cotton
https://fedoraproject.org/wiki/Changes/Erlang_23
== Summary ==
Update Erlang/OTP to version 23.
== Owner ==
* Name: [[User:Peter|Peter Lemenkov]], [[SIGs/Erlang|Fedora Erlang
SIG]], [[User:bowlofeggs|Randy Barlow]], [[User:jcline|Jeremy Cline]]
* Email: lemenkov(a)gmail.com, erlang(a)lists.fedoraproject.org,
bowlofeggs(a)fedoraproject.org, jcline(a)fedoraproject.org
== Detailed Description ==
Upgrade Erlang to version 23 which brings a lot of changes. Just a few
highlights:
* Numerous scalability and performance improvements.
* New modules - pg (pool group) and erpc (enhanced RPC).
* Removed SSL 3.0 support entirely.
* Removed deprecated part of erl_interface API
* An experimental socket backend for TCP and UDP API.
* Even faster SSL/TLS operations.
* Now it's possible to work w/o external EPMD in production-ready applications
Aside from this, we plan to improve quality of Erlang and related
packages. These are shortcomings we want to address:
Besides that we still have a lengthy list of TODOs:
* Every daemon written in Erlang has its own logging solution which
doesn't use neither syslog nor Journald. We should start switching
them to unified logger..
* We should allow D-Bus API via [https://github.com/lizenn/erlang-dbus
erlang-dbus] library or any other recent implementations..
* Further improve [[User:Peter/Erlang_Packaging_Guidelines|Erlang
Packaging Guidelines]] and promote it as the official guideline.
* Switch to rebar3 as a main build tool.
* SELinux rules for main Erlang applications (Ejabberd, CouchDB,
RabbitMQ) are outdated or missing.
== Benefit to Fedora ==
Fedora users, both developers and end-users, will have visible
benefits from using Fedora-provided packages. Namely:
* Improved scalability and robustness.
== Scope ==
* Proposal owners:
** [https://bugzilla.redhat.com/807897 Upgrade Erlang to the latest
version (23.0)].
** We must rebuild every package which requires NIF version (listed
below in the [[#Dependencies|Dependencies]] section) against Erlang
23.x.y.
** Every Erlang daemon's systemd unit must require epmd.socket.
** We need to fill new review request for
[https://github.com/lizenn/erlang-dbus erlang-dbus]
** Upgrade outdated packages:
*** {{package|riak|Riak}}
**** {{package|riak|Riak}} has has been retired. We have to re-add it back.
*** {{package|ejabberd|Ejabberd}}
*** {{package|rabbitmq-server|RabbitMQ}}.
*** {{package|couchdb|CouchDB}}
** {{package|erlang-rebar3|rebar3}}
*** Provide/adjust RPM macros for rebar3.
** Package GDB macros for easier coredump debugging (see also
[https://bugzilla.redhat.com/show_bug.cgi?id=663253 this ticket]).
* Other developers: N/A
* Release engineering: TBA
* Policies and guidelines:
** We should promote officially
[[User:Peter/Erlang_Packaging_Guidelines|Erlang Packaging
Guidelines]].
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
* Every Erlang upgrade requires the rebuilding of modules which
contains [http://www.erlang.org/doc/reference_manual/ports.html ports]
or [http://www.erlang.org/doc/tutorial/nif.html NIFs], and we will
rebuild all such modules in Fedora. However if a user has some
additional modules not available in a Fedora repository, then these
modules must be rebuilt manually.
* So-called [http://erlang.org/doc/man/HiPE_app.html HiPE] continues
to deteriorate. In this version it's barely functional and likely is
going to be removed in the next one.
== How To Test ==
* Ensure that high-grade Erlang applications are still working:
(see wiki)
* Collect feedback from volunteers regarding their experience with
this Erlang/OTP version
== User Experience ==
Users will get more robust, scalable, and fast Erlang applications.
== Dependencies ==
The following packages must be rebuilt:
(see wiki)
== Contingency Plan ==
* Contingency mechanism: None necessary. Instead of falling back to
the previous version we should fix existing packages in order to help
the Community. We should also monitor upstream development process for
potentially discovered issues and proactively apply patches (as we
already did with [[Features/Erlang_R14|Erlang R14]],
[[Features/Erlang_R15|Erlang R15]], [[Features/Erlang_R16|Erlang
R16]], [[Changes/BetterErlangSupport|Erlang 17]],
[[Changes/Erlang_18|Erlang 18]], [[Changes/Erlang_19|Erlang 19]],
[[Changes/Erlang_20|Erlang 20]], [[Changes/Erlang_21|Erlang 21]] and
[[Changes/Erlang_22|Erlang 22]]). It should be noted that this change
consists from an independent or loosely coupled smaller changes. If we
fail to deliver some changes in time, we should reschedule these exact
changes to the future Fedora release while keeping already implemented
ones.
* Contingency deadline: N/A
* Blocks release? N/A
* Blocks product? N/A
== Documentation ==
* [https://www.erlang.org/news/138 Erlang/OTP 23 Release Candidate 2
release notes]
== Release Notes ==
Erlang/OTP 23.0 is available in Fedora 33.
--
Ben Cotton
He / Him / His
Senior Program Manager, Fedora & CentOS Stream
Red Hat
TZ=America/Indiana/Indianapolis
4 years
Orphaned packages looking for new maintainers (incl. GConf2,
keybinder3, orangefs)
by Miro Hrončok
The following packages are orphaned and will be retired when they
are orphaned for six weeks, unless someone adopts them. If you know for sure
that the package should be retired, please do so now with a proper reason:
https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life
Note: If you received this mail directly you (co)maintain one of the affected
packages or a package that depends on one. Please adopt the affected package or
retire your depending package to avoid broken dependencies, otherwise your
package will be retired when the affected package gets retired.
Request package ownership via the *Take* button in he left column on
https://src.fedoraproject.org/rpms/<pkgname>
Full report available at:
https://churchyard.fedorapeople.org/orphans-2020-04-14.txt
grep it for your FAS username and follow the dependency chain.
Package (co)maintainers Status Change
================================================================================
CPUFreqUtility orphan 1 weeks ago
GConf2 alexl, caillon, caolanm, 1 weeks ago
gnome-sig, johnp, mbarnes,
orphan, rhughes, ssp, walters
GREYCstoration orphan 1 weeks ago
abcm2ps orphan 1 weeks ago
adapta-gtk-theme orphan 1 weeks ago
afpfs-ng orphan 1 weeks ago
antlr4 gil, jkastner, lef, mizdebsk, 1 weeks ago
orphan
apache-commons-dbutils mizdebsk, orphan 1 weeks ago
apache-commons-email mizdebsk, orphan 1 weeks ago
apache-commons-jci jjelen, orphan 1 weeks ago
apache-commons-jcs cquad, jjelen, orphan 2 weeks ago
apanov-edrip-fonts frixxon, orphan 1 weeks ago
apbs orphan, rathann 1 weeks ago
artha orphan 1 weeks ago
avalon-framework jerboaa, jjelen, mizdebsk, 2 weeks ago
orphan
avr-gdb giallu, orphan, trondd 1 weeks ago
batik jvanek, mizdebsk, orphan, 1 weeks ago
sergiomb
biboumi jcline, orphan 2 weeks ago
bmake orphan 1 weeks ago
bval jjelen, orphan 1 weeks ago
bygfoot orphan 1 weeks ago
cassandra-java-driver hhorak, jjanco, orphan 1 weeks ago
castor lef, orphan 1 weeks ago
catimg orphan 1 weeks ago
cdpr orphan 1 weeks ago
ckermit orphan 1 weeks ago
classloader-leak-test-framework orphan, praiskup 1 weeks ago
cmyktool orphan 1 weeks ago
cog orphan 1 weeks ago
containers orphan 3 weeks ago
coriander dajt, orphan 1 weeks ago
cpptasks orphan 5 weeks ago
dateshift orphan 1 weeks ago
dibbler orphan 1 weeks ago
docco nodejs-sig, orphan, patches 1 weeks ago
drbd orphan 1 weeks ago
dsi orphan 1 weeks ago
echoping orphan 1 weeks ago
eclipse-avr orphan 1 weeks ago
eclipse-egit-github eclipse-sig, orphan 1 weeks ago
eclipse-m2e-core eclipse-sig, galileo, 1 weeks ago
mizdebsk, orphan
eclipse-mylyn arobinso, eclipse-sig, 1 weeks ago
jjohnstn, kdaniel, orphan,
rgrunber
eclipse-photran akurtakov, eclipse-sig, orphan 1 weeks ago
eclipse-ptp eclipse-sig, jjohnstn, 1 weeks ago
kdaniel, orphan
eclipse-remote eclipse-sig, orphan 1 weeks ago
eclipse-subclipse eclipse-sig, kdaniel, orphan 1 weeks ago
eclipse-testng eclipse-sig, orphan 1 weeks ago
eclipse-webtools eclipse-sig, galileo, orphan 1 weeks ago
emacs-mmm orphan 1 weeks ago
fcoe-utils orphan 1 weeks ago
flatbuffers orphan 1 weeks ago
foma orphan 1 weeks ago
fts andreamanzi, orphan 1 weeks ago
gcolor2 orphan 1 weeks ago
geronimo-jcache jjelen, lef, orphan 1 weeks ago
geronimo-jcdi-1.0-api jjelen, lef, orphan 2 weeks ago
ggz-gtk-client orphan, pwalter 1 weeks ago
gluegen2 orphan 1 weeks ago
gnomad2 orphan 1 weeks ago
gnomint orphan 1 weeks ago
gpsdrive orphan 1 weeks ago
grsync orphan 1 weeks ago
gtick orphan, renich 1 weeks ago
gtkdialog orphan 1 weeks ago
guava20 mizdebsk, orphan 1 weeks ago
gwget orphan 1 weeks ago
hcc orphan 1 weeks ago
hfsplusutils orphan 1 weeks ago
hovercraft orphan, ralph 1 weeks ago
imageinfo orphan 1 weeks ago
insect fnux, orphan 4 weeks ago
java-vash orphan 1 weeks ago
jaxb2-maven-plugin jjelen, lef, orphan 2 weeks ago
jboss-jsf-2.2-api jjelen, lef, orphan 2 weeks ago
jchart2d orphan 1 weeks ago
jetty-build-support mizdebsk, orphan 5 weeks ago
jetty-parent mizdebsk, orphan 1 weeks ago
jetty-toolchain mizdebsk, orphan 3 weeks ago
jlatexmath orphan 1 weeks ago
jline3 orphan 1 weeks ago
josm jjelen, orphan 1 weeks ago
jruby lef, msrb, orphan, vondruch 1 weeks ago
keybinder3 orphan 1 weeks ago
laszip devrim, orphan 5 weeks ago
lde orphan 1 weeks ago
libacpi orphan 1 weeks ago
libccp4 orphan 1 weeks ago
liblas devrim, orphan 5 weeks ago
libnih orphan 1 weeks ago
libopensync-plugin-gnokii awjb, orphan 1 weeks ago
libvtemm hguemar, orphan 1 weeks ago
lldpad orphan 1 weeks ago
lterm orphan 1 weeks ago
maven-injection-plugin mizdebsk, orphan 5 weeks ago
maven-mapping mizdebsk, orphan 5 weeks ago
maven-release jcapik, orphan 1 weeks ago
maven-stage-plugin huwang, orphan 1 weeks ago
mboxgrep orphan 1 weeks ago
mbrowse orphan 1 weeks ago
metrics-reporter-config hhorak, orphan 1 weeks ago
mipv6-daemon orphan 1 weeks ago
musique orphan, skytux 1 weeks ago
mvel orphan 5 weeks ago
mx4j dwalluck, orphan 1 weeks ago
mycila-pom orphan 1 weeks ago
nekobee-dssi orphan 5 weeks ago
nodejs-base64-arraybuffer orphan 1 weeks ago
nodejs-bcryptjs orphan 1 weeks ago
nodejs-bunyan nodejs-sig, orphan 1 weeks ago
nodejs-chai-cheerio orphan 1 weeks ago
nodejs-chai-fs orphan 1 weeks ago
nodejs-cheerio orphan 1 weeks ago
nodejs-cjson nodejs-sig, orphan 1 weeks ago
nodejs-collections nodejs-sig, orphan, patches 1 weeks ago
nodejs-commonmark nodejs-sig, orphan 1 weeks ago
nodejs-connect nodejs-sig, orphan, patches 1 weeks ago
nodejs-convert-source-map nodejs-sig, orphan 1 weeks ago
nodejs-cookie-session orphan 1 weeks ago
nodejs-cors orphan 1 weeks ago
nodejs-css-select nodejs-sig, orphan 1 weeks ago
nodejs-csscomb-core nodejs-sig, orphan 1 weeks ago
nodejs-csslint nodejs-sig, orphan 1 weeks ago
nodejs-default-resolution orphan 1 weeks ago
nodejs-defence nodejs-sig, orphan 1 weeks ago
nodejs-del nodejs-sig, orphan 1 weeks ago
nodejs-delete orphan 1 weeks ago
nodejs-engine-dot-io-client orphan 1 weeks ago
nodejs-engine-dot-io-parser orphan 1 weeks ago
nodejs-espower orphan 1 weeks ago
nodejs-esprima nodejs-sig, orphan, patches 1 weeks ago
nodejs-esprima-fb nodejs-sig, orphan 1 weeks ago
nodejs-esprima-harmony-jscs nodejs-sig, orphan 1 weeks ago
nodejs-expect nodejs-sig, orphan 1 weeks ago
nodejs-fake orphan 1 weeks ago
nodejs-find-cache-dir nodejs-sig, orphan 1 weeks ago
nodejs-find-up nodejs-sig, orphan, sergiomb 1 weeks ago
nodejs-flat-cache orphan 1 weeks ago
nodejs-fs-promise orphan 1 weeks ago
nodejs-git-remote-origin-url orphan 1 weeks ago
nodejs-gitconfiglocal orphan 1 weeks ago
nodejs-gnode orphan 1 weeks ago
nodejs-grunt-contrib-clean nodejs-sig, orphan, patches 1 weeks ago
nodejs-grunt-contrib-csslint nodejs-sig, orphan 1 weeks ago
nodejs-grunt-init nodejs-sig, orphan, patches, 1 weeks ago
piotrp
nodejs-grunt-lib-contrib nodejs-sig, orphan, patches 1 weeks ago
nodejs-highlight-js nodejs-sig, orphan, patches 1 weeks ago
nodejs-historic-readline orphan 4 weeks ago
nodejs-htmlparser2 nodejs-sig, orphan 1 weeks ago
nodejs-i nodejs-sig, orphan, patches 1 weeks ago
nodejs-is-arrow-function nodejs-sig, orphan 1 weeks ago
nodejs-is-error orphan 1 weeks ago
nodejs-jasmine-growl-reporter nodejs-sig, orphan, patches 1 weeks ago
nodejs-json-parse-helpfulerror nodejs-sig, orphan 1 weeks ago
nodejs-lcov-parse nodejs-sig, orphan 1 weeks ago
nodejs-load-grunt-tasks nodejs-sig, orphan, patches 1 weeks ago
nodejs-locate-path nodejs-sig, orphan, sergiomb 1 weeks ago
nodejs-loophole orphan 1 weeks ago
nodejs-ltx nodejs-sig, orphan, patches 1 weeks ago
nodejs-make-dir orphan 1 weeks ago
nodejs-mock-bin orphan 1 weeks ago
nodejs-mock-git orphan 1 weeks ago
nodejs-netmask nodejs-sig, orphan 1 weeks ago
nodejs-ng-classify orphan 1 weeks ago
nodejs-object-dot-entries nodejs-sig, orphan 1 weeks ago
nodejs-object-dot-pick orphan 1 weeks ago
nodejs-only-shallow nodejs-sig, orphan 1 weeks ago
nodejs-opal-runtime orphan 1 weeks ago
nodejs-passport-oauth2-client- orphan 1 weeks ago
password
nodejs-pkg-dir nodejs-sig, orphan 1 weeks ago
nodejs-pkg-up nodejs-sig, orphan, sergiomb 1 weeks ago
nodejs-q nodejs-sig, orphan, patches 1 weeks ago
nodejs-q-io nodejs-sig, orphan, patches 1 weeks ago
nodejs-qunit-extras nodejs-sig, orphan 1 weeks ago
nodejs-read-json-sync orphan 1 weeks ago
nodejs-redent nodejs-sig, orphan 1 weeks ago
nodejs-replace-ext nodejs-sig, orphan 1 weeks ago
nodejs-ret orphan 1 weeks ago
nodejs-revalidator nodejs-sig, orphan, patches 1 weeks ago
nodejs-select-hose orphan 1 weeks ago
nodejs-snockets nodejs-sig, orphan, patches 1 weeks ago
nodejs-source-map-support orphan 1 weeks ago
nodejs-strong-log-transformer orphan 1 weeks ago
nodejs-tern-cordovajs galileo, nodejs-sig, orphan, 1 weeks ago
vjancik
nodejs-to-absolute-glob nodejs-sig, orphan 1 weeks ago
nodejs-underscore-dot-logger nodejs-sig, orphan, patches 1 weeks ago
nodejs-url2 nodejs-sig, orphan, patches 1 weeks ago
nodejs-vasync nodejs-sig, orphan 1 weeks ago
nodejs-watchit nodejs-sig, orphan, patches 1 weeks ago
nodejs-winston nodejs-sig, orphan, patches, 1 weeks ago
piotrp
nodejs-write orphan 1 weeks ago
nodejs-xmlhttprequest-ssl orphan 1 weeks ago
nyquist orphan 1 weeks ago
ocitools orphan 1 weeks ago
open-amp orphan 1 weeks ago
opendchub orphan 1 weeks ago
openjpa jjelen, lef, orphan 2 weeks ago
orangefs orphan 1 weeks ago
oshinko-cli orphan 1 weeks ago
parfait agerstmayr, mgoodwin, nathans, 1 weeks ago
orphan
percona-xtrabackup orphan 4 weeks ago
perl-Filesys-SmbClient orphan 3 weeks ago
phat orphan 5 weeks ago
php-onelogin-php-saml orphan 1 weeks ago
phpPgAdmin devrim, hhorak, jmlich, 5 weeks ago
orphan, praiskup
pidgin-musictracker orphan 1 weeks ago
plexus-bsh-factory mizdebsk, orphan 1 weeks ago
postgresql-dbi-link devrim, orphan 5 weeks ago
postgresql-pgpoolAdmin devrim, jmlich, orphan 5 weeks ago
postgresql_autodoc devrim, orphan 5 weeks ago
publican-jboss orphan 1 weeks ago
pwmd orphan 1 weeks ago
python-bashate apevec, openstack-sig, orphan 1 weeks ago
python-django-post_office orphan 1 weeks ago
python-hug orphan 1 weeks ago
python-poppler-qt4 orphan 1 weeks ago
randomizedtesting orphan 5 weeks ago
reactfx orphan 1 weeks ago
repmgr orphan 1 weeks ago
rescu orphan 1 weeks ago
rfdump orphan 1 weeks ago
rigsofrods orphan 1 weeks ago
rsyntaxtextarea orphan 1 weeks ago
rubygem-aws-sdk-core orphan 1 weeks ago
rubygem-memfs orphan 1 weeks ago
rubygem-mixlib-log orphan 1 weeks ago
rubygem-rack-attack orphan 1 weeks ago
rubygem-ruby2ruby orphan 1 weeks ago
rubygem-yell orphan 1 weeks ago
saoimage mmahut, orphan 1 weeks ago
scilab orphan 1 weeks ago
scrot orphan 1 weeks ago
si-units brolley, mgoodwin, nathans, 1 weeks ago
orphan
simple-xml orphan 3 weeks ago
snapraid orphan 1 weeks ago
soundtracker eeickmeyer, jcapik, ndim, 0 weeks ago
orphan
spatialite-gui orphan 1 weeks ago
sscep orphan 1 weeks ago
sslext jjelen, orphan 1 weeks ago
stream-lib lef, orphan 1 weeks ago
struts jjelen, orphan 1 weeks ago
svnkit dbhole, jfilak, orphan 1 weeks ago
telepathy-rakia orphan 1 weeks ago
termy-qt orphan 1 weeks ago
the_silver_searcher orphan 1 weeks ago
tomahawk comzeradd, kde-sig, magnu5, 1 weeks ago
orphan
tuxanci orphan 1 weeks ago
typesafe-config gil, orphan 1 weeks ago
ubertooth orphan 1 weeks ago
uom-lib brolley, mgoodwin, nathans, 1 weeks ago
orphan
uom-se brolley, mgoodwin, nathans, 1 weeks ago
orphan
uom-systems brolley, mgoodwin, nathans, 1 weeks ago
orphan
utop orphan 1 weeks ago
velocity-tools jjelen, lef, orphan 1 weeks ago
waypipe orphan 1 weeks ago
wlc fale, ignatenkobrain, orphan, 1 weeks ago
zvetlik
wmmon orphan 1 weeks ago
wpewebkit orphan 1 weeks ago
xneur orphan 1 weeks ago
The following packages require above mentioned packages:
Report too long, see the full version at
https://churchyard.fedorapeople.org/orphans-2020-04-14.txt
(grep it for your username and follow the dependency chain)
Affected (co)maintainers (either directly or via packages' dependencies):
agerstmayr: si-units, parfait, uom-se, uom-systems, guava20, uom-lib
akurtakov: eclipse-photran, simple-xml, randomizedtesting, batik
alexl: GConf2, keybinder3
alt-gtk-de-sig: keybinder3
amdunn: emacs-mmm
amukunda: GConf2
anaconda-maint: lldpad, fcoe-utils, keybinder3
andreamanzi: fts
ankursinha: orangefs
antiaircraft: GConf2
aperezbios: GConf2
apevec: python-bashate
arobinso: eclipse-mylyn, randomizedtesting, svnkit, batik, guava20,
eclipse-subclipse, simple-xml
athmane: afpfs-ng
athoscr: rubygem-memfs
atim: keybinder3
awjb: libopensync-plugin-gnokii
awood: GConf2
bagnara: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path
bcl: GConf2
besser82: GConf2, keybinder3
bkearney: GConf2
bowlofeggs: nodejs-pkg-up, nodejs-load-grunt-tasks, guava20, nodejs-find-up,
nodejs-locate-path
brandfbb: jruby
brendt: imageinfo
brolley: uom-se, uom-systems, si-units, uom-lib
bruno: GConf2
buc: GConf2
caillon: GConf2, keybinder3
caolanm: classloader-leak-test-framework, GConf2, keybinder3
catanzaro: jruby
cfeist: jruby, batik
cheese: GConf2
cheeselee: GConf2, keybinder3
churchyard: laszip, liblas
cicku: GConf2, keybinder3, orangefs
clalance: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path
clumens: GConf2, batik
company: GConf2
comzeradd: tomahawk
corsepiu: orangefs
cosimoc: GConf2
cquad: struts, velocity-tools, classloader-leak-test-framework,
jaxb2-maven-plugin, geronimo-jcdi-1.0-api, apache-commons-jci, bval, openjpa,
sslext, geronimo-jcache, apache-commons-jcs, jboss-jsf-2.2-api
csnyder: GConf2
cwickert: GConf2, keybinder3
dajt: coriander
davidsch: orangefs
dbhole: svnkit, randomizedtesting, batik, GConf2, simple-xml
dcantrell: GConf2
dchen: simple-xml, randomizedtesting
decathorpe: jruby
defolos: GConf2
deji: GConf2, orangefs
delete: GConf2
denis: GConf2
denisarnaud: orangefs, jruby
devrim: postgresql-dbi-link, liblas, postgresql-pgpoolAdmin, postgresql_autodoc,
laszip, phpPgAdmin
diehlpk: orangefs
dignan: GConf2
dledford: orangefs
dmaphy: GConf2, keybinder3
dmlb2000: orangefs
dodji: orangefs
domcleal: jruby
drago01: jruby
dridi: GConf2
dsd: GConf2
dshea: GConf2
dtardon: classloader-leak-test-framework
dvratil: telepathy-rakia, GConf2
dwalluck: mx4j
ebaron: simple-xml, randomizedtesting, batik
eclipse-sig: eclipse-ptp, eclipse-remote, eclipse-mylyn, eclipse-m2e-core,
randomizedtesting, batik, eclipse-photran, eclipse-webtools, eclipse-testng,
guava20, svnkit, eclipse-subclipse, eclipse-egit-github, simple-xml
eclipseo: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, keybinder3,
nodejs-locate-path
eeickmeyer: GConf2, soundtracker
elanthis: GConf2
ellert: nodejs-pkg-up, nodejs-load-grunt-tasks, guava20, nodejs-find-up,
nodejs-locate-path
ellio167: orangefs
elsupergomez: GConf2
elxreno: rsyntaxtextarea, batik
epienbro: GConf2
erack: classloader-leak-test-framework, jruby
erikos: GConf2
fab: GConf2
fale: wlc
fche: orangefs
fkluknav: GConf2
fmuellner: GConf2
fnux: nodejs-historic-readline, insect
frantisekz: jruby
frixxon: apanov-edrip-fonts
galileo: nodejs-source-map-support, eclipse-m2e-core, eclipse-webtools,
nodejs-tern-cordovajs, guava20
gchamoul: jruby
gecko-maint: GConf2
giallu: GConf2, avr-gdb
gil: typesafe-config, antlr4
gnome-sig: GConf2, keybinder3, jruby
greghellings: GConf2
hadess: GConf2
hannes: orangefs
hguemar: GConf2, libvtemm
hhorak: classloader-leak-test-framework, guava20, cassandra-java-driver,
phpPgAdmin, GConf2, metrics-reporter-config
hobbes1069: orangefs
honzaf: batik
humaton: jruby
huwang: maven-stage-plugin
idevat: jruby, batik
ignatenkobrain: orangefs, wlc
immanetize: percona-xtrabackup
isimluk: GConf2
itamarjp: nodejs-pkg-up, nodejs-load-grunt-tasks, orangefs, nodejs-find-up,
nodejs-locate-path, GConf2, jruby
iucar: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path
jakub: orangefs
jamielinux: nodejs-q-io, docco, nodejs-json-parse-helpfulerror,
nodejs-highlight-js, nodejs-jasmine-growl-reporter, nodejs-source-map-support,
nodejs-watchit, nodejs-q, guava20, nodejs-winston, jruby, nodejs-revalidator,
nodejs-snockets, nodejs-collections, nodejs-url2, nodejs-esprima
jankratochvil: GConf2
jaruga: nodejs-source-map-support, jruby
jcapik: maven-release, soundtracker
jcerny: lldpad, GConf2, fcoe-utils, keybinder3
jchaloup: orangefs
jcline: biboumi
jcpunk: GConf2, keybinder3
jdunn: rubygem-mixlib-log, jruby
jeffreyness: percona-xtrabackup
jenslody: GConf2
jerboaa: avalon-framework, simple-xml, randomizedtesting, batik
jfearn: batik
jfilak: svnkit
jgrulich: telepathy-rakia, GConf2
jgu: nodejs-pkg-up, nodejs-load-grunt-tasks, orangefs, nodejs-find-up,
nodejs-locate-path, GConf2
jhladky: orangefs
jjames: nodejs-pkg-up, nodejs-load-grunt-tasks, maven-release, nodejs-find-up,
nodejs-locate-path
jjanco: classloader-leak-test-framework, guava20, cassandra-java-driver
jjelen: struts, velocity-tools, classloader-leak-test-framework,
jaxb2-maven-plugin, geronimo-jcdi-1.0-api, apache-commons-jci, avalon-framework,
bval, openjpa, josm, sslext, geronimo-jcache, apache-commons-jcs, jboss-jsf-2.2-api
jjohnstn: eclipse-ptp, eclipse-remote, eclipse-mylyn, randomizedtesting, svnkit,
batik, eclipse-photran, guava20, eclipse-subclipse, simple-xml
jkastner: antlr4, orangefs
jkonecny: lldpad, fcoe-utils, keybinder3
jmagne: GConf2
jmlich: classloader-leak-test-framework, postgresql-pgpoolAdmin, phpPgAdmin
jngrad: orangefs
johnp: GConf2, keybinder3
jplesnik: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up,
nodejs-locate-path, GConf2
jpokorny: batik
jreznik: telepathy-rakia
jskarvad: GConf2, orangefs
jsmith: nodejs-commonmark, nodejs-defence, nodejs-pkg-dir, nodejs-ret,
nodejs-expect, guava20, nodejs-lcov-parse, nodejs-make-dir,
nodejs-source-map-support, nodejs-replace-ext, nodejs-esprima-fb, nodejs-q,
nodejs-is-error, nodejs-locate-path, nodejs-write, nodejs-flat-cache,
nodejs-delete, nodejs-del, nodejs-find-up, nodejs-read-json-sync,
nodejs-jasmine-growl-reporter, nodejs-object-dot-pick, nodejs-esprima
jspaleta: orangefs
jstribny: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up,
nodejs-locate-path, jruby
jsynacek: GConf2
jujens: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path
junghans: orangefs
jussilehtola: orangefs
jvanek: randomizedtesting, batik, rsyntaxtextarea, GConf2, simple-xml, jruby
jwakely: orangefs
kalev: GConf2
kanarip: jruby
kasong: lldpad, fcoe-utils, keybinder3
kdaniel: eclipse-ptp, eclipse-remote, eclipse-mylyn, randomizedtesting, svnkit,
eclipse-photran, guava20, eclipse-subclipse, simple-xml
kde-sig: tomahawk, GConf2
kengert: GConf2
kevin: GConf2, keybinder3
kmilos: GConf2
konradm: orangefs
korkeala: maven-release
krege: orangefs
kwenning: batik
kwizart: jruby
lalatendu: jruby
laxathom: GConf2, jruby
lef: stream-lib, struts, velocity-tools, classloader-leak-test-framework,
jaxb2-maven-plugin, geronimo-jcdi-1.0-api, randomizedtesting,
apache-commons-jci, batik, openjpa, bval, antlr4, sslext, geronimo-jcache,
jboss-jsf-2.2-api, castor, simple-xml, jruby
leigh123linux: GConf2, keybinder3
lennart: GConf2
liangsuilong: GConf2, keybinder3
limb: GConf2, ggz-gtk-client
lkundrak: GConf2, orangefs
lon: batik
loveshack: orangefs
lucilanga: GConf2
lzap: jruby
m4rtink: lldpad, fcoe-utils, keybinder3
magnu5: tomahawk
maha: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path
marcindulak: orangefs
mattrose: keybinder3
matyc: lldpad, GConf2, fcoe-utils, keybinder3
maxamillion: keybinder3
mbaldessari: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up,
nodejs-locate-path
mbarnes: GConf2, keybinder3
mbooth: guava20, simple-xml, randomizedtesting, batik
mck182: telepathy-rakia
mclasen: GConf2, keybinder3
mcrha: GConf2
mdbooth: jruby
mef: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path
mgoodwin: si-units, parfait, uom-se, uom-systems, guava20, uom-lib
michich: orangefs
mikedep333: keybinder3
mizdebsk: nodejs-pkg-up, apache-commons-email, nodejs-load-grunt-tasks,
apache-commons-dbutils, eclipse-m2e-core, plexus-bsh-factory, batik,
eclipse-webtools, avalon-framework, jetty-toolchain, antlr4, guava20,
maven-injection-plugin, maven-mapping, nodejs-find-up, nodejs-locate-path,
jetty-parent, jetty-build-support
mjakubicek: orangefs
mjia: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path
mjw: orangefs
mkasik: keybinder3
mlisik: jruby, batik
mmagr: jruby
mmahut: GConf2, saoimage
mmorsi: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up,
nodejs-locate-path, jruby
moezroy: GConf2
mpreisle: lldpad, GConf2, fcoe-utils, keybinder3
mrceresa: orangefs
msekleta: GConf2
msimacek: nodejs-pkg-up, nodejs-load-grunt-tasks, randomizedtesting,
nodejs-find-up, nodejs-locate-path, simple-xml
mso: jruby
msrb: jruby
mtasaka: GConf2, keybinder3, jruby
mycae: orangefs
mystro256: GConf2
nathans: si-units, parfait, uom-se, uom-systems, guava20, uom-lib
ndim: soundtracker
neuro-sig: maven-release, orangefs
nodejs-sig: docco, nodejs-redent, nodejs-commonmark, nodejs-defence,
nodejs-pkg-up, nodejs-htmlparser2, nodejs-pkg-dir, nodejs-underscore-dot-logger,
nodejs-expect, nodejs-css-select, nodejs-ret, nodejs-i, guava20,
nodejs-only-shallow, nodejs-revalidator, nodejs-snockets, nodejs-lcov-parse,
nodejs-netmask, nodejs-vasync, nodejs-highlight-js, nodejs-load-grunt-tasks,
nodejs-source-map-support, nodejs-find-cache-dir, nodejs-replace-ext,
nodejs-esprima-fb, nodejs-qunit-extras, nodejs-q, nodejs-bunyan,
nodejs-locate-path, nodejs-grunt-lib-contrib, nodejs-grunt-contrib-clean,
nodejs-write, nodejs-object-dot-entries, nodejs-cjson, nodejs-flat-cache,
nodejs-delete, nodejs-del, nodejs-winston, nodejs-find-up, nodejs-connect,
nodejs-collections, nodejs-is-arrow-function, nodejs-csscomb-core, nodejs-q-io,
nodejs-grunt-contrib-csslint, nodejs-json-parse-helpfulerror, nodejs-grunt-init,
nodejs-to-absolute-glob, nodejs-read-json-sync, nodejs-esprima-harmony-jscs,
nodejs-jasmine-growl-reporter, nodejs-ltx, nodejs-csslint, nodejs-watchit,
nodejs-tern-cordovajs, jruby, nodejs-url2, nodejs-convert-source-map, nodejs-esprima
nonamedotc: GConf2, keybinder3
nosnilmot: GConf2
nphilipp: GConf2
nushio: GConf2
obnox: jruby
odubaj: classloader-leak-test-framework
ohaessler: GConf2, keybinder3
oliver: simple-xml, randomizedtesting, batik
omajid: GConf2
omular: jruby, batik
openstack-sig: python-bashate
orion: orangefs
patches: docco, nodejs-underscore-dot-logger, nodejs-pkg-up, nodejs-i, guava20,
nodejs-revalidator, nodejs-highlight-js, nodejs-load-grunt-tasks,
nodejs-source-map-support, nodejs-q, nodejs-locate-path,
nodejs-grunt-lib-contrib, nodejs-grunt-contrib-clean, nodejs-esprima,
nodejs-winston, nodejs-find-up, rsyntaxtextarea, nodejs-connect,
nodejs-collections, nodejs-q-io, nodejs-json-parse-helpfulerror,
nodejs-grunt-init, nodejs-jasmine-growl-reporter, nodejs-ltx, batik,
nodejs-watchit, jruby, nodejs-url2, nodejs-snockets
patrikopravil: jruby
pbrobinson: GConf2, jruby
pcahyna: GConf2
pcpa: orangefs
pfrields: GConf2
pgordon: GConf2
phracek: GConf2
pingou: GConf2, keybinder3
piotrp: nodejs-json-parse-helpfulerror, nodejs-grunt-init,
nodejs-jasmine-growl-reporter, nodejs-source-map-support, nodejs-winston,
nodejs-q, nodejs-revalidator, nodejs-esprima
pkajaba: classloader-leak-test-framework
pkfed: orangefs
pmikova: rsyntaxtextarea
ppisar: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up,
nodejs-locate-path, GConf2
praiskup: nodejs-esprima, classloader-leak-test-framework, GConf2, phpPgAdmin
ptoscano: jruby
pvalena: jruby
pvrabec: GConf2
pwalter: ggz-gtk-client
pwouters: GConf2
pwu: keybinder3
python-sig: nodejs-pkg-up, nodejs-load-grunt-tasks, orangefs, nodejs-find-up,
nodejs-locate-path
qulogic: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path
radekmanak: rsyntaxtextarea
rakesh: GConf2, orangefs
ralph: hovercraft
raphgro: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path
rathann: nodejs-pkg-up, nodejs-load-grunt-tasks, orangefs, nodejs-find-up,
keybinder3, nodejs-locate-path, apbs, jruby
rdieter: telepathy-rakia, GConf2
rebus: afpfs-ng
renich: gtick, keybinder3
rgrunber: eclipse-mylyn, randomizedtesting, svnkit, batik, guava20,
eclipse-subclipse, simple-xml
rhughes: GConf2, keybinder3
rjones: jruby
rlandmann: batik
rmattes: GConf2
robert: GConf2
robyduck: keybinder3
rombobeorn: GConf2
rstrode: GConf2, keybinder3
ruby-packagers-sig: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up,
nodejs-locate-path, jruby
rvokal: GConf2
rvykydal: lldpad, fcoe-utils, keybinder3
sagitter: GConf2, nodejs-pkg-up, nodejs-load-grunt-tasks, orangefs,
nodejs-find-up, nodejs-locate-path, apbs
sandeen: GConf2
sbergmann: classloader-leak-test-framework
sbueno: lldpad, fcoe-utils, keybinder3
scitech_sig: orangefs
sergiomb: nodejs-pkg-up, apbs, nodejs-load-grunt-tasks, batik, guava20,
nodejs-find-up, nodejs-locate-path, GConf2
sharkcz: GConf2
shlomif: the_silver_searcher
skottler: jruby
skytux: musique
slankes: GConf2, libacpi
smani: orangefs
smoitra: jruby
snirkel: GConf2
spot: GConf2, orangefs
sseago: jruby
ssp: GConf2, keybinder3
stahnma: jruby
stefw: lldpad, fcoe-utils, keybinder3
steve: GConf2
stevetraylen: jruby
stransky: GConf2
survient: percona-xtrabackup
swt2c: GConf2
tagoh: keybinder3
tc01: nodejs-winston, guava20
tdawson: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up,
nodejs-locate-path, jruby
terjeros: GConf2, jruby, batik
thm: GConf2
thofmann: GConf2
thozza: rsyntaxtextarea, batik
tibbs: GConf2
timfenn: libccp4
timn: GConf2
tojeline: jruby, batik
tomh: docco, nodejs-highlight-js, nodejs-jasmine-growl-reporter, nodejs-watchit,
nodejs-q, guava20, nodejs-winston, nodejs-revalidator, nodejs-connect,
nodejs-esprima
tomspur: orangefs
tonet666p: keybinder3
tpokorra: GConf2
tpopela: GConf2, jruby
trondd: avr-gdb
tstellar: hcc
tuxbrewr: GConf2
ueno: GConf2
valtri: rubygem-aws-sdk-core, jruby
vascom: rsyntaxtextarea, batik
vjancik: nodejs-tern-cordovajs, nodejs-source-map-support
vondruch: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up,
nodejs-locate-path, jruby
vpodzime: lldpad, fcoe-utils, keybinder3
vponcova: lldpad, fcoe-utils, keybinder3
walters: GConf2
wottop: GConf2
wsato: GConf2
wtaymans: GConf2
wwoods: GConf2
xavierb: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up,
nodejs-locate-path, nodejs-grunt-contrib-clean
xhorak: GConf2
yselkowitz: GConf2
zbyszek: nodejs-pkg-up, nodejs-load-grunt-tasks, orangefs, maven-release,
guava20, nodejs-find-up, nodejs-locate-path
zsun: keybinder3
zvetlik: nodejs-source-map-support, wlc
--
The script creating this output is run and developed by Fedora
Release Engineering. Please report issues at its pagure instance:
https://pagure.io/releng/
The sources of this script can be found at:
https://pagure.io/releng/blob/master/f/scripts/find_unblocked_orphans.py
4 years
Call for testers for rpmautospec in staging
by Pierre-Yves Chibon
Good Morning Everyone,
You may remember that Nils, Adam and pingou have been investigating what
it would take to get rid of maintaining the changelog and release fields
manually in our spec files (but still have them in the produced RPMs).
We have already discussed the idea in a few threads:
- https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.o...
announced the original idea
- https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.o...
presented some of the possible approaches to do this
The result of these discussions and our investigations is `rpmautospec`
As its documentation says:
`rpmautospec` is a program and library used to automatically generate the
release and changelog fields in RPM spec files opting to use it.
`rpmautospec` is currently a proof of concept, we have deployed it in staging
and with this email we would like to invite you to test it there.
We have written some documentation on how `rpmautospec` works and how you
can opt in at: https://docs.pagure.org/Fedora-Infra.rpmautospec/
To interact with staging you will need:
- to use `stg-koji` instead of `koji`
- to use `fedpkg-stage` instead of `fedpkg` (``dnf install fedpkg-stage``)
- to kinit against `STG.FEDORAPROJECT.ORG`
- to test with rawhide as rpmautospec is only available there in staging at this
point
To remove some of the warnings thrown by `fedpkg` or to simply keep `rpmbuild`
working locally, you will have to install the `rpmautospec-rpm-macros` package
available in your nearest bodhi (it's still hot from the oven at the time of
writing this email so it hasn't made it yet to updates-testing).
Note, this task was very much time-bound for us and we reached this limit, so
this is not something that we will be heavily working on in the coming 3 months.
However, if there are sufficient people testing this in staging, providing
feedback or contributing to it, we may (depending on that feedback) look at
pushing this project forward later in the year.
Finally, while we've tried to be careful, we're sure that we've missed some
use cases and that this software isn't bug free, so please bear with us if
some of its edges are rough and report your issues/RFEs at:
https://pagure.io/Fedora-Infra/rpmautospec/
Thanks in advance for your help and feedback,
Adam, Nils and Pierre
PS:
- F32 update: https://bodhi.fedoraproject.org/updates/FEDORA-2020-7f41380eb9
- F31 update: https://bodhi.fedoraproject.org/updates/FEDORA-2020-3ee46bf2cd
- F30 update: https://bodhi.fedoraproject.org/updates/FEDORA-2020-081a876918
4 years
Fedora 33 System-Wide Change proposal: Perl 5.32
by Ben Cotton
https://fedoraproject.org/wiki/Changes/perl5.32
== Summary ==
A new ''perl 5.32'' version brings a lot of changes done over a year
of development. Perl 5.32 will be released in May 2020. See
[https://metacpan.org/pod/release/XSAWYERX/perl-5.31.10/pod/perldelta.pod
5.31.10 perldelta] for more details about preparing release.
== Owner ==
* Name: [[User:Jplesnik| Jitka Plesníková]]
* Email: <jplesnik(a)redhat.com>
* Name: [[User:Ppisar| Petr Písař]]
* Email: <ppisar(a)redhat.com>
=== Completed Items ===
=== Items in Progress ===
=== Items to Be Done ===
* Upstream to release Perl 5.32
* Get dedicated build-root <!-- [https://pagure.io/releng/issue/8384
build-root from rel-engs (''f31-perl'') ] -->
* Define perl_bootstrap in perl-srpm-macros
* Rebase perl to 5.32.0
<!--* Build new perl 5.32 keeping old COMPAT Provides -->
* Rebuild dual-lived packages (otherwise dnf recommends --skip-broken and fails)
* Rebuild packages needed for minimal build-root
* Rebuild packages needed for building source packages from git repository
* Rebuild other packages: Use Fedora::Rebuild dependency solver
<!--* Remove old perl(:MODULE_COMPAT_5.30.*) from perl -->
* Undefine perl_bootstrap
* Rebuild packages having perl_bootstrap condition in spec file
* Rebuild all updated packages
* [https://jplesnik.fedorapeople.org/5.32/ Final lists of results]
* Merge dedicated build-root to rawhide and remove the dedicated one by rel-engs
* Synchronize packages upgraded in ''f33'' build root
* Rebuilt Perl packages: 0 of 3182 done (0.00%)
* Failed builds (0):
== Detailed Description ==
New perl is released every year and updates containing mainly bug
fixes follow during the year. The 5.32.0 version is stable release
this year.
== Benefit to Fedora ==
Up-to-date and latest perl release will be delivered to Fedora users.
== Scope ==
Every Perl package will be rebuilt in a dedicated ''f33-perl''
build-root against perl 5.32.0 and then if no major problem emerges
the packages will be merged back to ''f33'' build-root.
* Proposal owners:
New perl and all packages requiring perl or a Perl module will be
rebuilt into ''f33-perl'' build-root.
* Other developers:
Owners of packages that fail to rebuild, mainly perl-sig users, will
be asked using Bugzilla to fix or remove their packages from the
distribution.
* Release engineering: [https://pagure.io/releng/issue/9387 #9387]
Release engineers will be asked for new ''f33-perl'' build-root
inheriting from ''f33'' build-root. After successful finishing the
rebuild, they will be asked to merge ''f33-perl'' packages back to
''f33'' build-root.
* Policies and guidelines:
No policies have to be modified to complete this change.
== Upgrade/compatibility impact ==
Vast majority of functionality will be preserved. Only the packages
that failed to build against perl 5.30 will be removed from the
distribution. That will require to remove those packages from existing
systems otherwise package manager will encounter unsatisfied
dependencies.
== How To Test ==
Try upgrading from Fedora 32 to 33. Try some Perl application to
verify they work as expected. Try embedded perl in slapd or snmpd.
== User Experience ==
There should not be any remarkable change in user experience. With the
exception that previously locally installed modules with a CPAN
clients will need a reinstalation.
== Dependencies ==
There is more than 3100 packages depending on perl. Most of them are
expected not to break. Finishing this change can be endangered only by
critical changes in a toolchain.
== Contingency Plan ==
If we find perl 5.32 is not suitable for Fedora 33, we will revert
back to perl 5.30 and we drop the temporary build-root with already
rebuilt packages.
* Contingency deadline: branching Fedora 33 from Rawhide.
* Blocks release? No.
== Documentation ==
* perldelta
* An announcement on the perl-devel mailing list
* An announcement on fedora-devel mailing list
== Release Notes ==
* TBD - when release candidate appears
--
Ben Cotton
He / Him / His
Senior Program Manager, Fedora & CentOS Stream
Red Hat
TZ=America/Indiana/Indianapolis
4 years
Fedora 33 System-Wide Change proposal: OpenSSL 3.0
by Ben Cotton
https://fedoraproject.org/wiki/Changes/OpenSSL3.0
== Summary ==
The OpenSSL package is rebased to version 3.0 and the dependent
packages are rebuilt.
== Owner ==
* Name: [[User:Tmraz| Tomáš Mráz]]
* Email: <tmraz(a)redhat.com>
== Detailed Description ==
The OpenSSL 3.0 release is going to be a significantly new release
with changed ABI however with minimal API changes. That means most of
the dependent packages will need just a rebuild to work with the new
OpenSSL package. However (at least temporarily) a compat-openssl11
package will be provided along the base package so the operation of
the Rawhide is not disrupted.
The OpenSSL 3.0 is still in development now but a first beta release
should be done in June. After that time the work on the rebase will
start and it should be possible to finish it still with a beta
releases. Later releases up to the final one should not be disruptive
and they should not break API/ABI.
== Benefit to Fedora ==
This change introduces OpenSSL 3.0 with its significantly reworked
internals which allow for better replacement of the crypto
implementations via the
[https://www.openssl.org/docs/OpenSSL300Design.html Crypto Providers]
concept.
== Scope ==
* Proposal owners: Provide a compat-openssl11 package, identify
dependent packages, provide the rebased openssl package, work with
dependent package owners on rebuilds.
* Other developers: Dependent package owners rebuild their packages.
Most of the dependencies will not require code changes but for some
more fragile dependencies (mostly language bindings) there might be
changes needed especially in the test cases which depend on some
legacy behavior.
* Release engineering: [https://pagure.io/releng/issues #Releng issue
number] If compat package is provided a mass rebuild should not be
necessary.
* Policies and guidelines: No update of packaging guidelines or other
policies should be needed.
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
If compat-openssl11 package is provided there should be no issues with upgrades.
== How To Test ==
If your application uses OpenSSL to communicate via TLS or perform
other tasks that use cryptographic algorithms from OpenSSL, please
test whether it continues to work properly. This should be covered by
the comprehensive upstream testsuite of OpenSSL. However many
dependent packages also provide good test coverage of OpenSSL
functionality.
== User Experience ==
There should be no impact on end-user experience.
== Dependencies ==
There are many packages which depend on libssl or libcrypto from
OpenSSL. Most of them should just work after rebuild with the new
openssl package. However it is also not critically needed to rebuild
everything at once if compat library compat-openssl11 package is
provided.
== Contingency Plan ==
If the openssl-3.0 is too unstable before the branching point of
Fedora 33 we will not update the package and delay the change to
Fedora 34.
If the openssl is already updated but it is found out to be too
unstable later we can revert to previous version however a rebuild of
all dependencies that were already rebuilt will be needed.
* Contingency mechanism: Revert package, rebuild updated dependencies.
* Contingency deadline: Before release
* Blocks release? No
* Blocks product? No
== Documentation ==
[https://www.openssl.org/docs/OpenSSL300Design.html OpenSSL 3.0
upstream design document]
[https://www.openssl.org/policies/releasestrat.html OpenSSL 3.0
release schedule]
== Release Notes ==
Fedora 33 comes with OpenSSL 3.0 as the primary OpenSSL package. It
brings support for Crypto Providers interface.
--
Ben Cotton
He / Him / His
Senior Program Manager, Fedora & CentOS Stream
Red Hat
TZ=America/Indiana/Indianapolis
4 years
Fedora 33 System-Wide Change Proposal: ELN Buildroot and Compose V4
by Stephen Gallagher
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I've just published a fourth version[1] of the ELN proposal. With a
lot of input from Miro Hrončok, I think I've finally been able to
clarify some of the points that we were getting hung up on.
Changes in this version of the proposal[2]:
* Improve our explanation of why we are doing ELN in the first place
* Clarify the relationship with Rawhide
* Better describe what happens if packages don't build on ELN
* Explain our plan for when to use conditionals (this was getting a
larger share of the conversation than it warranted because we didn't
do a good job of explaining that they should be the exception and not
the rule)
* Clarify that the time limit on PRs is only for determining if the
maintainer is responsive. If they reply, the timer is cleared.
* Fixed the question about upstream features to make it clear that
what we meant is that new features should go upstream first, not be
implemented as a fork in ELN
* Added a section explaining how we will deal with side-tags
* Make it clear that we don't want to diverge wherever possible and
that any planned divergence should be discussed with the ELN SIG ahead
of time
* Cleaned up the contingency plan section.
I hope that these changes will make our position more clear. Thank you
to everyone who has contributed to this discussion. I think the
feedback has been very valuable and I sincerely appreciate it.
[1] https://fedoraproject.org/wiki/Changes/ELN_Buildroot_and_Compose
[2] https://fedoraproject.org/w/index.php?title=Changes%2FELN_Buildroot_and_C...
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCAAdFiEEhQqd0dvyrMxvxJSRRduFpWgobREFAl6LpNgACgkQRduFpWgo
bRH4MAwAu1INM0mplL1yQiW2DMS148VubU5DkxRbaE3biZTvw5WzzbpxwpXr+nFp
eZf7IUyn5HCdtCAk1TQ4ga/TuV5VsaEEZ+a9p8PZfs4XTEMGpB7olP0Z8Jq1PWwn
EM6+4BAUWJ4JS7Q1+/CnEkUHA+1ZVeAzeb5bfSlcae2Vgx6evQMB4rEqAXdr16Qk
3Hi082+4SutmBv67cRA/JdRZmvUaHYtS4y5DrWAXOS23k8SHUCT/2O2f7NRPAoG/
f+04nG5JyUePY64pnVtDnsVMwETWiNSSs4V1dbKYe9Fj5H/jbvKIsvo8AWxw4BAq
rXCSIB3wMf08eM2KTaLvk0x+cz2BiSEZEDVdceffVXMwnUZulu/oeYDKdQg9OoHW
IQJbMoASgxRUXH1ZiMy8Q3SgQHvcu/YLmjS+djlVakLunhW7NfQjZB7txMyDi0PY
Hwn32C1kXnaoBJds4zB4QpWiJy5wI82CRL92Zvz0kiRPiO9TMCuj+t5kLZVmVTnI
8ShPIeos
=+lwN
-----END PGP SIGNATURE-----
4 years
Fedora 33 Self-Contained Change proposal: Network Time Security
by Ben Cotton
https://fedoraproject.org/wiki/Changes/NetworkTimeSecurity
== Summary ==
Support for the Network Time Security (NTS) authentication mechanism
in the NTP client/server (chrony) and installer (anaconda).
== Owner ==
* Name: [[User:mlichvar| Miroslav Lichvar]], [[User:mkolman| Martin Kolman]]
* Email: mlichvar(a)redhat.com, mkolman(a)redhat.com
== Detailed Description ==
NTP is a widely used protocol for synchronization of clocks over
network. Authentication of NTP packets is important to prevent a
Man-in-the-middle (MITM) attacker from taking full control over the
client's clock (e.g. force it to jump to a distant future or past).
Several different authentication mechanisms have been specified for
NTP. The oldest and simplest one uses secret keys, where each client
has its own key which needs to be securely distributed to the server
and client. This means it is mostly limited to local networks. Autokey
is a newer mechanism based on public-key cryptography, but it was
shown to be insecure and it is rarely supported on public servers.
NTS is a new authentication mechanism
[https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp
specified by the IETF] for NTP. NTS has an NTS-KE protocol using
Transport Layer Security (TLS) to establish the keys and provide the
client with cookies which allow the NTP server to not keep any
client-specific state. NTP packets are authenticated using
Authenticated Encryption with Associated Data (AEAD). NTS is expected
to scale well to a large numbers of clients. There are already some
public NTP servers with NTS support.
The default NTP client and server on Fedora is `chrony`. Support for
NTS is added in version 4.0. It uses the GnuTLS library for TLS and
the Nettle library for AEAD.
NTS authentication can be enabled on the client by adding the `nts`
option to the `server` or `pool` directive in ''/etc/chrony.conf''.
Until a standard port is assigned for NTS by IANA, the port may need
to be specified with the `ntsport` option. For example
`
server time.example.com iburst nts ntsport 12123
`
When using NTS-enabled NTP sources, any NTP source that is not trusted
and reachable over a trusted network should be disabled. This includes
servers provided by DHCP. They should be disabled by adding
`PEERNTP=no` to ''/etc/sysconfig/network''.
We can consider changing the default ''/etc/chrony.conf'' to use some
trusted public NTP servers with NTS support. There are public servers
provided by [https://www.cloudflare.com/time/ Cloudflare] and
[https://www.netnod.se/time-and-frequency/how-to-use-nts Netnod]. Both
would be ok with Fedora using their servers by default (after some
testing and coordination). There is also a possibility that
pool.ntp.org will support NTS, although it is not very clear how
useful would NTS be in this case as the servers are owned by
individual contributors instead of a single trusted entity and
attackers can easily join the pool (some mitigations have been
proposed on the pool mailing list).
Potential issues with enabling NTS by default:
* Firewalls may block the NTS-KE port.
* ISPs may block or rate limit longer NTP packets as a mitigation for
amplification attacks using NTP mode 6 and 7. NTS-KE supports port
negotiation and an alternative port could be used to avoid this issue.
* Computers with no RTC (e.g. some ARM boards), or RTC that is too far
from the real time, will fail to verify TLS certificates. An option
could be added to disable the time checks before the first update of
the clock. This would have an impact on security.
== Benefit to Fedora ==
This change enables Fedora users to securely synchronize the system
clock to local or public NTP servers.
TBD: This change also makes the default configuration of the NTP client secure.
== Scope ==
* Proposal owners:
# Update `chrony` to 4.0 and enable the NTS support (adding dependency
on GnuTLS)
# TBD: Modify the default ''/etc/chrony.conf'' to use public servers
with NTS support
# Add an NTS option to the NTP settings in anaconda
* Other developers: N/A (not a System Wide Change)
* Release engineering: N/A (not needed for this Change)
* Policies and guidelines: N/A (not a System Wide Change)
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
Fedora systems updated from a previous version will use the new
''/etc/chrony.conf'' automatically if the installed file was not
modified. If it was modified, the users will need to update the file
manually or rename ''/etc/chrony.conf.rpmnew'' to
''/etc/chrony.conf'' in order to enable NTS.
== How To Test ==
If the default configuration is modified for this Change, it needs to
be tested that it works correctly on most systems where the previous
default configuration using pool.ntp.org servers worked.
The installer needs to be tested that it enables NTS in
''/etc/chrony.conf'' as expected and that it adds `PEERNTP=no` to
''/etc/sysconfig/network''.
The `chronyc -N sources` command can be used to verify that NTP
sources are responding. The `chronyc ntpdata` command can be used to
verify that the NTP sources are authenticated. For example:
# chronyc -N sources
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* time.cloudflare.com 3 6 377 28 -115us[
-111us] +/- 13ms
^+ nts.ntp.se 2 6 377 27 +212us[
+212us] +/- 22ms
# chronyc ntpdata | grep Auth
Authenticated : Yes
Authenticated : Yes
== User Experience ==
Client NTS can be enabled in the NTP settings in the installer.
Client and server NTS can be enabled by editing ''/etc/chrony.conf''
as documented in the `chrony.conf` man page.
== Dependencies ==
N/A (not a System Wide Change)
== Contingency Plan ==
* Contingency mechanism: N/A (not a System Wide Change)
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? N/A (not a System Wide Change)
* Blocks product?
== Documentation ==
N/A (not a System Wide Change)
== Release Notes ==
TBD
--
Ben Cotton
He / Him / His
Senior Program Manager, Fedora & CentOS Stream
Red Hat
TZ=America/Indiana/Indianapolis
4 years