1:04 p.m.
Heads up about the release tooling changes we're proposing for F26. Note that this
list may exclude work to be completed for modularity but that will be added to the same
page at a later date. If there's anything that seems to be missing or mis-prioritized
please let me know. I'd like feedback on this list by the end of the week. Next week
we'll start getting ready to deliver these changes.
https://fedoraproject.org/wiki/ReleaseEngineering/PriorityPipeline#F26_Pr...
Thanks!
--
Amanda Carter
3:42 p.m.
Hi Amanda,
I'm curious about this change: "Kerberos support in koji, fedpkg, OSBS "
Is koji.fedoraproject.org is going to eventually stop supporting TLS
authentication, and we'll have a Fedora-project-wide Kerberos
infrastructure instead?
- Ken
On Mon, Oct 24, 2016 at 12:04 PM, Amanda Carter <acarter(a)redhat.com> wrote:
> Heads up about the release tooling changes we're proposing for F26. Note that
this list may exclude work to be completed for modularity but that will be added to the
same page at a later date. If there's anything that seems to be missing or
mis-prioritized please let me know. I'd like feedback on this list by the end of the
week. Next week we'll start getting ready to deliver these changes.
>
>
https://fedoraproject.org/wiki/ReleaseEngineering/PriorityPipeline#F26_Pr...
>
> Thanks!
>
> --
> Amanda Carter
> _______________________________________________
> devel mailing list -- devel(a)lists.fedoraproject.org
> To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
4 p.m.
On martes, 25 de octubre de 2016 2:42:15 PM CDT Ken Dreyer wrote:
Hi Amanda,
I'm curious about this change: "Kerberos support in koji, fedpkg, OSBS "
Is koji.fedoraproject.org is going to eventually stop supporting TLS
authentication, and we'll have a Fedora-project-wide Kerberos
infrastructure instead?
there will be kerberos auth for koji and lookaise cache, if it will be project
wide or not I am not sure that is decided yet.
Dennis
- Ken
On Mon, Oct 24, 2016 at 12:04 PM, Amanda Carter <acarter(a)redhat.com> wrote:
> Heads up about the release tooling changes we're proposing for F26. Note
> that this list may exclude work to be completed for modularity but that
> will be added to the same page at a later date. If there's anything that
> seems to be missing or mis-prioritized please let me know. I'd like
> feedback on this list by the end of the week. Next week we'll start
> getting ready to deliver these changes.
>
> https://fedoraproject.org/wiki/ReleaseEngineering/PriorityPipeline#F26_Pro
> posed_Tools_Changes
>
> Thanks!
>
> --
> Amanda Carter
> _______________________________________________
> devel mailing list -- devel(a)lists.fedoraproject.org
> To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
9:15 p.m.
On Tue, Oct 25, 2016 at 3:00 PM, Dennis Gilmore <dennis(a)ausil.us> wrote:
On martes, 25 de octubre de 2016 2:42:15 PM CDT Ken Dreyer wrote:
> Hi Amanda,
>
> I'm curious about this change: "Kerberos support in koji, fedpkg, OSBS
"
>
> Is koji.fedoraproject.org is going to eventually stop supporting TLS
> authentication, and we'll have a Fedora-project-wide Kerberos
> infrastructure instead?
there will be kerberos auth for koji and lookaise cache, if it will be project
wide or not I am not sure that is decided yet.
Thanks Dennis.
I'm curious about this because most organizations do not expose their
KDCs directly to the internet. As I understand it, it's possible for a
passive attacker to sniff the TGT exchange and brute-force a password,
whereas this attack scenario is not possible with Koji's current HTTPS
client cert authentication.
- Ken
1:39 a.m.
On ti, 25 loka 2016, Ken Dreyer wrote:
On Tue, Oct 25, 2016 at 3:00 PM, Dennis Gilmore
<dennis(a)ausil.us> wrote:
> On martes, 25 de octubre de 2016 2:42:15 PM CDT Ken Dreyer wrote:
>> Hi Amanda,
>>
>> I'm curious about this change: "Kerberos support in koji, fedpkg, OSBS
"
>>
>> Is koji.fedoraproject.org is going to eventually stop supporting TLS
>> authentication, and we'll have a Fedora-project-wide Kerberos
>> infrastructure instead?
>
> there will be kerberos auth for koji and lookaise cache, if it will be project
> wide or not I am not sure that is decided yet.
Thanks Dennis.
I'm curious about this because most organizations do not expose their
KDCs directly to the internet. As I understand it, it's possible for a
passive attacker to sniff the TGT exchange and brute-force a password,
whereas this attack scenario is not possible with Koji's current HTTPS
client cert authentication.
We implemented HTTPS proxying of the Kerberos protocol,
based on
MS-KKDCP specification. It is in MIT Kerberos 1.13+.
--
/ Alexander Bokovoy
12:19 p.m.
On Wed, Oct 26, 2016 at 12:39 AM, Alexander Bokovoy <abokovoy(a)redhat.com> wrote:
We implemented HTTPS proxying of the Kerberos protocol, based on
MS-KKDCP specification. It is in MIT Kerberos 1.13+.
Oh, fantastic! I didn't know that standard, or that MIT Kerberos supported it.
- Ken
12:50 p.m.
kerberos support for Fedora infra would be an amazing step forward.
Charalampos Stratakis
Associate Software Engineer
Python Maintenance Team, Red Hat
----- Original Message -----
From: "Amanda Carter" <acarter(a)redhat.com>
To: devel(a)lists.fedoraproject.org
Sent: Monday, October 24, 2016 8:04:40 PM
Subject: F26 proposed release tooling changes
Heads up about the release tooling changes we're proposing for F26. Note that this
list may exclude work to be completed for modularity but that will be added to the same
page at a later date. If there's anything that seems to be missing or mis-prioritized
please let me know. I'd like feedback on this list by the end of the week. Next week
we'll start getting ready to deliver these changes.
https://fedoraproject.org/wiki/ReleaseEngineering/PriorityPipeline#F26_Pr...
Thanks!
--
Amanda Carter
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
2:18 a.m.
I am not very familiar with the Fedora Infrastructure, I am just
curios whether the kerberos is going to be somehow synchronized with
FAS ?
Jan
On Wed, Oct 26, 2016 at 7:50 PM, Charalampos Stratakis
<cstratak(a)redhat.com> wrote:
kerberos support for Fedora infra would be an amazing step forward.
Charalampos Stratakis
Associate Software Engineer
Python Maintenance Team, Red Hat
----- Original Message -----
From: "Amanda Carter" <acarter(a)redhat.com>
To: devel(a)lists.fedoraproject.org
Sent: Monday, October 24, 2016 8:04:40 PM
Subject: F26 proposed release tooling changes
Heads up about the release tooling changes we're proposing for F26. Note that this
list may exclude work to be completed for modularity but that will be added to the same
page at a later date. If there's anything that seems to be missing or mis-prioritized
please let me know. I'd like feedback on this list by the end of the week. Next week
we'll start getting ready to deliver these changes.
https://fedoraproject.org/wiki/ReleaseEngineering/PriorityPipeline#F26_Pr...
Thanks!
--
Amanda Carter
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
4:08 a.m.
On to, 27 loka 2016, Jan Kurik wrote:
I am not very familiar with the Fedora Infrastructure, I am just
curios whether the kerberos is going to be somehow synchronized with
FAS ?
In short: yes.
However, please wait for official announcement by Fedora Infrastructure
for the actual details.
--
/ Alexander Bokovoy
9:36 a.m.
Thanks to everyone for reviewing and for your interest at least in the planned Kerberos
changes :) I'm going to close the feedback period now and ask if you have any other
questions or requests that you contact me directly so I don't miss it. We'll begin
the process of filing changes, etc next week.
Cheers!
----- Original Message -----
From: "Amanda Carter" <acarter(a)redhat.com>
To: devel(a)lists.fedoraproject.org
Sent: Monday, October 24, 2016 2:04:40 PM
Subject: F26 proposed release tooling changes
Heads up about the release tooling changes we're proposing for F26. Note that
this list may exclude work to be completed for modularity but that will be
added to the same page at a later date. If there's anything that seems to be
missing or mis-prioritized please let me know. I'd like feedback on this
list by the end of the week. Next week we'll start getting ready to deliver
these changes.
https://fedoraproject.org/wiki/ReleaseEngineering/PriorityPipeline#F26_Pr...
Thanks!
--
Amanda Carter
--
Amanda Carter
2743
days inactive
2747
days old
9 comments
6 participants
participants (6)
-
Alexander Bokovoy -
Amanda Carter -
Charalampos Stratakis -
Dennis Gilmore -
Jan Kurik -
Ken Dreyer