Just wanted to touch base with everyone since I didn't make the meeting Thursday. I
found a new job, am in the process of relocating to Chicago and am finishing up the
semester, so time is short, but once I get moved things should quickly settle into a
routine and I'll be able to more regularly contribute.
sart
-----Original Message-----
From: infrastructure-bounces(a)lists.fedoraproject.org
[mailto:infrastructure-bounces@lists.fedoraproject.org] On Behalf Of
infrastructure-request(a)lists.fedoraproject.org
Sent: Saturday, February 15, 2014 6:00 AM
To: infrastructure(a)lists.fedoraproject.org
Subject: infrastructure Digest, Vol 93, Issue 21
Send infrastructure mailing list submissions to
infrastructure(a)lists.fedoraproject.org
To subscribe or unsubscribe via the World Wide Web, visit
https://admin.fedoraproject.org/mailman/listinfo/infrastructure
or, via email, send a message with subject or body 'help' to
infrastructure-request(a)lists.fedoraproject.org
You can reach the person managing the list at
infrastructure-owner(a)lists.fedoraproject.org
When replying, please edit your Subject line so it is more specific than "Re:
Contents of infrastructure digest..."
Today's Topics:
1. Re: Mailing-List Subscription Capta? (Michael Scherer)
2. Re: Mailing-List Subscription Capta? (Frank Murphy)
3. Re: ask.fp.o potential account hijacking with facebook oauth
(Achilleas Pipinellis)
4. Re: February status update for Fedora Infrastructure
Apprentices (Dan Mossor)
----------------------------------------------------------------------
Message: 1
Date: Fri, 14 Feb 2014 16:32:26 +0100
From: Michael Scherer <misc(a)zarb.org>
To: Fedora Infrastructure <infrastructure(a)lists.fedoraproject.org>
Subject: Re: Mailing-List Subscription Capta?
Message-ID: <1392391946.28162.15.camel(a)liliana.cdg.redhat.com>
Content-Type: text/plain; charset="UTF-8"
Le vendredi 14 février 2014 à 07:46 +0000, Frank Murphy a écrit :
On Thu, 13 Feb 2014 23:38:56 +0100
Michael Scherer <misc(a)zarb.org> wrote:
> What is the issue that would be solved by it ?
Script subscriptions, time wasting,
while I understand theses 2
trying to find the real person.
I fail to understand this one.
--
Michael Scherer
------------------------------
Message: 2
Date: Fri, 14 Feb 2014 15:39:49 +0000
From: Frank Murphy <frankly3d(a)gmail.com>
To: infrastructure(a)lists.fedoraproject.org
Subject: Re: Mailing-List Subscription Capta?
Message-ID: <20140214153949.6bd0b259(a)frank01.frankly3d.home>
Content-Type: text/plain; charset=US-ASCII
On Fri, 14 Feb 2014 16:32:26 +0100
Michael Scherer <misc(a)zarb.org> wrote:
>
trying to find the real person.
>
> I fail to understand this one.
>
Person applies to fas using:
john(a)doe.com
applies to ml using:
jd(a)gmail.com
same person,
doesn't always even use the same
"Real Name"
John aka Jonathan aka some other version of it.
but hard to spot with the
other stuff, which has to be cleared first,
and hope mistake is not made.
___
Regards
Frank
frankly3d.com
------------------------------
Message: 3
Date: Fri, 14 Feb 2014 17:42:11 +0200
From: Achilleas Pipinellis <axilleaspi(a)ymail.com>
To: infrastructure(a)lists.fedoraproject.org
Subject: Re: ask.fp.o potential account hijacking with facebook oauth
Message-ID: <52FE3953.4020405(a)ymail.com>
Content-Type: text/plain; charset=UTF-8
On 13/02/2014 08:42 μμ, Kevin Fenzi wrote:
On Sun, 09 Feb 2014 21:52:38 +0200
Achilleas Pipinellis <axilleaspi(a)ymail.com> wrote:
> Hello there!
>
> I bumped into a recent post that describes the way someone could get
> access to your account using facebook oauth. According to the
> vulnerability author:
>
>> Every website with "Connect Facebook account and log in with it" is
>> vulnerable to account hijacking.
>
> Source:
>
http://homakov.blogspot.gr/2014/01/two-severe-wontfix-vulnerabilities-in....
>
> Facebook will not fix this anytime soon. Should we disable facebook
> login until this gets resolved?
So, we discussed this some, and it seems like a pretty complex
vulnerability. Additionally, ask isn't a particularly sensitive
application for us.
So, we are just going to wait and see right now I think, and if it's
used against us, reevaluate.
Thanks for bringing it up... I sure hope there's a fix at some point.
kevin
Yeap, I thought so :)
I just reported it so that you know it's out there.
--
FAS : axilleas
GPG : 0xABF99BE5
Blog:
http://axilleas.me
------------------------------
Message: 4
Date: Fri, 14 Feb 2014 14:17:00 -0600
From: Dan Mossor <dan.mossor(a)outlook.com>
To: Fedora Infrastructure <infrastructure(a)lists.fedoraproject.org>,
kevin(a)scrye.com
Subject: Re: February status update for Fedora Infrastructure
Apprentices
Message-ID: <BLU0-SMTP203BE302675D4D59CC5F52A869C0(a)phx.gbl>
Content-Type: text/plain; charset="UTF-8"; format=flowed
On 02/03/2014 12:01 PM, Kevin Fenzi wrote:
Greetings.
You are getting this email because you are in the 'fi-apprentice' group
in the fedora account system (or are reading this on the
infrastructure list).
When you reply, please include your fedora account system login.
Additionally, I am CC'ing the infrastructure list. If you
would like to send your feedback there as well everyone can see and
comment on it. It's up to you.
https://fedoraproject.org/wiki/Infrastructure_Apprentice
At the first of every month(or so), I am going to be sending out an
email like this one. I would like feedback on how things are going for
you.
I'd like to ask for everyone to send me a quick reply with the
following data or anything related you can think of that might help us
make the apprentice program more useful.
0. Whats your fedora account system login?
1. Have you logged in and used your fi-apprentice membership to look at
our machines/setup in the last month? Do you plan to?
2. Has it helped you decide any area you wish to focus on or contribute
to more?
3. Have you looked at or been able to work on any of the fi-apprentice
'easyfix' tickets?
https://fedorahosted.org/fedora-infrastructure/report/14
4. Do you still wish to be a member of the group? If not (for whatever
reason) could you provide any hints to help others down the road?
5. Is there any help or communication or ideas you have that would help
you do any of the above?
6. What do you find to be the hardest part of getting involved?
Finding things to work on? Getting attention from others to help you?
Finding tickets in your interest area?
7. Have you been able to make any weekly irc meetings? Do you find them
helpful or interesting?
8. What is your favorite soup? :)
Any other general feedback is also quite welcome, including
improvements to this email, the wiki page, etc.
Any folks I do not hear from in the next week will be removed from the
group. (Note that it's easy to be readded when you have time or
whatever and it's nothing at all personal, we just want to keep the
group up to date with active folks).
Thanks, and looking forward to your feedback!
kevin
_______________________________________________
infrastructure mailing list
infrastructure(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure
0. dmossor
1. Yes, I have looked at the network configuration on the Nagios machine.
2. Not really - I just haven't given thought to it.
3. I looked at the tickets (once, admittedly) , but didn't see any in my
area of expertise.
4. Yes, I do, but my time is in extremely short supply at the moment.
5. None at this time - my problems with the group are my own, not the
group's.
6. Most difficult: time, or lack thereof. Next most difficult: no
tickets needing my skill set.
7. I made one or two of them.
8. Garlic Potato-Leek soup at Jim's Restaurant in Bahrain.
Sorry I haven't been active since I requested membership - 18 credit
hours of school on top of a full time job has proven to be more
difficult than I first imagined. Now that I've been able to automate a
couple things at work, though, I should be able to carve out a few hours
a week if you'll still have me.
--
Dan Mossor
Systems Engineer at Large
Fedora QA Team Volunteer FAS: dmossor IRC: danofsatx
San Antonio, Texas, USA
------------------------------
_______________________________________________
infrastructure mailing list
infrastructure(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure
End of infrastructure Digest, Vol 93, Issue 21
**********************************************