devel-announce April 2020

devel-announce@lists.fedoraproject.org

9 participants
23 discussions

Fedora 32 Final is NO-GO
by Ben Cotton 16 Apr '20

16 Apr '20

The release status of Fedora 32 Final is no-go.. Due to open blocker bugs, Fedora 32 Final was declared "no-go". We will reconvene at 1700 UTC on Thursday, 23 April[1] to re-evaluate. If we determine at that time that Fedora 32 is go, it will release on the "target release date #1" of 28 April. For more information, please see the minutes[2] from the Fedora 32 Final Go/No-Go meeting. [1] https://apps.fedoraproject.org/calendar/meeting/9738/ [2] https://meetbot.fedoraproject.org/fedora-meeting-1/2020-04-16/f32-final-go_… -- Ben Cotton He / Him / His Senior Program Manager, Fedora & CentOS Stream Red Hat TZ=America/Indiana/Indianapolis

1 0

Fedora 33 System-Wide Change proposal: systemd-resolved
by Ben Cotton 14 Apr '20

14 Apr '20

https://fedoraproject.org/wiki/Changes/systemd-resolved == Summary == Enable systemd-resolved by default. glibc will perform name resolution using nss-resolve rather than nss-dns. == Owner == * Name: [[User:catanzaro| Michael Catanzaro]] * Email: <mcatanzaro(a)redhat.com> == Detailed Description == We will enable systemd-resolved by default. # We will change the [https://src.fedoraproject.org/rpms/fedora-release/blob/f4cc5b6ce095bb4233e5… fedora-release presets] to enable systemd-resolved instead of disable it. # systemd-libs currently has [https://src.fedoraproject.org/rpms/systemd/blob/bb79fb73875f8e71841a1ee8ede… a %post scriplet] to enable nss-myhostname and nss-systemd by either (a) modifying authselect's user-nsswitch.conf template, if authselect is in use, or (b) directly modifying /etc/nsswitch.conf otherwise. We will work with the systemd maintainers to enable nss-resolve here as well. # We will work with the authselect maintainers to update authselect's minimal and nis profiles to enforce nss-resolve. These profiles modify the hosts line of /etc/resolv.conf. (By default, Fedora uses authselect's sssd profile, which does not modify the hosts line and therefore does not have this problem.) # We will remove our downstream patch to systemd that prevents systemd from symlinking /etc/resolv.conf to /run/systemd/resolve/stub-resolv.conf on new installs. For system upgrades, a systemd-libs %post scriptlet will be used to reassign the symlink during upgrade. Upon detecting this symlink, NetworkManager will automatically enable its systemd-resolved support and configure split DNS as appropriate. systemd-resolved has been enabled by default in Ubuntu since Ubuntu 16.10, but please note we are doing this differently than Ubuntu has. Ubuntu does not use nss-resolve. Instead, Ubuntu uses the traditional nss-dns provided by glibc upstream, so glibc on Ubuntu continues to read /etc/resolv.conf, as is traditional. This extra step is not useful and not recommended by upstream. We want to follow upstream recommendations in using nss-resolve instead. If you do not wish to use systemd-resolved, then manual intervention will be required to disable it: * Modify /etc/authselect/user-nsswitch.conf and remove `resolve [!UNAVAIL=return]` from the hosts line. Run `authselect apply-changes`. (If you have disabled authselect, then edit /etc/nsswitch.conf directly.) * Disable and stop systemd-resolved.service. * Restart the NetworkManager service. NetworkManager will then create a traditional /etc/resolv.conf. (If you are not using NetworkManager, you may create your own /etc/resolv.conf.) == Benefit to Fedora == === Standardization === Fedora will continue its history of enabling new systemd-provided services whenever it makes sense to do so. Standardizing on upstream systemd services is beneficial to the broader Linux ecosystem in addition to Fedora, since standardizing reduces behavior differences between different Linux distributions. Sadly, Fedora is no longer leading in this area. Ubuntu has enabled systemd-resolved by default since Ubuntu 16.10, so by the time Fedora 33 is released, we will be three years behind Ubuntu here. === resolvectl === `resolvectl` has several useful functions (e.g. `resolvectl status` or `resolvectl query`) that will be enabled out-of-the-box. === Caching === systemd-resolved caches DNS queries for a short while. This can [https://gitlab.gnome.org/GNOME/glib/-/merge_requests/682#note_441846 dramatically] improve performance for applications that do not already manually cache their own DNS results. (Generally, only web browsers bother with manually caching DNS results.) === Split DNS === When systemd-resolved is enabled, users who use multiple VPNs at the same time will notice that DNS requests are now sent to the correct DNS server by default. Previously, this scenario would result in embarrassing "DNS leaks" and, depending on the order that the VPN connections were established, possible failure to resolve private resources. These scenarios will now work properly. For example, consider the scenario of Distrustful Denise, who (quite reasonably) does not trust her ISP. Denise uses a public VPN service, public-vpn.example.com, to hide her internet activity from her ISP, but she also needs to use her employer's corporate VPN, corporation.example.com, in order to access internal company resources while working from home. Using the Network panel in System Settings, Denise has configured her employer's VPN to "use this connection only for resources on its network." Distrustful Denise expects that her employer's VPN will receive all traffic for corporation.example.com, and no other traffic. And while this mostly works in Fedora 32, she discovers that it does not work properly for DNS: * If Denise connects to public-vpn.example.com first and corporation.example.com second, she is unable to access internal company resources. All DNS requests are sent to public-vpn.example.com's DNS server, so she is unable to resolve names for internal company websites. * If Denise connects to corporation.example.com first and public-vpn.example.com second, then she is able to access internal company resources. However, it only works because ''all'' her DNS requests are sent to corporation.example.com's DNS server. Sadly for Distrustful Denise, her employer discovers that she has been making some embarrassing DNS requests that she had expected to go through public-vpn.example.com instead. Whichever VPN Denise connects to first receives all DNS requests because glibc's nss-dns module is not smart enough to split the requests. /etc/resolv.conf is just a list of DNS servers to try in order, and NetworkManager has no plausible way to decide which to list first, because both ways are broken, so it just prefers whichever was connected first. And if one server fails to respond, then the next server in the list will be tried, likely resulting in a DNS leak. In contrast, when systemd-resolved is enabled, it will send each DNS request only to the correct DNS server. The DNS server that will be used for each tun interface can be inspected using the resolvectl tool. Migrating away from /etc/resolv.conf will also avoid an annoying footgun with this legacy file: only the first three listed nameservers are respected. All further nameservers are silently ignored. NetworkManager adds a warning comment when writing more than three nameservers to this file, but it cannot do any better than that. === DNS over TLS === systemd-resolved supports DNS over TLS (different from DNS over HTTPS). Although this feature will not initially be enabled by default, using systemd-resolved will enable us to turn on DNS over TLS in a future Fedora release, providing improved security if the user's DNS server supports DNS over TLS. == Scope == * Proposal owners: We will update Fedora presets to enable systemd-resolved by default. * Other developers: This change requires coordination with the systemd and authselect maintainers. * Release engineering: [https://pagure.io/releng/issue/9367 #9367] * Policies and guidelines: none required * Trademark approval: N/A (not needed for this Change) == Upgrade/compatibility impact == systemd-resolved will be enabled automatically when upgrading to Fedora 33. After upgrade, /etc/resolv.conf will be managed by systemd and symlinked to /run/systemd/resolve/stub-resolv.conf. '''glibc will no longer look at /etc/resolv.conf when performing name resolution.''' Instead, glibc will communicate directly with systemd-resolved via nss-resolve. systemd adds a large warning comment to the top of /etc/resolv.conf to warn system administrators that changes to this file will be ignored; however, scripts that edit this file manually will break. Because this file is usually managed by NetworkManager, impact to Fedora users will be limited to users who have manually disabled NetworkManager; such users are expected to be experienced system administrators who should be comfortable adapting to the change (or disabling systemd-resolved). Any applications that bypass glibc and read /etc/resolv.conf directly will still work because /etc/resolv.conf will point to systemd-resolved's stub resolver running on 127.0.0.53. Nevertheless, /etc/resolv.conf is provided only for compatibility purposes, and applications should prefer to use either glibc or the systemd-resolved D-Bus API instead; see systemd-resolved(8) for details. In short, '''applications that read /etc/resolv.conf will continue to work as before.''' Applications that write to it will no longer work as expected, but this only previously worked if NetworkManager is disabled, a non-default configuration. It remains possible to disable systemd-resolved if desired. Otherwise, any custom system administration scripts that manage /etc/resolv.conf will need to be updated. === DNSSEC === systemd-resolved's DNSSEC support is known to cause compatibility problems with certain network access points. Per recommendation from the systemd developers, we will change the default value of this setting in Fedora from the upstream default `DNSSEC=allow-downgrade` to `DNSSEC=no` by building systemd with the build option `-Ddefault-dnssec=no`. The upstream default attempts to use DNSSEC if it is working, but automatically disable it otherwise, allowing man-in-the-middle attackers to disable DNSSEC. Sadly, even the allow-downgrade setting suffers known compatibility problems. Because Fedora is not prepared to handle an influx of DNSSEC-related bug reports, we will disable this feature altogether. We anticipate that enabling DNSSEC by default will not be possible in the foreseeable future, or perhaps ever. Instead, enabling DNS over TLS (when supported by the DNS server) seems likely in the near future. === Multicast DNS === systemd-resolved's multicast DNS support conflicts with Avahi. Per recommendation from the systemd developers, we will change the default value of this setting in Fedora from the upstream default `MulticastDNS=yes` to `MulticastDNS=resolve`. Multicast DNS resolving will be enabled, but responding will be disabled. This will require adding a new systemd build option to control the default value of the MulticastDNS setting, similar to the existing `default-dnssec` and `default-dns-over-tls` build options. == How To Test == Load any website in a web browser. If you succeed, then name resolution probably works. Try using `resolvectl status` and, for example, `resolvectl query fedoraproject.org`, to see how they work and sanity-check their output. Users who use multiple VPNs at the same time are encouraged to test DNS in a multiple VPN scenario, to ensure that DNS requests are sent to the expected DNS server. == User Experience == See the Benefit to Fedora section, above, for direct benefits to users who use multiple VPNs at the same time. Users will be able to use the resolvectl tool and the functionality it provides. /etc/resolv.conf will now be managed by systemd rather than by NetworkManager. As before, this file must not be modified directly when it is managed. == Dependencies == In Fedora, /etc/nsswitch.conf is managed by authselect. By default, authselect uses the sssd profile to generate configuration compatible with sssd. In this mode of operation, it does not modify the hosts line in /etc/nsswitch.conf. This is also true if using the winbind profile instead of the sssd profile. However, authselect's minimal and nis profiles do modify the hosts line. These authselect profiles must be updated to enable nss-resolved. If you are using authselect in one of these modes, it will not be possible to cleanly disable systemd-resolved because the hosts line in /etc/nsswitch.conf will be clobbered whenever 'authselect apply-changes' is run. If you wish to disable systemd-resolved and you are using authselect in one of these modes, then you should stop using authselect. This is not expected to cause many problems because virtually all Fedora users will be using the default sssd profile. We do not need to directly make any changes to the /etc/nsswitch.conf shipped by glibc. Changes will be applied in the systemd-libs %post scriptlet. == Contingency Plan == The contingency plan, in the unlikely event of unexpected problems, is simply to revert any changes and not enable systemd-resolved. * Contingency deadline: beta freeze * Blocks release? No * Blocks product? No == Documentation == * systemd-resolved is documented in several manpages: resolvectl(1), resolved.conf(5), nss-resolve(8), systemd-resolved(8). * [https://wiki.archlinux.org/index.php/Systemd-resolved Arch Wiki documentation] * [https://wiki.gnome.org/Projects/NetworkManager/DNS NetworkManager DNS documentation] == Release Notes == systemd-resolved is now enabled by default. systemd-resolved provides a system-level DNS cache that can substantially improve performance for applications that do not cache their own DNS results, allows correct handling of split DNS scenarios such as when multiple VPNs are in use, and will allow Fedora to enable DNS over TLS in the future. /etc/resolv.conf will now be managed by systemd-resolved rather than by NetworkManager. /etc/resolv.conf will no longer be read when performing name resolution using glibc; however, it is still provided for compatibility with applications that manually read this file to perform name resolution. Writing to /etc/resolv.conf will no longer work as expected. -- Ben Cotton He / Him / His Senior Program Manager, Fedora & CentOS Stream Red Hat TZ=America/Indiana/Indianapolis

1 0

Fedora 33 Self-Contained Change proposal: Update Erlang/OTP to version 23
by Ben Cotton 14 Apr '20

14 Apr '20

https://fedoraproject.org/wiki/Changes/Erlang_23 == Summary == Update Erlang/OTP to version 23. == Owner == * Name: [[User:Peter|Peter Lemenkov]], [[SIGs/Erlang|Fedora Erlang SIG]], [[User:bowlofeggs|Randy Barlow]], [[User:jcline|Jeremy Cline]] * Email: lemenkov(a)gmail.com, erlang(a)lists.fedoraproject.org, bowlofeggs(a)fedoraproject.org, jcline(a)fedoraproject.org == Detailed Description == Upgrade Erlang to version 23 which brings a lot of changes. Just a few highlights: * Numerous scalability and performance improvements. * New modules - pg (pool group) and erpc (enhanced RPC). * Removed SSL 3.0 support entirely. * Removed deprecated part of erl_interface API * An experimental socket backend for TCP and UDP API. * Even faster SSL/TLS operations. * Now it's possible to work w/o external EPMD in production-ready applications Aside from this, we plan to improve quality of Erlang and related packages. These are shortcomings we want to address: Besides that we still have a lengthy list of TODOs: * Every daemon written in Erlang has its own logging solution which doesn't use neither syslog nor Journald. We should start switching them to unified logger.. * We should allow D-Bus API via [https://github.com/lizenn/erlang-dbus erlang-dbus] library or any other recent implementations.. * Further improve [[User:Peter/Erlang_Packaging_Guidelines|Erlang Packaging Guidelines]] and promote it as the official guideline. * Switch to rebar3 as a main build tool. * SELinux rules for main Erlang applications (Ejabberd, CouchDB, RabbitMQ) are outdated or missing. == Benefit to Fedora == Fedora users, both developers and end-users, will have visible benefits from using Fedora-provided packages. Namely: * Improved scalability and robustness. == Scope == * Proposal owners: ** [https://bugzilla.redhat.com/807897 Upgrade Erlang to the latest version (23.0)]. ** We must rebuild every package which requires NIF version (listed below in the [[#Dependencies|Dependencies]] section) against Erlang 23.x.y. ** Every Erlang daemon's systemd unit must require epmd.socket. ** We need to fill new review request for [https://github.com/lizenn/erlang-dbus erlang-dbus] ** Upgrade outdated packages: *** {{package|riak|Riak}} **** {{package|riak|Riak}} has has been retired. We have to re-add it back. *** {{package|ejabberd|Ejabberd}} *** {{package|rabbitmq-server|RabbitMQ}}. *** {{package|couchdb|CouchDB}} ** {{package|erlang-rebar3|rebar3}} *** Provide/adjust RPM macros for rebar3. ** Package GDB macros for easier coredump debugging (see also [https://bugzilla.redhat.com/show_bug.cgi?id=663253 this ticket]). * Other developers: N/A * Release engineering: TBA * Policies and guidelines: ** We should promote officially [[User:Peter/Erlang_Packaging_Guidelines|Erlang Packaging Guidelines]]. * Trademark approval: N/A (not needed for this Change) == Upgrade/compatibility impact == * Every Erlang upgrade requires the rebuilding of modules which contains [http://www.erlang.org/doc/reference_manual/ports.html ports] or [http://www.erlang.org/doc/tutorial/nif.html NIFs], and we will rebuild all such modules in Fedora. However if a user has some additional modules not available in a Fedora repository, then these modules must be rebuilt manually. * So-called [http://erlang.org/doc/man/HiPE_app.html HiPE] continues to deteriorate. In this version it's barely functional and likely is going to be removed in the next one. == How To Test == * Ensure that high-grade Erlang applications are still working: (see wiki) * Collect feedback from volunteers regarding their experience with this Erlang/OTP version == User Experience == Users will get more robust, scalable, and fast Erlang applications. == Dependencies == The following packages must be rebuilt: (see wiki) == Contingency Plan == * Contingency mechanism: None necessary. Instead of falling back to the previous version we should fix existing packages in order to help the Community. We should also monitor upstream development process for potentially discovered issues and proactively apply patches (as we already did with [[Features/Erlang_R14|Erlang R14]], [[Features/Erlang_R15|Erlang R15]], [[Features/Erlang_R16|Erlang R16]], [[Changes/BetterErlangSupport|Erlang 17]], [[Changes/Erlang_18|Erlang 18]], [[Changes/Erlang_19|Erlang 19]], [[Changes/Erlang_20|Erlang 20]], [[Changes/Erlang_21|Erlang 21]] and [[Changes/Erlang_22|Erlang 22]]). It should be noted that this change consists from an independent or loosely coupled smaller changes. If we fail to deliver some changes in time, we should reschedule these exact changes to the future Fedora release while keeping already implemented ones. * Contingency deadline: N/A * Blocks release? N/A * Blocks product? N/A == Documentation == * [https://www.erlang.org/news/138 Erlang/OTP 23 Release Candidate 2 release notes] == Release Notes == Erlang/OTP 23.0 is available in Fedora 33. -- Ben Cotton He / Him / His Senior Program Manager, Fedora & CentOS Stream Red Hat TZ=America/Indiana/Indianapolis

1 0

Orphaned packages looking for new maintainers (incl. GConf2, keybinder3, orangefs)
by Miro Hrončok 14 Apr '20

14 Apr '20

The following packages are orphaned and will be retired when they are orphaned for six weeks, unless someone adopts them. If you know for sure that the package should be retired, please do so now with a proper reason: https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life Note: If you received this mail directly you (co)maintain one of the affected packages or a package that depends on one. Please adopt the affected package or retire your depending package to avoid broken dependencies, otherwise your package will be retired when the affected package gets retired. Request package ownership via the *Take* button in he left column on https://src.fedoraproject.org/rpms/<pkgname> Full report available at: https://churchyard.fedorapeople.org/orphans-2020-04-14.txt grep it for your FAS username and follow the dependency chain. Package (co)maintainers Status Change ================================================================================ CPUFreqUtility orphan 1 weeks ago GConf2 alexl, caillon, caolanm, 1 weeks ago gnome-sig, johnp, mbarnes, orphan, rhughes, ssp, walters GREYCstoration orphan 1 weeks ago abcm2ps orphan 1 weeks ago adapta-gtk-theme orphan 1 weeks ago afpfs-ng orphan 1 weeks ago antlr4 gil, jkastner, lef, mizdebsk, 1 weeks ago orphan apache-commons-dbutils mizdebsk, orphan 1 weeks ago apache-commons-email mizdebsk, orphan 1 weeks ago apache-commons-jci jjelen, orphan 1 weeks ago apache-commons-jcs cquad, jjelen, orphan 2 weeks ago apanov-edrip-fonts frixxon, orphan 1 weeks ago apbs orphan, rathann 1 weeks ago artha orphan 1 weeks ago avalon-framework jerboaa, jjelen, mizdebsk, 2 weeks ago orphan avr-gdb giallu, orphan, trondd 1 weeks ago batik jvanek, mizdebsk, orphan, 1 weeks ago sergiomb biboumi jcline, orphan 2 weeks ago bmake orphan 1 weeks ago bval jjelen, orphan 1 weeks ago bygfoot orphan 1 weeks ago cassandra-java-driver hhorak, jjanco, orphan 1 weeks ago castor lef, orphan 1 weeks ago catimg orphan 1 weeks ago cdpr orphan 1 weeks ago ckermit orphan 1 weeks ago classloader-leak-test-framework orphan, praiskup 1 weeks ago cmyktool orphan 1 weeks ago cog orphan 1 weeks ago containers orphan 3 weeks ago coriander dajt, orphan 1 weeks ago cpptasks orphan 5 weeks ago dateshift orphan 1 weeks ago dibbler orphan 1 weeks ago docco nodejs-sig, orphan, patches 1 weeks ago drbd orphan 1 weeks ago dsi orphan 1 weeks ago echoping orphan 1 weeks ago eclipse-avr orphan 1 weeks ago eclipse-egit-github eclipse-sig, orphan 1 weeks ago eclipse-m2e-core eclipse-sig, galileo, 1 weeks ago mizdebsk, orphan eclipse-mylyn arobinso, eclipse-sig, 1 weeks ago jjohnstn, kdaniel, orphan, rgrunber eclipse-photran akurtakov, eclipse-sig, orphan 1 weeks ago eclipse-ptp eclipse-sig, jjohnstn, 1 weeks ago kdaniel, orphan eclipse-remote eclipse-sig, orphan 1 weeks ago eclipse-subclipse eclipse-sig, kdaniel, orphan 1 weeks ago eclipse-testng eclipse-sig, orphan 1 weeks ago eclipse-webtools eclipse-sig, galileo, orphan 1 weeks ago emacs-mmm orphan 1 weeks ago fcoe-utils orphan 1 weeks ago flatbuffers orphan 1 weeks ago foma orphan 1 weeks ago fts andreamanzi, orphan 1 weeks ago gcolor2 orphan 1 weeks ago geronimo-jcache jjelen, lef, orphan 1 weeks ago geronimo-jcdi-1.0-api jjelen, lef, orphan 2 weeks ago ggz-gtk-client orphan, pwalter 1 weeks ago gluegen2 orphan 1 weeks ago gnomad2 orphan 1 weeks ago gnomint orphan 1 weeks ago gpsdrive orphan 1 weeks ago grsync orphan 1 weeks ago gtick orphan, renich 1 weeks ago gtkdialog orphan 1 weeks ago guava20 mizdebsk, orphan 1 weeks ago gwget orphan 1 weeks ago hcc orphan 1 weeks ago hfsplusutils orphan 1 weeks ago hovercraft orphan, ralph 1 weeks ago imageinfo orphan 1 weeks ago insect fnux, orphan 4 weeks ago java-vash orphan 1 weeks ago jaxb2-maven-plugin jjelen, lef, orphan 2 weeks ago jboss-jsf-2.2-api jjelen, lef, orphan 2 weeks ago jchart2d orphan 1 weeks ago jetty-build-support mizdebsk, orphan 5 weeks ago jetty-parent mizdebsk, orphan 1 weeks ago jetty-toolchain mizdebsk, orphan 3 weeks ago jlatexmath orphan 1 weeks ago jline3 orphan 1 weeks ago josm jjelen, orphan 1 weeks ago jruby lef, msrb, orphan, vondruch 1 weeks ago keybinder3 orphan 1 weeks ago laszip devrim, orphan 5 weeks ago lde orphan 1 weeks ago libacpi orphan 1 weeks ago libccp4 orphan 1 weeks ago liblas devrim, orphan 5 weeks ago libnih orphan 1 weeks ago libopensync-plugin-gnokii awjb, orphan 1 weeks ago libvtemm hguemar, orphan 1 weeks ago lldpad orphan 1 weeks ago lterm orphan 1 weeks ago maven-injection-plugin mizdebsk, orphan 5 weeks ago maven-mapping mizdebsk, orphan 5 weeks ago maven-release jcapik, orphan 1 weeks ago maven-stage-plugin huwang, orphan 1 weeks ago mboxgrep orphan 1 weeks ago mbrowse orphan 1 weeks ago metrics-reporter-config hhorak, orphan 1 weeks ago mipv6-daemon orphan 1 weeks ago musique orphan, skytux 1 weeks ago mvel orphan 5 weeks ago mx4j dwalluck, orphan 1 weeks ago mycila-pom orphan 1 weeks ago nekobee-dssi orphan 5 weeks ago nodejs-base64-arraybuffer orphan 1 weeks ago nodejs-bcryptjs orphan 1 weeks ago nodejs-bunyan nodejs-sig, orphan 1 weeks ago nodejs-chai-cheerio orphan 1 weeks ago nodejs-chai-fs orphan 1 weeks ago nodejs-cheerio orphan 1 weeks ago nodejs-cjson nodejs-sig, orphan 1 weeks ago nodejs-collections nodejs-sig, orphan, patches 1 weeks ago nodejs-commonmark nodejs-sig, orphan 1 weeks ago nodejs-connect nodejs-sig, orphan, patches 1 weeks ago nodejs-convert-source-map nodejs-sig, orphan 1 weeks ago nodejs-cookie-session orphan 1 weeks ago nodejs-cors orphan 1 weeks ago nodejs-css-select nodejs-sig, orphan 1 weeks ago nodejs-csscomb-core nodejs-sig, orphan 1 weeks ago nodejs-csslint nodejs-sig, orphan 1 weeks ago nodejs-default-resolution orphan 1 weeks ago nodejs-defence nodejs-sig, orphan 1 weeks ago nodejs-del nodejs-sig, orphan 1 weeks ago nodejs-delete orphan 1 weeks ago nodejs-engine-dot-io-client orphan 1 weeks ago nodejs-engine-dot-io-parser orphan 1 weeks ago nodejs-espower orphan 1 weeks ago nodejs-esprima nodejs-sig, orphan, patches 1 weeks ago nodejs-esprima-fb nodejs-sig, orphan 1 weeks ago nodejs-esprima-harmony-jscs nodejs-sig, orphan 1 weeks ago nodejs-expect nodejs-sig, orphan 1 weeks ago nodejs-fake orphan 1 weeks ago nodejs-find-cache-dir nodejs-sig, orphan 1 weeks ago nodejs-find-up nodejs-sig, orphan, sergiomb 1 weeks ago nodejs-flat-cache orphan 1 weeks ago nodejs-fs-promise orphan 1 weeks ago nodejs-git-remote-origin-url orphan 1 weeks ago nodejs-gitconfiglocal orphan 1 weeks ago nodejs-gnode orphan 1 weeks ago nodejs-grunt-contrib-clean nodejs-sig, orphan, patches 1 weeks ago nodejs-grunt-contrib-csslint nodejs-sig, orphan 1 weeks ago nodejs-grunt-init nodejs-sig, orphan, patches, 1 weeks ago piotrp nodejs-grunt-lib-contrib nodejs-sig, orphan, patches 1 weeks ago nodejs-highlight-js nodejs-sig, orphan, patches 1 weeks ago nodejs-historic-readline orphan 4 weeks ago nodejs-htmlparser2 nodejs-sig, orphan 1 weeks ago nodejs-i nodejs-sig, orphan, patches 1 weeks ago nodejs-is-arrow-function nodejs-sig, orphan 1 weeks ago nodejs-is-error orphan 1 weeks ago nodejs-jasmine-growl-reporter nodejs-sig, orphan, patches 1 weeks ago nodejs-json-parse-helpfulerror nodejs-sig, orphan 1 weeks ago nodejs-lcov-parse nodejs-sig, orphan 1 weeks ago nodejs-load-grunt-tasks nodejs-sig, orphan, patches 1 weeks ago nodejs-locate-path nodejs-sig, orphan, sergiomb 1 weeks ago nodejs-loophole orphan 1 weeks ago nodejs-ltx nodejs-sig, orphan, patches 1 weeks ago nodejs-make-dir orphan 1 weeks ago nodejs-mock-bin orphan 1 weeks ago nodejs-mock-git orphan 1 weeks ago nodejs-netmask nodejs-sig, orphan 1 weeks ago nodejs-ng-classify orphan 1 weeks ago nodejs-object-dot-entries nodejs-sig, orphan 1 weeks ago nodejs-object-dot-pick orphan 1 weeks ago nodejs-only-shallow nodejs-sig, orphan 1 weeks ago nodejs-opal-runtime orphan 1 weeks ago nodejs-passport-oauth2-client- orphan 1 weeks ago password nodejs-pkg-dir nodejs-sig, orphan 1 weeks ago nodejs-pkg-up nodejs-sig, orphan, sergiomb 1 weeks ago nodejs-q nodejs-sig, orphan, patches 1 weeks ago nodejs-q-io nodejs-sig, orphan, patches 1 weeks ago nodejs-qunit-extras nodejs-sig, orphan 1 weeks ago nodejs-read-json-sync orphan 1 weeks ago nodejs-redent nodejs-sig, orphan 1 weeks ago nodejs-replace-ext nodejs-sig, orphan 1 weeks ago nodejs-ret orphan 1 weeks ago nodejs-revalidator nodejs-sig, orphan, patches 1 weeks ago nodejs-select-hose orphan 1 weeks ago nodejs-snockets nodejs-sig, orphan, patches 1 weeks ago nodejs-source-map-support orphan 1 weeks ago nodejs-strong-log-transformer orphan 1 weeks ago nodejs-tern-cordovajs galileo, nodejs-sig, orphan, 1 weeks ago vjancik nodejs-to-absolute-glob nodejs-sig, orphan 1 weeks ago nodejs-underscore-dot-logger nodejs-sig, orphan, patches 1 weeks ago nodejs-url2 nodejs-sig, orphan, patches 1 weeks ago nodejs-vasync nodejs-sig, orphan 1 weeks ago nodejs-watchit nodejs-sig, orphan, patches 1 weeks ago nodejs-winston nodejs-sig, orphan, patches, 1 weeks ago piotrp nodejs-write orphan 1 weeks ago nodejs-xmlhttprequest-ssl orphan 1 weeks ago nyquist orphan 1 weeks ago ocitools orphan 1 weeks ago open-amp orphan 1 weeks ago opendchub orphan 1 weeks ago openjpa jjelen, lef, orphan 2 weeks ago orangefs orphan 1 weeks ago oshinko-cli orphan 1 weeks ago parfait agerstmayr, mgoodwin, nathans, 1 weeks ago orphan percona-xtrabackup orphan 4 weeks ago perl-Filesys-SmbClient orphan 3 weeks ago phat orphan 5 weeks ago php-onelogin-php-saml orphan 1 weeks ago phpPgAdmin devrim, hhorak, jmlich, 5 weeks ago orphan, praiskup pidgin-musictracker orphan 1 weeks ago plexus-bsh-factory mizdebsk, orphan 1 weeks ago postgresql-dbi-link devrim, orphan 5 weeks ago postgresql-pgpoolAdmin devrim, jmlich, orphan 5 weeks ago postgresql_autodoc devrim, orphan 5 weeks ago publican-jboss orphan 1 weeks ago pwmd orphan 1 weeks ago python-bashate apevec, openstack-sig, orphan 1 weeks ago python-django-post_office orphan 1 weeks ago python-hug orphan 1 weeks ago python-poppler-qt4 orphan 1 weeks ago randomizedtesting orphan 5 weeks ago reactfx orphan 1 weeks ago repmgr orphan 1 weeks ago rescu orphan 1 weeks ago rfdump orphan 1 weeks ago rigsofrods orphan 1 weeks ago rsyntaxtextarea orphan 1 weeks ago rubygem-aws-sdk-core orphan 1 weeks ago rubygem-memfs orphan 1 weeks ago rubygem-mixlib-log orphan 1 weeks ago rubygem-rack-attack orphan 1 weeks ago rubygem-ruby2ruby orphan 1 weeks ago rubygem-yell orphan 1 weeks ago saoimage mmahut, orphan 1 weeks ago scilab orphan 1 weeks ago scrot orphan 1 weeks ago si-units brolley, mgoodwin, nathans, 1 weeks ago orphan simple-xml orphan 3 weeks ago snapraid orphan 1 weeks ago soundtracker eeickmeyer, jcapik, ndim, 0 weeks ago orphan spatialite-gui orphan 1 weeks ago sscep orphan 1 weeks ago sslext jjelen, orphan 1 weeks ago stream-lib lef, orphan 1 weeks ago struts jjelen, orphan 1 weeks ago svnkit dbhole, jfilak, orphan 1 weeks ago telepathy-rakia orphan 1 weeks ago termy-qt orphan 1 weeks ago the_silver_searcher orphan 1 weeks ago tomahawk comzeradd, kde-sig, magnu5, 1 weeks ago orphan tuxanci orphan 1 weeks ago typesafe-config gil, orphan 1 weeks ago ubertooth orphan 1 weeks ago uom-lib brolley, mgoodwin, nathans, 1 weeks ago orphan uom-se brolley, mgoodwin, nathans, 1 weeks ago orphan uom-systems brolley, mgoodwin, nathans, 1 weeks ago orphan utop orphan 1 weeks ago velocity-tools jjelen, lef, orphan 1 weeks ago waypipe orphan 1 weeks ago wlc fale, ignatenkobrain, orphan, 1 weeks ago zvetlik wmmon orphan 1 weeks ago wpewebkit orphan 1 weeks ago xneur orphan 1 weeks ago The following packages require above mentioned packages: Report too long, see the full version at https://churchyard.fedorapeople.org/orphans-2020-04-14.txt (grep it for your username and follow the dependency chain) Affected (co)maintainers (either directly or via packages' dependencies): agerstmayr: si-units, parfait, uom-se, uom-systems, guava20, uom-lib akurtakov: eclipse-photran, simple-xml, randomizedtesting, batik alexl: GConf2, keybinder3 alt-gtk-de-sig: keybinder3 amdunn: emacs-mmm amukunda: GConf2 anaconda-maint: lldpad, fcoe-utils, keybinder3 andreamanzi: fts ankursinha: orangefs antiaircraft: GConf2 aperezbios: GConf2 apevec: python-bashate arobinso: eclipse-mylyn, randomizedtesting, svnkit, batik, guava20, eclipse-subclipse, simple-xml athmane: afpfs-ng athoscr: rubygem-memfs atim: keybinder3 awjb: libopensync-plugin-gnokii awood: GConf2 bagnara: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path bcl: GConf2 besser82: GConf2, keybinder3 bkearney: GConf2 bowlofeggs: nodejs-pkg-up, nodejs-load-grunt-tasks, guava20, nodejs-find-up, nodejs-locate-path brandfbb: jruby brendt: imageinfo brolley: uom-se, uom-systems, si-units, uom-lib bruno: GConf2 buc: GConf2 caillon: GConf2, keybinder3 caolanm: classloader-leak-test-framework, GConf2, keybinder3 catanzaro: jruby cfeist: jruby, batik cheese: GConf2 cheeselee: GConf2, keybinder3 churchyard: laszip, liblas cicku: GConf2, keybinder3, orangefs clalance: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path clumens: GConf2, batik company: GConf2 comzeradd: tomahawk corsepiu: orangefs cosimoc: GConf2 cquad: struts, velocity-tools, classloader-leak-test-framework, jaxb2-maven-plugin, geronimo-jcdi-1.0-api, apache-commons-jci, bval, openjpa, sslext, geronimo-jcache, apache-commons-jcs, jboss-jsf-2.2-api csnyder: GConf2 cwickert: GConf2, keybinder3 dajt: coriander davidsch: orangefs dbhole: svnkit, randomizedtesting, batik, GConf2, simple-xml dcantrell: GConf2 dchen: simple-xml, randomizedtesting decathorpe: jruby defolos: GConf2 deji: GConf2, orangefs delete: GConf2 denis: GConf2 denisarnaud: orangefs, jruby devrim: postgresql-dbi-link, liblas, postgresql-pgpoolAdmin, postgresql_autodoc, laszip, phpPgAdmin diehlpk: orangefs dignan: GConf2 dledford: orangefs dmaphy: GConf2, keybinder3 dmlb2000: orangefs dodji: orangefs domcleal: jruby drago01: jruby dridi: GConf2 dsd: GConf2 dshea: GConf2 dtardon: classloader-leak-test-framework dvratil: telepathy-rakia, GConf2 dwalluck: mx4j ebaron: simple-xml, randomizedtesting, batik eclipse-sig: eclipse-ptp, eclipse-remote, eclipse-mylyn, eclipse-m2e-core, randomizedtesting, batik, eclipse-photran, eclipse-webtools, eclipse-testng, guava20, svnkit, eclipse-subclipse, eclipse-egit-github, simple-xml eclipseo: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, keybinder3, nodejs-locate-path eeickmeyer: GConf2, soundtracker elanthis: GConf2 ellert: nodejs-pkg-up, nodejs-load-grunt-tasks, guava20, nodejs-find-up, nodejs-locate-path ellio167: orangefs elsupergomez: GConf2 elxreno: rsyntaxtextarea, batik epienbro: GConf2 erack: classloader-leak-test-framework, jruby erikos: GConf2 fab: GConf2 fale: wlc fche: orangefs fkluknav: GConf2 fmuellner: GConf2 fnux: nodejs-historic-readline, insect frantisekz: jruby frixxon: apanov-edrip-fonts galileo: nodejs-source-map-support, eclipse-m2e-core, eclipse-webtools, nodejs-tern-cordovajs, guava20 gchamoul: jruby gecko-maint: GConf2 giallu: GConf2, avr-gdb gil: typesafe-config, antlr4 gnome-sig: GConf2, keybinder3, jruby greghellings: GConf2 hadess: GConf2 hannes: orangefs hguemar: GConf2, libvtemm hhorak: classloader-leak-test-framework, guava20, cassandra-java-driver, phpPgAdmin, GConf2, metrics-reporter-config hobbes1069: orangefs honzaf: batik humaton: jruby huwang: maven-stage-plugin idevat: jruby, batik ignatenkobrain: orangefs, wlc immanetize: percona-xtrabackup isimluk: GConf2 itamarjp: nodejs-pkg-up, nodejs-load-grunt-tasks, orangefs, nodejs-find-up, nodejs-locate-path, GConf2, jruby iucar: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path jakub: orangefs jamielinux: nodejs-q-io, docco, nodejs-json-parse-helpfulerror, nodejs-highlight-js, nodejs-jasmine-growl-reporter, nodejs-source-map-support, nodejs-watchit, nodejs-q, guava20, nodejs-winston, jruby, nodejs-revalidator, nodejs-snockets, nodejs-collections, nodejs-url2, nodejs-esprima jankratochvil: GConf2 jaruga: nodejs-source-map-support, jruby jcapik: maven-release, soundtracker jcerny: lldpad, GConf2, fcoe-utils, keybinder3 jchaloup: orangefs jcline: biboumi jcpunk: GConf2, keybinder3 jdunn: rubygem-mixlib-log, jruby jeffreyness: percona-xtrabackup jenslody: GConf2 jerboaa: avalon-framework, simple-xml, randomizedtesting, batik jfearn: batik jfilak: svnkit jgrulich: telepathy-rakia, GConf2 jgu: nodejs-pkg-up, nodejs-load-grunt-tasks, orangefs, nodejs-find-up, nodejs-locate-path, GConf2 jhladky: orangefs jjames: nodejs-pkg-up, nodejs-load-grunt-tasks, maven-release, nodejs-find-up, nodejs-locate-path jjanco: classloader-leak-test-framework, guava20, cassandra-java-driver jjelen: struts, velocity-tools, classloader-leak-test-framework, jaxb2-maven-plugin, geronimo-jcdi-1.0-api, apache-commons-jci, avalon-framework, bval, openjpa, josm, sslext, geronimo-jcache, apache-commons-jcs, jboss-jsf-2.2-api jjohnstn: eclipse-ptp, eclipse-remote, eclipse-mylyn, randomizedtesting, svnkit, batik, eclipse-photran, guava20, eclipse-subclipse, simple-xml jkastner: antlr4, orangefs jkonecny: lldpad, fcoe-utils, keybinder3 jmagne: GConf2 jmlich: classloader-leak-test-framework, postgresql-pgpoolAdmin, phpPgAdmin jngrad: orangefs johnp: GConf2, keybinder3 jplesnik: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path, GConf2 jpokorny: batik jreznik: telepathy-rakia jskarvad: GConf2, orangefs jsmith: nodejs-commonmark, nodejs-defence, nodejs-pkg-dir, nodejs-ret, nodejs-expect, guava20, nodejs-lcov-parse, nodejs-make-dir, nodejs-source-map-support, nodejs-replace-ext, nodejs-esprima-fb, nodejs-q, nodejs-is-error, nodejs-locate-path, nodejs-write, nodejs-flat-cache, nodejs-delete, nodejs-del, nodejs-find-up, nodejs-read-json-sync, nodejs-jasmine-growl-reporter, nodejs-object-dot-pick, nodejs-esprima jspaleta: orangefs jstribny: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path, jruby jsynacek: GConf2 jujens: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path junghans: orangefs jussilehtola: orangefs jvanek: randomizedtesting, batik, rsyntaxtextarea, GConf2, simple-xml, jruby jwakely: orangefs kalev: GConf2 kanarip: jruby kasong: lldpad, fcoe-utils, keybinder3 kdaniel: eclipse-ptp, eclipse-remote, eclipse-mylyn, randomizedtesting, svnkit, eclipse-photran, guava20, eclipse-subclipse, simple-xml kde-sig: tomahawk, GConf2 kengert: GConf2 kevin: GConf2, keybinder3 kmilos: GConf2 konradm: orangefs korkeala: maven-release krege: orangefs kwenning: batik kwizart: jruby lalatendu: jruby laxathom: GConf2, jruby lef: stream-lib, struts, velocity-tools, classloader-leak-test-framework, jaxb2-maven-plugin, geronimo-jcdi-1.0-api, randomizedtesting, apache-commons-jci, batik, openjpa, bval, antlr4, sslext, geronimo-jcache, jboss-jsf-2.2-api, castor, simple-xml, jruby leigh123linux: GConf2, keybinder3 lennart: GConf2 liangsuilong: GConf2, keybinder3 limb: GConf2, ggz-gtk-client lkundrak: GConf2, orangefs lon: batik loveshack: orangefs lucilanga: GConf2 lzap: jruby m4rtink: lldpad, fcoe-utils, keybinder3 magnu5: tomahawk maha: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path marcindulak: orangefs mattrose: keybinder3 matyc: lldpad, GConf2, fcoe-utils, keybinder3 maxamillion: keybinder3 mbaldessari: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path mbarnes: GConf2, keybinder3 mbooth: guava20, simple-xml, randomizedtesting, batik mck182: telepathy-rakia mclasen: GConf2, keybinder3 mcrha: GConf2 mdbooth: jruby mef: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path mgoodwin: si-units, parfait, uom-se, uom-systems, guava20, uom-lib michich: orangefs mikedep333: keybinder3 mizdebsk: nodejs-pkg-up, apache-commons-email, nodejs-load-grunt-tasks, apache-commons-dbutils, eclipse-m2e-core, plexus-bsh-factory, batik, eclipse-webtools, avalon-framework, jetty-toolchain, antlr4, guava20, maven-injection-plugin, maven-mapping, nodejs-find-up, nodejs-locate-path, jetty-parent, jetty-build-support mjakubicek: orangefs mjia: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path mjw: orangefs mkasik: keybinder3 mlisik: jruby, batik mmagr: jruby mmahut: GConf2, saoimage mmorsi: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path, jruby moezroy: GConf2 mpreisle: lldpad, GConf2, fcoe-utils, keybinder3 mrceresa: orangefs msekleta: GConf2 msimacek: nodejs-pkg-up, nodejs-load-grunt-tasks, randomizedtesting, nodejs-find-up, nodejs-locate-path, simple-xml mso: jruby msrb: jruby mtasaka: GConf2, keybinder3, jruby mycae: orangefs mystro256: GConf2 nathans: si-units, parfait, uom-se, uom-systems, guava20, uom-lib ndim: soundtracker neuro-sig: maven-release, orangefs nodejs-sig: docco, nodejs-redent, nodejs-commonmark, nodejs-defence, nodejs-pkg-up, nodejs-htmlparser2, nodejs-pkg-dir, nodejs-underscore-dot-logger, nodejs-expect, nodejs-css-select, nodejs-ret, nodejs-i, guava20, nodejs-only-shallow, nodejs-revalidator, nodejs-snockets, nodejs-lcov-parse, nodejs-netmask, nodejs-vasync, nodejs-highlight-js, nodejs-load-grunt-tasks, nodejs-source-map-support, nodejs-find-cache-dir, nodejs-replace-ext, nodejs-esprima-fb, nodejs-qunit-extras, nodejs-q, nodejs-bunyan, nodejs-locate-path, nodejs-grunt-lib-contrib, nodejs-grunt-contrib-clean, nodejs-write, nodejs-object-dot-entries, nodejs-cjson, nodejs-flat-cache, nodejs-delete, nodejs-del, nodejs-winston, nodejs-find-up, nodejs-connect, nodejs-collections, nodejs-is-arrow-function, nodejs-csscomb-core, nodejs-q-io, nodejs-grunt-contrib-csslint, nodejs-json-parse-helpfulerror, nodejs-grunt-init, nodejs-to-absolute-glob, nodejs-read-json-sync, nodejs-esprima-harmony-jscs, nodejs-jasmine-growl-reporter, nodejs-ltx, nodejs-csslint, nodejs-watchit, nodejs-tern-cordovajs, jruby, nodejs-url2, nodejs-convert-source-map, nodejs-esprima nonamedotc: GConf2, keybinder3 nosnilmot: GConf2 nphilipp: GConf2 nushio: GConf2 obnox: jruby odubaj: classloader-leak-test-framework ohaessler: GConf2, keybinder3 oliver: simple-xml, randomizedtesting, batik omajid: GConf2 omular: jruby, batik openstack-sig: python-bashate orion: orangefs patches: docco, nodejs-underscore-dot-logger, nodejs-pkg-up, nodejs-i, guava20, nodejs-revalidator, nodejs-highlight-js, nodejs-load-grunt-tasks, nodejs-source-map-support, nodejs-q, nodejs-locate-path, nodejs-grunt-lib-contrib, nodejs-grunt-contrib-clean, nodejs-esprima, nodejs-winston, nodejs-find-up, rsyntaxtextarea, nodejs-connect, nodejs-collections, nodejs-q-io, nodejs-json-parse-helpfulerror, nodejs-grunt-init, nodejs-jasmine-growl-reporter, nodejs-ltx, batik, nodejs-watchit, jruby, nodejs-url2, nodejs-snockets patrikopravil: jruby pbrobinson: GConf2, jruby pcahyna: GConf2 pcpa: orangefs pfrields: GConf2 pgordon: GConf2 phracek: GConf2 pingou: GConf2, keybinder3 piotrp: nodejs-json-parse-helpfulerror, nodejs-grunt-init, nodejs-jasmine-growl-reporter, nodejs-source-map-support, nodejs-winston, nodejs-q, nodejs-revalidator, nodejs-esprima pkajaba: classloader-leak-test-framework pkfed: orangefs pmikova: rsyntaxtextarea ppisar: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path, GConf2 praiskup: nodejs-esprima, classloader-leak-test-framework, GConf2, phpPgAdmin ptoscano: jruby pvalena: jruby pvrabec: GConf2 pwalter: ggz-gtk-client pwouters: GConf2 pwu: keybinder3 python-sig: nodejs-pkg-up, nodejs-load-grunt-tasks, orangefs, nodejs-find-up, nodejs-locate-path qulogic: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path radekmanak: rsyntaxtextarea rakesh: GConf2, orangefs ralph: hovercraft raphgro: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path rathann: nodejs-pkg-up, nodejs-load-grunt-tasks, orangefs, nodejs-find-up, keybinder3, nodejs-locate-path, apbs, jruby rdieter: telepathy-rakia, GConf2 rebus: afpfs-ng renich: gtick, keybinder3 rgrunber: eclipse-mylyn, randomizedtesting, svnkit, batik, guava20, eclipse-subclipse, simple-xml rhughes: GConf2, keybinder3 rjones: jruby rlandmann: batik rmattes: GConf2 robert: GConf2 robyduck: keybinder3 rombobeorn: GConf2 rstrode: GConf2, keybinder3 ruby-packagers-sig: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path, jruby rvokal: GConf2 rvykydal: lldpad, fcoe-utils, keybinder3 sagitter: GConf2, nodejs-pkg-up, nodejs-load-grunt-tasks, orangefs, nodejs-find-up, nodejs-locate-path, apbs sandeen: GConf2 sbergmann: classloader-leak-test-framework sbueno: lldpad, fcoe-utils, keybinder3 scitech_sig: orangefs sergiomb: nodejs-pkg-up, apbs, nodejs-load-grunt-tasks, batik, guava20, nodejs-find-up, nodejs-locate-path, GConf2 sharkcz: GConf2 shlomif: the_silver_searcher skottler: jruby skytux: musique slankes: GConf2, libacpi smani: orangefs smoitra: jruby snirkel: GConf2 spot: GConf2, orangefs sseago: jruby ssp: GConf2, keybinder3 stahnma: jruby stefw: lldpad, fcoe-utils, keybinder3 steve: GConf2 stevetraylen: jruby stransky: GConf2 survient: percona-xtrabackup swt2c: GConf2 tagoh: keybinder3 tc01: nodejs-winston, guava20 tdawson: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path, jruby terjeros: GConf2, jruby, batik thm: GConf2 thofmann: GConf2 thozza: rsyntaxtextarea, batik tibbs: GConf2 timfenn: libccp4 timn: GConf2 tojeline: jruby, batik tomh: docco, nodejs-highlight-js, nodejs-jasmine-growl-reporter, nodejs-watchit, nodejs-q, guava20, nodejs-winston, nodejs-revalidator, nodejs-connect, nodejs-esprima tomspur: orangefs tonet666p: keybinder3 tpokorra: GConf2 tpopela: GConf2, jruby trondd: avr-gdb tstellar: hcc tuxbrewr: GConf2 ueno: GConf2 valtri: rubygem-aws-sdk-core, jruby vascom: rsyntaxtextarea, batik vjancik: nodejs-tern-cordovajs, nodejs-source-map-support vondruch: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path, jruby vpodzime: lldpad, fcoe-utils, keybinder3 vponcova: lldpad, fcoe-utils, keybinder3 walters: GConf2 wottop: GConf2 wsato: GConf2 wtaymans: GConf2 wwoods: GConf2 xavierb: nodejs-pkg-up, nodejs-load-grunt-tasks, nodejs-find-up, nodejs-locate-path, nodejs-grunt-contrib-clean xhorak: GConf2 yselkowitz: GConf2 zbyszek: nodejs-pkg-up, nodejs-load-grunt-tasks, orangefs, maven-release, guava20, nodejs-find-up, nodejs-locate-path zsun: keybinder3 zvetlik: nodejs-source-map-support, wlc -- The script creating this output is run and developed by Fedora Release Engineering. Please report issues at its pagure instance: https://pagure.io/releng/ The sources of this script can be found at: https://pagure.io/releng/blob/master/f/scripts/find_unblocked_orphans.py

1 0

Call for testers for rpmautospec in staging
by Pierre-Yves Chibon 09 Apr '20

09 Apr '20

Good Morning Everyone, You may remember that Nils, Adam and pingou have been investigating what it would take to get rid of maintaining the changelog and release fields manually in our spec files (but still have them in the produced RPMs). We have already discussed the idea in a few threads: - https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org… announced the original idea - https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org… presented some of the possible approaches to do this The result of these discussions and our investigations is `rpmautospec` As its documentation says: `rpmautospec` is a program and library used to automatically generate the release and changelog fields in RPM spec files opting to use it. `rpmautospec` is currently a proof of concept, we have deployed it in staging and with this email we would like to invite you to test it there. We have written some documentation on how `rpmautospec` works and how you can opt in at: https://docs.pagure.org/Fedora-Infra.rpmautospec/ To interact with staging you will need: - to use `stg-koji` instead of `koji` - to use `fedpkg-stage` instead of `fedpkg` (``dnf install fedpkg-stage``) - to kinit against `STG.FEDORAPROJECT.ORG` - to test with rawhide as rpmautospec is only available there in staging at this point To remove some of the warnings thrown by `fedpkg` or to simply keep `rpmbuild` working locally, you will have to install the `rpmautospec-rpm-macros` package available in your nearest bodhi (it's still hot from the oven at the time of writing this email so it hasn't made it yet to updates-testing). Note, this task was very much time-bound for us and we reached this limit, so this is not something that we will be heavily working on in the coming 3 months. However, if there are sufficient people testing this in staging, providing feedback or contributing to it, we may (depending on that feedback) look at pushing this project forward later in the year. Finally, while we've tried to be careful, we're sure that we've missed some use cases and that this software isn't bug free, so please bear with us if some of its edges are rough and report your issues/RFEs at: https://pagure.io/Fedora-Infra/rpmautospec/ Thanks in advance for your help and feedback, Adam, Nils and Pierre PS: - F32 update: https://bodhi.fedoraproject.org/updates/FEDORA-2020-7f41380eb9 - F31 update: https://bodhi.fedoraproject.org/updates/FEDORA-2020-3ee46bf2cd - F30 update: https://bodhi.fedoraproject.org/updates/FEDORA-2020-081a876918

1 0

Fedora 33 System-Wide Change proposal: Perl 5.32
by Ben Cotton 08 Apr '20

08 Apr '20

https://fedoraproject.org/wiki/Changes/perl5.32 == Summary == A new ''perl 5.32'' version brings a lot of changes done over a year of development. Perl 5.32 will be released in May 2020. See [https://metacpan.org/pod/release/XSAWYERX/perl-5.31.10/pod/perldelta.pod 5.31.10 perldelta] for more details about preparing release. == Owner == * Name: [[User:Jplesnik| Jitka Plesníková]] * Email: <jplesnik(a)redhat.com> * Name: [[User:Ppisar| Petr Písař]] * Email: <ppisar(a)redhat.com> === Completed Items === === Items in Progress === === Items to Be Done === * Upstream to release Perl 5.32 * Get dedicated build-root  * Define perl_bootstrap in perl-srpm-macros * Rebase perl to 5.32.0  * Rebuild dual-lived packages (otherwise dnf recommends --skip-broken and fails) * Rebuild packages needed for minimal build-root * Rebuild packages needed for building source packages from git repository * Rebuild other packages: Use Fedora::Rebuild dependency solver  * Undefine perl_bootstrap * Rebuild packages having perl_bootstrap condition in spec file * Rebuild all updated packages * [https://jplesnik.fedorapeople.org/5.32/ Final lists of results] * Merge dedicated build-root to rawhide and remove the dedicated one by rel-engs * Synchronize packages upgraded in ''f33'' build root * Rebuilt Perl packages: 0 of 3182 done (0.00%) * Failed builds (0): == Detailed Description == New perl is released every year and updates containing mainly bug fixes follow during the year. The 5.32.0 version is stable release this year. == Benefit to Fedora == Up-to-date and latest perl release will be delivered to Fedora users. == Scope == Every Perl package will be rebuilt in a dedicated ''f33-perl'' build-root against perl 5.32.0 and then if no major problem emerges the packages will be merged back to ''f33'' build-root. * Proposal owners: New perl and all packages requiring perl or a Perl module will be rebuilt into ''f33-perl'' build-root. * Other developers: Owners of packages that fail to rebuild, mainly perl-sig users, will be asked using Bugzilla to fix or remove their packages from the distribution. * Release engineering: [https://pagure.io/releng/issue/9387 #9387] Release engineers will be asked for new ''f33-perl'' build-root inheriting from ''f33'' build-root. After successful finishing the rebuild, they will be asked to merge ''f33-perl'' packages back to ''f33'' build-root. * Policies and guidelines: No policies have to be modified to complete this change. == Upgrade/compatibility impact == Vast majority of functionality will be preserved. Only the packages that failed to build against perl 5.30 will be removed from the distribution. That will require to remove those packages from existing systems otherwise package manager will encounter unsatisfied dependencies. == How To Test == Try upgrading from Fedora 32 to 33. Try some Perl application to verify they work as expected. Try embedded perl in slapd or snmpd. == User Experience == There should not be any remarkable change in user experience. With the exception that previously locally installed modules with a CPAN clients will need a reinstalation. == Dependencies == There is more than 3100 packages depending on perl. Most of them are expected not to break. Finishing this change can be endangered only by critical changes in a toolchain. == Contingency Plan == If we find perl 5.32 is not suitable for Fedora 33, we will revert back to perl 5.30 and we drop the temporary build-root with already rebuilt packages. * Contingency deadline: branching Fedora 33 from Rawhide. * Blocks release? No. == Documentation == * perldelta * An announcement on the perl-devel mailing list * An announcement on fedora-devel mailing list == Release Notes == * TBD - when release candidate appears -- Ben Cotton He / Him / His Senior Program Manager, Fedora & CentOS Stream Red Hat TZ=America/Indiana/Indianapolis

1 0

Fedora 33 System-Wide Change proposal: OpenSSL 3.0
by Ben Cotton 07 Apr '20

07 Apr '20

https://fedoraproject.org/wiki/Changes/OpenSSL3.0 == Summary == The OpenSSL package is rebased to version 3.0 and the dependent packages are rebuilt. == Owner == * Name: [[User:Tmraz| Tomáš Mráz]] * Email: <tmraz(a)redhat.com> == Detailed Description == The OpenSSL 3.0 release is going to be a significantly new release with changed ABI however with minimal API changes. That means most of the dependent packages will need just a rebuild to work with the new OpenSSL package. However (at least temporarily) a compat-openssl11 package will be provided along the base package so the operation of the Rawhide is not disrupted. The OpenSSL 3.0 is still in development now but a first beta release should be done in June. After that time the work on the rebase will start and it should be possible to finish it still with a beta releases. Later releases up to the final one should not be disruptive and they should not break API/ABI. == Benefit to Fedora == This change introduces OpenSSL 3.0 with its significantly reworked internals which allow for better replacement of the crypto implementations via the [https://www.openssl.org/docs/OpenSSL300Design.html Crypto Providers] concept. == Scope == * Proposal owners: Provide a compat-openssl11 package, identify dependent packages, provide the rebased openssl package, work with dependent package owners on rebuilds. * Other developers: Dependent package owners rebuild their packages. Most of the dependencies will not require code changes but for some more fragile dependencies (mostly language bindings) there might be changes needed especially in the test cases which depend on some legacy behavior. * Release engineering: [https://pagure.io/releng/issues #Releng issue number] If compat package is provided a mass rebuild should not be necessary. * Policies and guidelines: No update of packaging guidelines or other policies should be needed. * Trademark approval: N/A (not needed for this Change) == Upgrade/compatibility impact == If compat-openssl11 package is provided there should be no issues with upgrades. == How To Test == If your application uses OpenSSL to communicate via TLS or perform other tasks that use cryptographic algorithms from OpenSSL, please test whether it continues to work properly. This should be covered by the comprehensive upstream testsuite of OpenSSL. However many dependent packages also provide good test coverage of OpenSSL functionality. == User Experience == There should be no impact on end-user experience. == Dependencies == There are many packages which depend on libssl or libcrypto from OpenSSL. Most of them should just work after rebuild with the new openssl package. However it is also not critically needed to rebuild everything at once if compat library compat-openssl11 package is provided. == Contingency Plan == If the openssl-3.0 is too unstable before the branching point of Fedora 33 we will not update the package and delay the change to Fedora 34. If the openssl is already updated but it is found out to be too unstable later we can revert to previous version however a rebuild of all dependencies that were already rebuilt will be needed. * Contingency mechanism: Revert package, rebuild updated dependencies. * Contingency deadline: Before release * Blocks release? No * Blocks product? No == Documentation == [https://www.openssl.org/docs/OpenSSL300Design.html OpenSSL 3.0 upstream design document] [https://www.openssl.org/policies/releasestrat.html OpenSSL 3.0 release schedule] == Release Notes == Fedora 33 comes with OpenSSL 3.0 as the primary OpenSSL package. It brings support for Crypto Providers interface. -- Ben Cotton He / Him / His Senior Program Manager, Fedora & CentOS Stream Red Hat TZ=America/Indiana/Indianapolis

1 0

Fedora 33 System-Wide Change Proposal: ELN Buildroot and Compose V4
by Stephen Gallagher 07 Apr '20

07 Apr '20

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I've just published a fourth version[1] of the ELN proposal. With a lot of input from Miro Hrončok, I think I've finally been able to clarify some of the points that we were getting hung up on. Changes in this version of the proposal[2]: * Improve our explanation of why we are doing ELN in the first place * Clarify the relationship with Rawhide * Better describe what happens if packages don't build on ELN * Explain our plan for when to use conditionals (this was getting a larger share of the conversation than it warranted because we didn't do a good job of explaining that they should be the exception and not the rule) * Clarify that the time limit on PRs is only for determining if the maintainer is responsive. If they reply, the timer is cleared. * Fixed the question about upstream features to make it clear that what we meant is that new features should go upstream first, not be implemented as a fork in ELN * Added a section explaining how we will deal with side-tags * Make it clear that we don't want to diverge wherever possible and that any planned divergence should be discussed with the ELN SIG ahead of time * Cleaned up the contingency plan section. I hope that these changes will make our position more clear. Thank you to everyone who has contributed to this discussion. I think the feedback has been very valuable and I sincerely appreciate it. [1] https://fedoraproject.org/wiki/Changes/ELN_Buildroot_and_Compose [2] https://fedoraproject.org/w/index.php?title=Changes%2FELN_Buildroot_and_Com… -----BEGIN PGP SIGNATURE----- iQGzBAEBCAAdFiEEhQqd0dvyrMxvxJSRRduFpWgobREFAl6LpNgACgkQRduFpWgo bRH4MAwAu1INM0mplL1yQiW2DMS148VubU5DkxRbaE3biZTvw5WzzbpxwpXr+nFp eZf7IUyn5HCdtCAk1TQ4ga/TuV5VsaEEZ+a9p8PZfs4XTEMGpB7olP0Z8Jq1PWwn EM6+4BAUWJ4JS7Q1+/CnEkUHA+1ZVeAzeb5bfSlcae2Vgx6evQMB4rEqAXdr16Qk 3Hi082+4SutmBv67cRA/JdRZmvUaHYtS4y5DrWAXOS23k8SHUCT/2O2f7NRPAoG/ f+04nG5JyUePY64pnVtDnsVMwETWiNSSs4V1dbKYe9Fj5H/jbvKIsvo8AWxw4BAq rXCSIB3wMf08eM2KTaLvk0x+cz2BiSEZEDVdceffVXMwnUZulu/oeYDKdQg9OoHW IQJbMoASgxRUXH1ZiMy8Q3SgQHvcu/YLmjS+djlVakLunhW7NfQjZB7txMyDi0PY Hwn32C1kXnaoBJds4zB4QpWiJy5wI82CRL92Zvz0kiRPiO9TMCuj+t5kLZVmVTnI 8ShPIeos =+lwN -----END PGP SIGNATURE-----

1 1

Fedora 33 Self-Contained Change proposal: Network Time Security
by Ben Cotton 06 Apr '20

06 Apr '20

https://fedoraproject.org/wiki/Changes/NetworkTimeSecurity == Summary == Support for the Network Time Security (NTS) authentication mechanism in the NTP client/server (chrony) and installer (anaconda). == Owner == * Name: [[User:mlichvar| Miroslav Lichvar]], [[User:mkolman| Martin Kolman]] * Email: mlichvar(a)redhat.com, mkolman(a)redhat.com == Detailed Description == NTP is a widely used protocol for synchronization of clocks over network. Authentication of NTP packets is important to prevent a Man-in-the-middle (MITM) attacker from taking full control over the client's clock (e.g. force it to jump to a distant future or past). Several different authentication mechanisms have been specified for NTP. The oldest and simplest one uses secret keys, where each client has its own key which needs to be securely distributed to the server and client. This means it is mostly limited to local networks. Autokey is a newer mechanism based on public-key cryptography, but it was shown to be insecure and it is rarely supported on public servers. NTS is a new authentication mechanism [https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp specified by the IETF] for NTP. NTS has an NTS-KE protocol using Transport Layer Security (TLS) to establish the keys and provide the client with cookies which allow the NTP server to not keep any client-specific state. NTP packets are authenticated using Authenticated Encryption with Associated Data (AEAD). NTS is expected to scale well to a large numbers of clients. There are already some public NTP servers with NTS support. The default NTP client and server on Fedora is `chrony`. Support for NTS is added in version 4.0. It uses the GnuTLS library for TLS and the Nettle library for AEAD. NTS authentication can be enabled on the client by adding the `nts` option to the `server` or `pool` directive in ''/etc/chrony.conf''. Until a standard port is assigned for NTS by IANA, the port may need to be specified with the `ntsport` option. For example ` server time.example.com iburst nts ntsport 12123 ` When using NTS-enabled NTP sources, any NTP source that is not trusted and reachable over a trusted network should be disabled. This includes servers provided by DHCP. They should be disabled by adding `PEERNTP=no` to ''/etc/sysconfig/network''. We can consider changing the default ''/etc/chrony.conf'' to use some trusted public NTP servers with NTS support. There are public servers provided by [https://www.cloudflare.com/time/ Cloudflare] and [https://www.netnod.se/time-and-frequency/how-to-use-nts Netnod]. Both would be ok with Fedora using their servers by default (after some testing and coordination). There is also a possibility that pool.ntp.org will support NTS, although it is not very clear how useful would NTS be in this case as the servers are owned by individual contributors instead of a single trusted entity and attackers can easily join the pool (some mitigations have been proposed on the pool mailing list). Potential issues with enabling NTS by default: * Firewalls may block the NTS-KE port. * ISPs may block or rate limit longer NTP packets as a mitigation for amplification attacks using NTP mode 6 and 7. NTS-KE supports port negotiation and an alternative port could be used to avoid this issue. * Computers with no RTC (e.g. some ARM boards), or RTC that is too far from the real time, will fail to verify TLS certificates. An option could be added to disable the time checks before the first update of the clock. This would have an impact on security. == Benefit to Fedora == This change enables Fedora users to securely synchronize the system clock to local or public NTP servers. TBD: This change also makes the default configuration of the NTP client secure. == Scope == * Proposal owners: # Update `chrony` to 4.0 and enable the NTS support (adding dependency on GnuTLS) # TBD: Modify the default ''/etc/chrony.conf'' to use public servers with NTS support # Add an NTS option to the NTP settings in anaconda * Other developers: N/A (not a System Wide Change) * Release engineering: N/A (not needed for this Change) * Policies and guidelines: N/A (not a System Wide Change) * Trademark approval: N/A (not needed for this Change) == Upgrade/compatibility impact == Fedora systems updated from a previous version will use the new ''/etc/chrony.conf'' automatically if the installed file was not modified. If it was modified, the users will need to update the file manually or rename ''/etc/chrony.conf.rpmnew'' to ''/etc/chrony.conf'' in order to enable NTS. == How To Test == If the default configuration is modified for this Change, it needs to be tested that it works correctly on most systems where the previous default configuration using pool.ntp.org servers worked. The installer needs to be tested that it enables NTS in ''/etc/chrony.conf'' as expected and that it adds `PEERNTP=no` to ''/etc/sysconfig/network''. The `chronyc -N sources` command can be used to verify that NTP sources are responding. The `chronyc ntpdata` command can be used to verify that the NTP sources are authenticated. For example: # chronyc -N sources MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* time.cloudflare.com 3 6 377 28 -115us[ -111us] +/- 13ms ^+ nts.ntp.se 2 6 377 27 +212us[ +212us] +/- 22ms # chronyc ntpdata | grep Auth Authenticated : Yes Authenticated : Yes == User Experience == Client NTS can be enabled in the NTP settings in the installer. Client and server NTS can be enabled by editing ''/etc/chrony.conf'' as documented in the `chrony.conf` man page. == Dependencies == N/A (not a System Wide Change) == Contingency Plan == * Contingency mechanism: N/A (not a System Wide Change) * Contingency deadline: N/A (not a System Wide Change) * Blocks release? N/A (not a System Wide Change) * Blocks product? == Documentation == N/A (not a System Wide Change) == Release Notes == TBD -- Ben Cotton He / Him / His Senior Program Manager, Fedora & CentOS Stream Red Hat TZ=America/Indiana/Indianapolis

1 0

Fedora 32 Final Freeze
by Mohan Boddu 06 Apr '20

06 Apr '20

Hi all, Tomorrow, April 7th 2020, is an important day on the Fedora 32 schedule [1], with significant cut-offs. Tomorrow we have the Final Freeze [2] which starts at 14:00 UTC. This means that only packages which fix accepted blocker or freeze exception bugs [3][4][5] will be marked as 'stable' and included in the Final composes. Other builds will remain in updates-testing until the Final release is approved, at which point the Final freeze is lifted and packages can move to the 'updates' repository, pending updates will be pushed before final release as zero day updates. [1] https://fedorapeople.org/groups/schedule/f-32/f-32-key-tasks.html [2] https://fedoraproject.org/wiki/Milestone_freezes [3] https://fedoraproject.org/wiki/QA:SOP_blocker_bug_process [4] https://fedoraproject.org/wiki/QA:SOP_freeze_exception_bug_process [5] https://qa.fedoraproject.org/blockerbugs/milestone/31/final/buglist Regards, Mohan Boddu Release Engineering

1 1

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

devel-announce April 2020