Just wanted to touch base with everyone since I didn't make the meeting Thursday. I found a new job, am in the process of relocating to Chicago and am finishing up the semester, so time is short, but once I get moved things should quickly settle into a routine and I'll be able to more regularly contribute. sart -----Original Message----- From: infrastructure-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:infrastructure-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of infrastructure-request@xxxxxxxxxxxxxxxxxxxxxxx Sent: Saturday, February 15, 2014 6:00 AM To: infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Subject: infrastructure Digest, Vol 93, Issue 21 Send infrastructure mailing list submissions to infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To subscribe or unsubscribe via the World Wide Web, visit https://admin.fedoraproject.org/mailman/listinfo/infrastructure or, via email, send a message with subject or body 'help' to infrastructure-request@xxxxxxxxxxxxxxxxxxxxxxx You can reach the person managing the list at infrastructure-owner@xxxxxxxxxxxxxxxxxxxxxxx When replying, please edit your Subject line so it is more specific than "Re: Contents of infrastructure digest..." Today's Topics: 1. Re: Mailing-List Subscription Capta? (Michael Scherer) 2. Re: Mailing-List Subscription Capta? (Frank Murphy) 3. Re: ask.fp.o potential account hijacking with facebook oauth (Achilleas Pipinellis) 4. Re: February status update for Fedora Infrastructure Apprentices (Dan Mossor) ---------------------------------------------------------------------- Message: 1 Date: Fri, 14 Feb 2014 16:32:26 +0100 From: Michael Scherer <misc@xxxxxxxx> To: Fedora Infrastructure <infrastructure@xxxxxxxxxxxxxxxxxxxxxxx> Subject: Re: Mailing-List Subscription Capta? Message-ID: <1392391946.28162.15.camel@xxxxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset="UTF-8" Le vendredi 14 février 2014 à 07:46 +0000, Frank Murphy a écrit : > On Thu, 13 Feb 2014 23:38:56 +0100 > Michael Scherer <misc@xxxxxxxx> wrote: > > > What is the issue that would be solved by it ? > > Script subscriptions, time wasting, while I understand theses 2 > trying to find the real person. I fail to understand this one. -- Michael Scherer ------------------------------ Message: 2 Date: Fri, 14 Feb 2014 15:39:49 +0000 From: Frank Murphy <frankly3d@xxxxxxxxx> To: infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Subject: Re: Mailing-List Subscription Capta? Message-ID: <20140214153949.6bd0b259@xxxxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset=US-ASCII On Fri, 14 Feb 2014 16:32:26 +0100 Michael Scherer <misc@xxxxxxxx> wrote: > > trying to find the real person. > > I fail to understand this one. > Person applies to fas using: john@xxxxxxx applies to ml using: jd@xxxxxxxxx same person, doesn't always even use the same "Real Name" John aka Jonathan aka some other version of it. but hard to spot with the other stuff, which has to be cleared first, and hope mistake is not made. ___ Regards Frank frankly3d.com ------------------------------ Message: 3 Date: Fri, 14 Feb 2014 17:42:11 +0200 From: Achilleas Pipinellis <axilleaspi@xxxxxxxxx> To: infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Subject: Re: ask.fp.o potential account hijacking with facebook oauth Message-ID: <52FE3953.4020405@xxxxxxxxx> Content-Type: text/plain; charset=UTF-8 On 13/02/2014 08:42 μμ, Kevin Fenzi wrote: > On Sun, 09 Feb 2014 21:52:38 +0200 > Achilleas Pipinellis <axilleaspi@xxxxxxxxx> wrote: > >> Hello there! >> >> I bumped into a recent post that describes the way someone could get >> access to your account using facebook oauth. According to the >> vulnerability author: >> >>> Every website with "Connect Facebook account and log in with it" is >>> vulnerable to account hijacking. >> >> Source: >> http://homakov.blogspot.gr/2014/01/two-severe-wontfix-vulnerabilities-in.html >> >> Facebook will not fix this anytime soon. Should we disable facebook >> login until this gets resolved? > > So, we discussed this some, and it seems like a pretty complex > vulnerability. Additionally, ask isn't a particularly sensitive > application for us. > > So, we are just going to wait and see right now I think, and if it's > used against us, reevaluate. > > Thanks for bringing it up... I sure hope there's a fix at some point. > > kevin Yeap, I thought so :) I just reported it so that you know it's out there. -- FAS : axilleas GPG : 0xABF99BE5 Blog: http://axilleas.me ------------------------------ Message: 4 Date: Fri, 14 Feb 2014 14:17:00 -0600 From: Dan Mossor <dan.mossor@xxxxxxxxxxx> To: Fedora Infrastructure <infrastructure@xxxxxxxxxxxxxxxxxxxxxxx>, kevin@xxxxxxxxx Subject: Re: February status update for Fedora Infrastructure Apprentices Message-ID: <BLU0-SMTP203BE302675D4D59CC5F52A869C0@xxxxxxx> Content-Type: text/plain; charset="UTF-8"; format=flowed On 02/03/2014 12:01 PM, Kevin Fenzi wrote: > Greetings. > > You are getting this email because you are in the 'fi-apprentice' group > in the fedora account system (or are reading this on the > infrastructure list). > > When you reply, please include your fedora account system login. > > Additionally, I am CC'ing the infrastructure list. If you > would like to send your feedback there as well everyone can see and > comment on it. It's up to you. > > https://fedoraproject.org/wiki/Infrastructure_Apprentice > > At the first of every month(or so), I am going to be sending out an > email like this one. I would like feedback on how things are going for > you. > > I'd like to ask for everyone to send me a quick reply with the > following data or anything related you can think of that might help us > make the apprentice program more useful. > > 0. Whats your fedora account system login? > > 1. Have you logged in and used your fi-apprentice membership to look at > our machines/setup in the last month? Do you plan to? > > 2. Has it helped you decide any area you wish to focus on or contribute > to more? > > 3. Have you looked at or been able to work on any of the fi-apprentice > 'easyfix' tickets? > https://fedorahosted.org/fedora-infrastructure/report/14 > > 4. Do you still wish to be a member of the group? If not (for whatever > reason) could you provide any hints to help others down the road? > > 5. Is there any help or communication or ideas you have that would help > you do any of the above? > > 6. What do you find to be the hardest part of getting involved? > Finding things to work on? Getting attention from others to help you? > Finding tickets in your interest area? > > 7. Have you been able to make any weekly irc meetings? Do you find them > helpful or interesting? > > 8. What is your favorite soup? :) > > Any other general feedback is also quite welcome, including > improvements to this email, the wiki page, etc. > > Any folks I do not hear from in the next week will be removed from the > group. (Note that it's easy to be readded when you have time or > whatever and it's nothing at all personal, we just want to keep the > group up to date with active folks). > > Thanks, and looking forward to your feedback! > > kevin > > > > _______________________________________________ > infrastructure mailing list > infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/infrastructure > 0. dmossor 1. Yes, I have looked at the network configuration on the Nagios machine. 2. Not really - I just haven't given thought to it. 3. I looked at the tickets (once, admittedly) , but didn't see any in my area of expertise. 4. Yes, I do, but my time is in extremely short supply at the moment. 5. None at this time - my problems with the group are my own, not the group's. 6. Most difficult: time, or lack thereof. Next most difficult: no tickets needing my skill set. 7. I made one or two of them. 8. Garlic Potato-Leek soup at Jim's Restaurant in Bahrain. Sorry I haven't been active since I requested membership - 18 credit hours of school on top of a full time job has proven to be more difficult than I first imagined. Now that I've been able to automate a couple things at work, though, I should be able to carve out a few hours a week if you'll still have me. -- Dan Mossor Systems Engineer at Large Fedora QA Team Volunteer FAS: dmossor IRC: danofsatx San Antonio, Texas, USA ------------------------------ _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure End of infrastructure Digest, Vol 93, Issue 21 ********************************************** _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
