Kevin Fenzi | 11 Apr 22:15 2014

Fedora Infrastructure information on Openssl vulnerability (CVE-2014-0160/heartbleed)

Earlier this week there was a important vulnerability discovered in
openssl. Please see previous announcements on this list for how to
update and secure your Fedora installs. 

The vulnerability was announced late Monday afternoon, and by Monday
evening a fixed packages were available. Fedora Infrastructure folks
spent much of Monday night and Tuesday morning updating and rebooting
servers. Then, Tuesday, the last bunch of internal servers were also
updated. Our critical internet facing openssl using servers were
patched Monday evening as soon as the fixed package was available. 

We have a number of security measures always in place, none of which
have indicated any compromise of user or system data. Additionally,
access to Fedora Infrastructure systems is by ssh key only (which is
not vulnerable to this attack) and 2 factor authentication is required
for any privileged access. 

Fedora account system account holders are welcome to change their
passwords at any time (and this is a fine time while you are thinking
about it), but we will not be forcing all users to change their
passwords at this time.

We will also not be re-issuing our existing ssl certificates, we will
be replacing them as they expire. There is little proof that private
ssl keys can be compromised with this vulnerability and additionally
almost no browsers check revocation lists, so reissuing would do
little good. 

Fedora account system account holders are encouraged to notify
admin <at> fedoraproject.org if they see any out of the ordinary activity on
(Continue reading)

Ruth Suehle | 10 Apr 16:24 2014
Picon

Flock proposal voting now open

Vote on the proposals for talks you'd like to see at Flock:
https://admin.fedoraproject.org/voting

Votes are not the only criterion for selection, but they're the most important, so your opinion matters! Voting will be up for three weeks.

Thanks to lmacken, pingou, nirik, toshio, and threebean for gettingthis up in the new, re-written voting app!

--

-- 
announce mailing list
announce <at> lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/announce
Robyn Bergeron | 9 Apr 03:02 2014
Picon

Update on CVE-2014-0160, aka "Heartbleed"

Hello again, Fedora community.

This is an update on Fedora's response to CVE-2014-0160 (aka
"Heartbleed"). This is a critical security vulnerability that requires
your immediate attention.

Updates are now available, and are being pushed to our mirror network.
The update announcements for Fedora 19 and Fedora 20 are available at:

  Fedora 19: https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html
  Fedora 20: https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html

Apply updates with 

    sudo yum upgrade openssl openssl-libs

or with your graphical package manager.

After applying the update, please make sure to restart all services
which use OpenSSL. You may find it easiest to simply restart your
system. However, if you prefer, you may restart any affected services
manually. You can get an overview of programs that need to be restarted
by using the command line tool

    sudo needs-restarting

(This is included in the `yum-utils` package.) Restart all listed
programs until the output of needs-restarting is empty.

The Fedora Cloud images linked at
https://fedoraproject.org/en/get-fedora#cloud have been recreated with
the updated packages preinstalled.

Fixes have been applied to servers used in Fedora infrastructure and we
are investigating any further remediation which may be necessary.

Special thanks to Robert Mayr, Kévin Raymond, Dennis Gilmore, Matt
Miller, Paul Frields, Major Hayden, Kurt Seifried, Kevin Fenzi,
William Brown, Nick Bebout, Adam Williamson, Joachim Backes, Pádraig
Brady, Lokesh Mandvekar, David Strauss, Joop Braak, Michael
Cronenworth, Till Maas, Luke Macken, and others for effort in making
these updates available quickly.

- Robyn Bergeron
--

-- 
announce mailing list
announce <at> lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/announce
Robyn Bergeron | 8 Apr 05:01 2014
Picon

Status on CVE-2014-0160, aka "Heartbleed"

Greetings, Fedora community:

We're aware of the recently disclosed CVE-2014-0160 (aka 
"Heartbleed"):

https://bugzilla.redhat.com/show_bug.cgi?id=1085065 (openssl)
https://bugzilla.redhat.com/show_bug.cgi?id=1085066 (mingw-openssl)

The issue affects the currently supported Fedora 19 and Fedora 20 
releases. Updates for openssl packages are available now, and
mirrors near you will receive them shortly. If you do not want to 
wait for your local mirror to get updates, you can retrieve and 
install packages directly:

For Fedora 19 x86_64:
  yum -y install koji
  koji download-build --arch=x86_64 openssl-1.0.1e-37.fc19.1
  yum localinstall openssl-1.0.1e-37.fc19.1.x86_64.rpm

For Fedora 20 x86_64:
  yum -y install koji
  koji download-build --arch=x86_64 openssl-1.0.1e-37.fc20.1
  yum localinstall openssl-1.0.1e-37.fc20.1.x86_64.rpm

Substitute i686 for 32-bit systems, or armv7hl for ARM systems (F20
only).

Package updates for mingw-openssl will receive fixes shortly and 
we'll update the community when they are available. Note that 
Fedora 18, which is no longer supported by the Fedora community, is 
also affected by this issue. Fedora 17 and previous releases, also no 
longer supported, are not affected by this issue.

Fedora Release Engineering is currently regenerating AMIs and
qcow2/kvm images to include the fix.

The Fedora Infrastructure team is working to assess any additional 
impact, and will update the community as we develop more information.

Thanks for your patience as we work on this issue.

ACKNOWLEDGMENTS: Special thanks to Dennis Gilmore for quickly providing
package updates, and Major Hayden for providing the manual update
guidance above.

-Robyn Bergeron
--

-- 
announce mailing list
announce <at> lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/announce
Kevin Fenzi | 28 Mar 20:58 2014

Planned Outage: Mass reboots/Upgrades - 2014-04-01 21:00 UTC

 Planned Outage: Mass reboots/Upgrades - 2014-04-01 21:00 UTC

 There will be an outage starting at 2014-04-01 21:00 UTC, which will
 last approximately 4 hours.

 To convert UTC to your local time, take a look at
 http://fedoraproject.org/wiki/Infrastructure/UTCHowto
 or run:

 date -d '2014-04-01 21:00 UTC'

 Reason for outage:

 We will be rebooting all servers to pick up the latest system updates.
 Additionally we will be upgrading the koji build system to 1.9.0.

 During the outage window some services may be down and then back up
 again, but no single service should be down more than a few minutes,
 and some services may not be affected at all.

 Affected Services:

 Ask Fedora - http://ask.fedoraproject.org/

 Badges - https://badges.fedoraproject.org/

 BFO - http://boot.fedoraproject.org/

 Blockerbugs - https://qa.fedoraproject.org/blockerbugs/

 Bodhi - https://admin.fedoraproject.org/updates/

 Buildsystem - http://koji.fedoraproject.org/

 GIT / Source Control - pkgs.fedoraproject.org

 Darkserver - https://darkserver.fedoraproject.org/

 DNS - ns-sb01.fedoraproject.org, ns02.fedoraproject.org,
 ns04.fedoraproject.org, ns05.fedoraproject.org

 Docs - http://docs.fedoraproject.org/

 Elections - https://admin.fedoraproject.org/voting

 Email system

 Fedmsg busmon - http://apps.fedoraproject.org/busmon

 Fedora Account System - https://admin.fedoraproject.org/accounts/

 Fedora Community - https://admin.fedoraproject.org/community/

 Fedora Calendar - https://apps.fedoraproject.org/calendar/

 Fedora Hosted - https://fedorahosted.org/

 Fedora OpenID - https://id.fedoraproject.org/

 Fedora People - http://fedorapeople.org/

 Main Website - http://fedoraproject.org/

 Mirror List - https://mirrors.fedoraproject.org/

 Mirror Manager - https://admin.fedoraproject.org/mirrormanager/

 Package Database - https://admin.fedoraproject.org/pkgdb/

 QA Services

 Secondary Architectures

 Spins - http://spins.fedoraproject.org/

 Start - http://start.fedoraproject.org/

 Torrent - http://torrent.fedoraproject.org/

 Wiki - http://fedoraproject.org/wiki/

 Unaffected Services:

 Contact Information:

 Ticket Link:
 https://fedorahosted.org/fedora-infrastructure/ticket/4280

 Please join #fedora-admin or #fedora-noc on irc.freenode.net or add
 comments to the ticket for this outage above.
--

-- 
announce mailing list
announce <at> lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/announce
Christopher Meng | 17 Mar 04:35 2014
Picon

FUDCon 2014 Beijing Call For Papers now!

Greetings all,

We are glad to announce the Call For Papers for FUDCon APAC 2014 has
begun.

'''FUDCon''' is the Fedora Users and Developers Conference, a major free
software event held in various regions around the world, usually
annually per region. FUDCon APAC will be held in Beijing, China on May
23--25, 2014. It will be the first premier event in Fedora.next phase,
spreading innovative ideas and helping make Fedora better than ever.
FUDCon is a combination of sessions, talks, workshops, and hackfests in
which contributors work on specific initiatives. We welcome proposals
from newcomers and experienced contributors alike on a wide range of
topics including, but not limited to:

* Infrastructure
* Feature development
* Community building
* General management and governance
* Marketing
* Testing and QA
* Packaging
* Localization and internationalization
* Fedora.next working groups
* Cool applications

Please submit your proposal of talks, workshops, or hackfests before
'''March 14, 2014''' (01:00 UTC+8). Include your name, contact
information, a title, and a description of your proposal. The reviewing
team will evaluate the entries based on the submitted abstracts and
available time slots in the schedule. You will be contacted before
'''March 24, 2014''' on whether your submission has been accepted or
not.

Please submit your proposal at the following link:

http://tinyurl.com/FUDConAPAC2014CFP

Thank you in advance!

Yours sincerely,
Christopher Meng
--

-- 
announce mailing list
announce <at> lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/announce
Ruth Suehle | 13 Mar 19:53 2014
Picon

Flock now accepting registrations and talk proposals!

The second Flock conference will be held August 6-9, 2014 in Prague, Czech Republic. Talk proposals and registration are both now open. The website (flocktofedora.com) is being updated as information becomes available about travel, hotel, etc.

Flock was held last year for the first time in Charleston, SC, as a combined event replacing the former North America and Europe FUDCons. Unlike those barcamp-style events, Flock is a planned conference with talk submissions voted on by the Fedora community. It will alternate between North America and Europe each year.

Please be sure to indicate when you register whether you need flight or hotel funding to attend. Priority for funding will be given to Fedora contributors who are presenting.

You may submit as many topics as you feel qualified to deliver. Suggested topics include but are in no way limited to:

* ARM
* Cloud
* Community
* Design
* Desktop
* Fedora Ambassadors
* Fonts
* Games
* Infrastructure
* Marketing
* Open hardware
* QA
* Security
* Special Interest Groups

Submit your proposal now. Submissions will be accepted through April 3. Registration will be open until July 15.

--

-- 
announce mailing list
announce <at> lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/announce
Robyn Bergeron | 11 Feb 18:02 2014
Picon

Election Results: Fedora Board, FESCo, and FAmSCo

Greetings, all:

The elections for the Fedora Engineering Steering Committee (FESCo) and the Fedora Ambassadors Steering
Committee (FAmSCo) have concluded, and the results are shown below.

In addition to the election results, there were also 2 candidates for 2 open seats on the Fedora Project
Board. As the candidates were unopposed, voting was not held. Therefore, Neville A. Cross (FAS: yn1v) and
Haïkel Guémar (FAS: number80) are both elected to the Fedora Board for a full two-release term.

******

FESCo is electing 4 seats this cycle. A total of 265 ballots were cast, meaning a candidate could accumulate
up to 1590 votes (265 * 6). The result of the FESCo election is as follows:

# votes |  name
- ------+----------------------------------
    952 | Dennis Gilmore (FAS: ausil)
    947 | Toshio Kuratomi (FAS: abadger1999)
    905 | Stephen Gallagher (FAS: sgallagh)
    849 | Miloslav Trmač (FAS: mitr)
-------------------------------------------
    768 | Marcela Mašláňová (FAS: mmaslano)
    649 | Kyle McMartin (FAS: kyle)

Therefore, Dennis Gilmore, Toshio Kuratomi, Stephen Gallagher, and Miloslav Trmač are each elected to
FESCo for a full two-release term.

******

FAmSCo is electing 3 seats this cycle. A total of 173 ballots were cast, meaning a candidate could
accumulate up to 692 votes (173 * 4). The result of the FAmSCo election is as follows:

# votes |  name
- ------+----------------------------------
    435 | Neville A. Cross (FAS: yn1v)
    396 | Jon Disnard (FAS: masta)
    379 | Truong Anh Tuan (FAS: tuanta)
-------------------------------------------
    291 | Marcel Ribeiro Dantas (FAS: mribeirodantas)

Therefore, Neville Cross, Jon Disnard, and Truong Anh Tuan are each elected to FAmSCo for a full
two-release term.

Congratulations to all.

-Robyn
--

-- 
announce mailing list
announce <at> lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/announce
Eric H. Christensen | 4 Feb 17:22 2014

FESCo and FAmSCo Elections


The polls are open for FESCo and FAmSCo elections[0].  Go vote!  Polls will close promptly on 2014-02-10 at
23:59:59 UTC.

[0] https://admin.fedoraproject.org/voting/

-- Eric

--------------------------------------------------
Eric "Sparks" Christensen
Fedora Project

sparks <at> fedoraproject.org - sparks <at> redhat.com
097C 82C3 52DF C64A 50C2  E3A3 8076 ABDE 024B B3D1
--------------------------------------------------
Peter Czanik | 1 Feb 14:27 2014
Picon

Fedora 20 release party in Budapest

Hello,

I'm happy to announce the Fedora 20 release party in Budapest. It will 
be on the 22 of February from 10AM and located again in the conference 
room of the BalaBit HQ. It won't be only a release party, but also the 
10th birthday of the Fedora project and the 4th birthday of the 
Hungarian Fedora community.
For more information, check the event's wiki page, or contact us using 
IRC on #fedora-hu on freenode.

Hungarian announcement

Örömmel jelentem be a Fedora 20 megjelenése alkalmából rendezett 
budapesti összejövetelt. Február 22-én tartjuk 10 órától a BalaBit 
konferencia termében. Itt nem csak az új kiadást ünnepeljük, hanem a 
Fedora project 10-ik és a magyar közösség 4-ik szülinapját.
További információért keresd fel az esemény wiki oldalát, vagy lépj 
velünk kapcsolatba IRC-n a freenode #fedora-hu csatornáján.

Wiki: https://fedoraproject.org/wiki/Release_Party_F20_Budapest
Location/helyszín: http://www.balabit.com/hu/company/contacts

Peter Czanik
--

-- 
announce mailing list
announce <at> lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/announce
inode0 | 30 Jan 04:58 2014
Picon

F21 Election Town Hall Schedule

Please join the candidates and other members of the Fedora community
on freenode this Friday and Saturday. You may ask questions in
#fedora-townhall-public and the moderator will share them with the
candidates in #fedora-townhall. Each town hall is scheduled for one
hour.

== FESCo (Engineering) Town Hall ==
When: Friday, January 31 at 18:00 UTC
Where: #fedora-townhall and #fedora-townhall-public on freenode

== FAmSCo (Ambassadors) Town Hall ==
When: Saturday, February 01 at 17:00 UTC
Where: #fedora-townhall and #fedora-townhall-public on freenode

Some questions for the candidates were collected in advance of the
town halls and the answers provided by the candidates to those
questions will be posted on the questionnaire link on the wiki prior
to the town halls if at all possible.

https://fedoraproject.org/wiki/Elections/Questionnaire

More information about the schedule and details of this election may
be found on the Elections page.

https://fedoraproject.org/wiki/Elections

John
--

-- 
announce mailing list
announce <at> lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/announce

Gmane