FOSDEM sessions
by Itamar Heim
fyi we got the following sessions in the FOSDEM[1] Open Source
Virtualization and Cloud devroom.
if you are planning to be in FOSDEM drop us an email if you would want
to meet, discuss, catch up, etc.
1. Virtualization Management the oVirt way - Introducing oVirt (Itamar
Heim)
2. VDSM - The oVirt Node Management Agent (Federico Simoncelli)
3. Open Virtualization – Engine Core: Internals and Infrastructure
(Omer Frenkel)
apart of it there are also some kvm sessions in the hypervisor main track.
Hope to meet you there,
Itamar
[1] http://fosdem.org/2012/
12 years, 9 months
Re: package signing
by David Jaša
Doron Fediuck píše v Ne 29. 01. 2012 v 14:21 +0200:
> On 26/01/12 18:20, David Jaša wrote:
> > Doron Fediuck píše v Čt 26. 01. 2012 v 11:01 -0500:
> >> +1 for the need.
> >> I think we should give md5 or similar hashes,
> >
> > There is already file with md5 hashes in the repo but it has no meaning
> > wrt attack prevention because it is not accessible via https, let alone
> > HTTP Strict Transport Security so it can be mangled by attacker together
> > with packages themselves.
> >
> Setting up https access is probably the way to go.
> We can sign the hash file as well, but that's just for binaries.
>
> >> and let distro's do the signing.
> >>
> >
> > Distros take care of it during their package build process, no need to
> > worry about that. But if we offer packages on our site, they should be
> > also signed.
> >
> Actually, I just got the diff between our views;
> Indeed when you distribute binaries, I agree you should sign it.
> The thing is, I do not think we should distribute binaries. Fedora
> should distribute ovirt RPM's, and other distro's should do the same
> using their own packaging mechanisms. For example, Gentoo will look
> for the sources tarball, and during the installation will d/l it,
> compile and deploy according to the relevant (signed) ebuild.
>
> This is why fundamental projects will give you such links:
> http://www.x.org/releases/X11R7.6/src/
> http://www.kernel.org/pub/linux/kernel/v3.x/
> http://kde.mirrorcatalogs.com/stable/4.8.0/
>
> You may also see rel-notes, change-log and doc's, but no binaries.
>
> I'm aware of the fact many projects (postgres and others) provide
> binaries as well, but my view is that this is the distro's task
> to package & sign the binaries, and the project's task to provide
> a stable release tarball of sources.
>
I think we agree more than it seems. IMO we should provide binaries of
just development versions of oVirt for widely-used stable distributions
which do not have better ways to create custom repos (like OpenSuse
Build Service or Ubuntu PPA) - we do this for Fedora, Debian would be a
good candidate, too.
David
> > David
> >
--
David Jaša, RHCE
SPICE QE based in Brno
GPG Key: 22C33E24
Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
12 years, 9 months
First release go/no go meeting on Monday (30.01)
by Ofer Schreiber
All,
As decided in the last oVirt sync meeting, we will have a go/no meeting
about our first release in the upcoming Monday (30.01.12), 15:00 UTC.
I'm inviting you all to join this important meeting in the official
#ovirt irc channel.
Thanks,
Ofer Schreiber
oVirt Release Manager
12 years, 9 months
oVirt slide decks & other collateral
by Jason Brooks
I've created marketing and marketing/collateral categories on the
ovirt.org wiki, and started a page listing the slide decks that we have
for the project so far: http://www.ovirt.org/wiki/OVirt_Slide_Decks.
At the top of the page I've linked to a new, generic ovirt deck,
assembled out of the other decks, meant to be used for project
overview-type presentations.
Karsten Wade used a version of this generic deck for his recent talk at
SCALE: http://www.ovirt.org/wiki/User:Quaid/SCALE_10x_presentation. His
version spreads the text out over multiple slides to combat the dense
"wall of text" effect on some of these.
To a similar end, I'm working on thinning out some of these slides, as
well as adding screenshots from the current version of the code, and
making some of the diagrams less Red Hat-centric.
If you have other feedback on this deck, or suggestions/requests for
other pieces of collateral the project could benefit from, please let me
know, and/or add to the wiki under the relevant categories.
Thanks, Jason
12 years, 9 months
RE: package signing
by Doron Fediuck
+1 for the need.
I think we should give md5 or similar hashes, and let distro's do the signing.
Sent from my Android phone. Please ignore typos.
-----Original Message-----
From: David =?UTF-8?Q?Ja=C5=A1a?= [djasa(a)redhat.com]
Received: Thursday, 26 Jan 2012, 15:33
To: board(a)ovirt.org
Subject: package signing
Hi,
at least nightly fedora repo is not signed (i didn't look at the other
ones but I suspect that all other repos are also unsigned). We should
establish package signing infrastructure and we should also publish
signing key fingerprint on SSL/TLS-secured page to prevent any MITM
attack aimed on ovirt repo users.
David
--
David Jaša, RHCE
SPICE QE based in Brno
GPG Key: 22C33E24
Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
_______________________________________________
Board mailing list
Board(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/board
Sent from my Android phone. Please ignore typos.
12 years, 9 months
package signing
by David Jaša
Hi,
at least nightly fedora repo is not signed (i didn't look at the other
ones but I suspect that all other repos are also unsigned). We should
establish package signing infrastructure and we should also publish
signing key fingerprint on SSL/TLS-secured page to prevent any MITM
attack aimed on ovirt repo users.
David
--
David Jaša, RHCE
SPICE QE based in Brno
GPG Key: 22C33E24
Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
12 years, 9 months
Tagline on ovirt.org does not communicate a clear and simple message
by Stefan Hajnoczi
Hi,
The tagline on ovirt.org is long and unclear:
"Complete and Comprehensive Open Source Infrastructure and Management
Virtualization Platform for the Data Center".
"Complete and Comprehensive" is almost a tautology. "Infrastructure and
Management Virtualization Platform" does not make sense, I'm not sure
what a "Management Virtualization Platform" is.
Something shorter would communicate what ovirt.org is about better.
This tagline is used in the <h2> and <title> (shortened). It's
important because this is how visitors learn what oVirt is and whether
to read more. How about shortening it to, "Complete Open Source
Virtualization Platform for the Data Center"?
Thanks to mburns on #ovirt for directing me to infra(a)ovirt.org and
board(a)ovirt.org.
Stefan
12 years, 9 months