es appear in the package. I think removing that ability
would be an improvement, but that's how it currently is.
Any changes made by %check outside of %{buildroot} should not affect the
binary package though.
Björn Persson
pgp_7oqqyGrq5.pgp
Description: OpenPGP digital
package does that:
https://src.fedoraproject.org/rpms/nginx/blob/8b7ceb13dd13cd18b9603872b2b5611be2d60029/f/nginx.spec#_253
This pull request would improve gpgverify to accept multiple key files,
so you wouldn't need to concatenate them:
https://src.fedoraproject.org/rpms/redhat-rpm-config/pull-reques
problematic. I'll just state my strong opinion that packages that
aren't meant for software development should not have "-devel" in their
names.
Björn Persson
pgp42QTPCqdJp.pgp
Description: OpenPGP digital signatur
--
___
devel mailing list -- dev
(And Firefox which just has to be different, but that has nothing to do
with desktops or widget libraries as far as I can see.)
Björn Persson
pgp3XcsfmYYXs.pgp
Description: OpenPGP digital signatur
--
___
devel mailing list -- devel@lists.fedor
blindly trust
the Git repository or the Github-generated tarballs.
Björn Persson
pgp8nUs2fpGPZ.pgp
Description: OpenPGP digital signatur
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedorapr
access to their secret
OpenPGP key, their Github account, and probably all of their other
credentials.
Björn Persson
pgpcAJciGABWI.pgp
Description: OpenPGP digital signatur
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to
Pavel Zhukov wrote:
> I see you have received review of the MR . Emails have been answered by
> Bjorn too.
If you don't have time to maintain Aunit, then please give me or Dennis
access to the package so we can take care of it.
Björn Persson
pgpFCmfiDkSCT.pgp
Description: OpenPGP d
tion,
rendering the enclaves useless.
The solution is to consider security before you rent other people's
computers, and keep secrets and sensitive data on your own hardware.
Björn Persson
pgpojY8pw6hQR.pgp
Description: OpenPGP digital signatur
--
___
than
X. For *their* usecases, not only for yours.
Björn Persson
pgpK3GbmW35Af.pgp
Description: OpenPGP digital signatur
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of C
een reverted
manually in the meantime. The mass-revert script would need to verify
that it reverts only commits done by the defective mass-rebuild script.
If that's nontrivial to get right, then it seems to me that there is
value in a hook that validates changes made by a script.
Björn Persson
pgppk
(such as packages depending on Ada which like every year bumped
> sonames of its shared libraries), please do so soon.
Thanks for the side-tag. Most of the Ada packages – those that I have
access to – are now rebuilt if I did everything right. The rebuild went
smoothly this time.
Björn Persso
malware into Fedora through your
packages. It is your duty to take security seriously as long as you
have commit privileges to any Fedora packages.
Björn Persson
pgpF1As1bgQjX.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@list
onably with any and all attacks.
Björn Persson
pgpwa7vJgc1mo.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of
eive security updates?
Notifying the user only if they're a member of the wheel group seems
like a reasonable default.
Björn Persson
pgpfQSwgSW2hh.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.or
ore I found out about those
vulnerabilities.
If the firmware files are properly authenticated, then I think
notifications about firmware updates should be enabled on all
installations.
Björn Persson
pgpR2_bpFfGGv.pgp
Description: OpenPGP digital signatur
___
Bob Mauchin wrote:
> I'm currently assessing what is needed by our binaries packages and will
> take packages needed that have been orphaned.
Thank you! I was getting really worried that Restic would drop out and
I'd have to design a new backup solution yet again.
Björn P
Looking at the screenshot, I wonder what percentage of users will read
"Privacy", see that all the switches are on, and click "Next" in the
belief that all the privacy features are on.
Björn Persson
pgp2ZQzLUmMNa.pgp
Description: Open
d you intend to call that "consent". It's a popular tactic
to make people "agree" to things without knowing it.
Björn Persson
pgpRT0A1SqC4E.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedo
tween the Gnome that once was and the
very different thing that took over the name "Gnome".
Björn Persson
pgpdVGkitXcGu.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an
, then the change proposal needs to be amended.
Björn Persson
pgpgswP8SfU23.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code
pts should begin
with that to clear any attributes that may have been left behind by a
broken program. (Try "echo -e '\e[8m'" and see if it hides your prompt.)
Björn Persson
pgp_JLupc3tON.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- dev
should allow an upstream sysusers file to work in all
cases, if I understand correctly. If your package currently works, then
I suggest waiting until the RPM integration is done before you change
how user accounts are created.
Björn Persson
pgpBEXmS0YDu0.pgp
Description:
4, then you and
your peer will both be unable to connect to each other. If globally
routable IPv4 addresses are available on the network where you are,
then you'll want one so that your peer can at least connect to you.
Users of peer-to-peer programs will want to configure their DHCP client
to request an
prompt is configured in a completely different place
than the background, and separately on each server, the prompt must be
readable by default on both light and dark backgrounds.
Björn Persson
pgprqT_maxZDz.pgp
Description: OpenPGP digital signatur
___
the shell
unusable minimal.
Björn Persson
pgpqIGrB30kK8.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduc
because GCC outputs filenames in uncolored bold text,
so even a bold prompt would blend in among the compilation errors.
Björn Persson
pgpo0PYGOraT4.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubsc
Jakub Jelinek wrote:
> On Wed, May 10, 2023 at 12:09:10AM +0200, Björn Persson wrote:
> > Florian Weimer wrote:
> > > I am going to explore a way to land -Werror=implicit-int
> > > -Werror=implicit-function-declaration among the default compiler flags.
> > &g
d for Ada”
over and over. It doesn't break any builds but it's annoying noise in
the build logs.
It would be better if __global_compiler_flags would contain only
language-independent parameters, and language-specific parameters were
added in build_cflags and build_cxxflags.
Björn Persson
pg
Aurelien Bompard wrote:
> do you mind opening a ticket on FMN's tracker please?
Done: https://github.com/fedora-infra/fmn/issues/901
Björn Persson
pgpwJ54yOnOQ8.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- de
Web calm when
the ability to stop GIF animations was removed from Firefox. That's
still relevant in places, but these days the greatest advantage of
Seamonkey is that I don't have to relearn how to do things each time
Firefox's user interface gets reshuffled.
Björn Persson
pgpwD6uQ_jvxV.pgp
t and remember when I have to start the browser for demanding
Javascript programs and when I can use the browser with the stable and
sensible user interface.
Björn Persson
pgpIB3pZw10sf.pgp
Description: OpenPGP digital signatur
___
devel
ed to run it, then?
Björn Persson
pgpmhakqztAuR.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduc
Kevin Fenzi wrote:
> On Sun, Apr 23, 2023 at 11:21:58PM +0200, Björn Persson wrote:
> > Kevin Fenzi wrote:
> > > We could probibly come up with some
> > > better way to start new topics/discussions
> >
> > Yes I think I can come up with a better way.
e Discourse developers like,
as long as it's at most 64 bytes and adheres to the dot-atom-text syntax
in RFC 5322.
Björn Persson
pgpWVzBgAke8P.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.org
To u
gins
with whitespace, which it looks like it does. Folding is even
recommended for lines longer than 78 characters. Programs that parse
email are supposed to unfold folded lines.
The complexities of text-based protocols provide for so much fun!
Björn Persson
pgp9IXcpXeGMk.pgp
D
if those new topics can't be sent to a mailing-list-equivalent, but
just end up in some sort of "other" bucket, then it seems useless
anyway.
Björn Persson
pgpcbyFcDPtSX.pgp
Description: OpenPGP digital signatur
___
devel ma
n with
Discourse should work on improving its email capabilities until it can
be used as a list server.
Björn Persson
pgpUVt9_aKC4f.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an
ad
three myself, but they depended on each other so one specific package
had to go first. A beginner with multiple independent packages, such
that they can be reviewed and imported in arbitrary order, is probably
an uncommon case.
Björn Persson
pgpl
What will packagers see?
Will builds be queued, and get processed when the lock is released?
Will build attempts be rejected with a clear explanation? "You can't
build while we're branching. Please try again later."
Or will packagers start asking why they get an incomprehensible stac
line has no special meaning. A section continues until the next
section begins.
Björn Persson
pgpmzB0onHLYx.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lis
to set a security
flag on the update after the fact, but nobody will bother with that.
I would therefore advise against using --security. If one can't install
all the updates continuously, then one should use a more stable
distribution than Fedora.
Björn Persson
pgp_GPr1Z148d.pgp
Description: Op
We have been implementing labels in the Fedora License Data repo to help
> indicate what is needed next.
Nothing notifies me about changes to labels, so they don't work as
reminders that there's more work to do, but they have some value as
confirmation that the next step in the procedure is what I thin
y to reply to Kenneth, Hyperkitty
seems to think the line break is part of the message ID, which results
in that invalid syntax.
That's just one example of how difficult it is to write a correct email
parser. It's even a rather simple case compared to the monstrosities
that are allowed
Zdenek Dohnal wrote:
> On 1/16/23 12:31, Björn Persson wrote:
> > Robert Marcano via devel wrote:
> >> The admin can implement CUPS
> >> authentication but an ipp://localhost:6 open port entirely open to
> >> anyone on the local machine to submi
ilename it gets the
version number from, it would be easy to run
rpm --query --provides --file | grep --quiet ^$
except that people keep saying that package builds shouldn't invoke RPM
for some reason. Is there a way to do the above without actually
invoking RPM?
Björn Persson
pgpM_h8XhTJd4.pgp
Descr
that hadn't.
If they fail to do that correctly, will their package become
uninstallable due to unsatisfiable dependencies, or will it just get
normal unversioned dependencies on those libraries that don't provide a
version number?
That should also be explained in the change proposal.
B
ideal of reproducible
builds?
Yes I can find some of the answers elsewhere. I shouldn't need to go
searching for answers. They should be available in the change proposal.
Björn Persson
pgpsKLzLivnaq.pgp
Description: OpenPGP digital signatur
___
devel m
rest of us in the Fedora project,
then you'll need to handle UTF-8 in spec files. Sooner or later you'll
encounter some non-ASCII characters. You may need to tell Emacs to read
and write spec files as UTF-8, or you may need to fix your locale. Run
"locale" to check. Going b
alls it "Set tag extra option". I would not
have guessed that an "extra option" would transform into an RPM macro,
nor that a "_with_" prefix would need to be added.
Björn Persson
pgpCIAUkIr_UN.pgp
Description: OpenPGP digital signatur
_
y-manager-qt-will-no-longer-be-available-in-fedora-repository/45921/6
And that's such a fancy modern Javascript program that it can't even be
scrolled in a browser with a stable user interface. Wonderful.
Björn Persson
pgpjS66OatxDZ.pgp
Description: OpenPGP digi
t's not like
something will break if the conditional isn't removed in time.
Björn Persson
pgpCf1F7Tm7T3.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel
de and then tag them all in at the
end.
So as things stand, these rebuilds need to be done by a human who knows
the dependency graph.
Björn Persson
pgp90fUD1Km8D.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject
er, and
that's not how the mass rebuild does it.
I'd be willing to cooperate to do the rebuild in a side tag, but I
can't promise to always be available at a moment's notice.
Björn Persson
pgpUnwuNn9UUD.pgp
Description: OpenPGP digital signatur
ttitude to security I've seen from CUPS before, I
won't be surprised if they just assume that someone else will protect
them from DNS rebinding attacks.
Björn Persson
pgpUOI2iQT6TU.pgp
Description: OpenPGP digital signatur
___
devel ma
s there some competition to produce the most textless user interface?
Björn Persson
pgpAmFa7dbrFg.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedor
eliably. I see no big eye-catching warning that such-and-such
must be smaller than x bytes.
Björn Persson
pgpHBtrq05hJe.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send
said "byte-swapped" it would probably have gotten me searching in the
right direction, but if the X server wants to be helpful it should say
"big/little-endian mismatch; the option AllowSwappedClients is off".
Björn Persson
pgptXffOuQJrN.pgp
Description: OpenPGP digital signatu
never, because I have way too much to do already.
Apparently there is no such tool and no plan to provide one, because
surely that would have been mentioned under "User Experience".
Björn Persson
pgpMf3pOAD4my.pgp
Description: OpenPGP digital signatur
__
Gerd Hoffmann wrote:
> On Tue, Dec 20, 2022 at 08:42:14PM +0100, Björn Persson wrote:
> > > Switching the whole distro over to unified kernels quickly is not
> > > realistic though. Too many features are depending on the current
> > > workflow with a host-specific in
mand line for configuration.
I note that taking away the kernel command line is indeed a clearly
stated goal, which will limit Fedora to simple, appliance-like uses.
If any of what I wrote above misrepresents the change owner's
intentions, then the change proposal is badly written and needs
rewor
larger. I
can't believe that Git wouldn't be 8-bit-clean.
Björn Persson
pgpo03OQ_8sm5.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.o
s when the upstream developer signed it.
With Git I don't know how we could avoid unpacking the repository
archive before we verify the signed tag.
As to why the builders lack Internet access, I wasn't around when that
was decided but it helps ensure that the source RPM packages actually
con
systemd-sysusers in a suitable scriptlet between the
two packages?
Björn Persson
pgpnWcdiZTdIt.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le
need to limit its length.
Can't you find some actual problem to be angry over?
Björn Persson
pgpxgPVGDFVi5.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an emai
Kevin Kofler via devel wrote:
> Considering that we have been shipping these hardware codec interfaces for
> years without any legal trouble, I find this absolutely ridiculous.
The entire codec patent business is absolutely ridiculous. Such is the
reality we must live in.
Björn P
" and more "here's how I'd fix it,
> though"!
Quoting myself, here's how I'd fix it:
Björn Persson wrote:
> Rather than hiding the intelligible words in mouseover boxes, it would
> be better to write them directly on the screen instead of the icons.
That's clearly not ho
Zbigniew Jędrzejewski-Szmek wrote:
> I think it
> is important to remember that the page is _supposed_ to be "dense".
> It is intended to pack a lot of information into a small area
It leaves plenty of empty space on my screen. It seems to prioritize
aesthetics over informat
nice to have consistent terminology, but hey, we can always
click on everything and explore.
The gear icon is also misleading. It alludes to machinery in motion, so
it suggests a menu of commands to do things, rather than options or
settings. There is a wrench icon that would be a good symbol for
settings, but th
say how they may be
combined? Are we supposed to write "GPL-3.0-or-later AND
GPL-2.0-or-later AND LGPL-3.0-or-later AND GPL-3.0-only" or do those
still combine into GPL-3.0-only?
Björn Persson
pgpfYcfegWXWG.pgp
Description: OpenPGP digital signatur
___
nge proposal)"
Once you write "proposal", the word "change" becomes rather redundant.
What proposal doesn't propose any kind of change? If somebody doesn't
want to change anything, they won't write a proposal.
Björn Persson
pgp8oCG3kFb03.pgp
Description:
confusing.
Björn Persson
pgpTL5tFH4atr.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedorapr
ho signed the Xfontsel tarball.
Once you have the key, remember to pass all three parameters to
gpgverify: --keyring, --signature and --data.
Björn Persson
pgpcFSmHuVaks.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedorapr
an example of a user who is dissatisfied
with UEFI for some reason, and wants to boot in BIOS mode instead.
Dropping BIOS-boot support from Fedora would presumably not make that
person any happier.
Björn Persson
pgpTOibEFEGtI.pgp
Description: OpenPGP digital signatur
t
that takes much longer than ten years nowadays.
Björn Persson
pgpZ7ENGcIhpJ.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Cod
requires
authentication, if the previous ticket has expired. Don't ask for
authentication just for the sake of renewing a ticket when the user is
doing something else. That would teach users dangerous habits.
Björn Persson
pgpkW8N6aTay3.pgp
Description: OpenPGP digital
factor. In that case a TOTP seed stored in a Yubikey becomes a
third factor.
Björn Persson
pgpBJJfbjJHPN.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel
dangerous to let known security holes accumulate.
Björn Persson
pgpzXxjDRbutY.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora
I use this laptop to develop and test performance measurement tools. It
handles build jobs, testsuites and virtual machines just fine. The days
when a three-year-old computer was too slow to be useful are long gone.
Björn Persson
pgp52J6uYF2PH.pgp
Description: OpenPGP digital si
around by temporarily adding "SHA1"
to /etc/crypto-policies/back-ends/nss.config.
Björn Persson
pgpQmPo25Lqfu.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an e
Kamil Dudka wrote:
> There seems to be demand for libcurl with IDN support on minimal Fedora
> installations, so I created a pull request to enable it in libcurl-minimal:
>
> https://src.fedoraproject.org/rpms/curl/pull-request/13
Thank you.
Björn Persson
pgp2ZEu96gtIM.pgp
I had a private mirror, but I don't. For downloading
files from a command line, my habit is to use Wget, so I guess I'm
dodging that bullet.
Björn Persson
pgpBhrzmDJc5Y.pgp
Description: OpenPGP digital signatur
___
devel mailing list --
e is also waiting for
everybody else.
This is the same deadlock that hampers IPv6, encrypted email and many
other things. Everybody's waiting for everybody else to move first.
Björn Persson
pgp90R61gv1GJ.pgp
Description: OpenPGP digital signatur
___
de
curl-minimal suited only for programs that only
communicate with a predefined set of servers in ASCII-only domains. Any
program that accepts user-provided URLs will need curl-full to be able
to handle arbitrary domain names, even if the program speaks only HTTPS,
HTTP and FTP.
Björn Persson
pgp4a
f retyping. (Still
not as good as U2F of course.)
Björn Persson
pgpxs9kMwtLFb.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code
Demi Marie Obenour wrote:
> Security keys are the only form of 2fa that is immune to
> phishing attacks.
U2F and FIDO2 are said to be immune to phishing. HOTP, TOTP and various
proprietary challenge-respone protocols are not immune.
Björn Persson
pgp_7IhtLa4JI.pgp
Description: OpenPGP d
Mattia Verga via devel wrote:
> Il 19/02/22 19:38, Björn Persson ha scritto:
> > Zbigniew Jędrzejewski-Szmek wrote:
> >> I think it'd be better to check the status weekly and only require
> >> account reconfirmation if the quarantine status is detected ⌊N / 7 - 1⌋
&
he domain is released for
registration. Let's just not make it so tight that a little unscheduled
downtime can open an attack window.
Björn Persson
pgpqiv4u1U4Nr.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedorapr
iably prevent this kind of
attack.
I hope this explanation is clear enough to be understood. In case of
TL;DR, the short version is four posts upthread from here.
So, does step 3 exist?
Björn Persson
pgpPIYU3U_oGq.pgp
Description: OpenPGP digital signatur
___
Vitaly Zaitsev via devel wrote:
> On 15/02/2022 19:43, Björn Persson wrote:
> > The packager would then be required to authenticate with their existing
> > credentials – or prove their identity in some way that does not rely on
> > ownership of the email address – and se
nd set a new email address in their
account. Entering the old email address again would be allowed, in case
they have recovered the domain, but they would have to prove that they
can receive a confirmation message regardless of whether the new address
is the same as the old address.
B
Ben Cotton wrote:
> I would support removing the 113 who don't exist in Koji.
If they have been that way for a long time, I suppose. Don't cause
additional hurdles for newcomers just because their first review takes
a while.
Björn Persson
pgp11SGC3hJR2.pgp
Description: OpenPGP digital signa
. Thus an open Bugzilla ticket is no indication
that the package is unmaintained. You need to check what version is
actually in Rawhide.
If the Bugzilla tickets should in fact not be left open, then they
should be automatically closed just like they're automatically opened.
Björn Persson
pgpBscep
https://bugzilla.redhat.com/show_bug.cgi?id=2041667
Björn Persson
pgpaayNBpxRq6.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of C
Miroslav Suchý wrote:
> $ license-validate-v'GPL or (MIT and BSD)'
> No terminal defined for 'G' at line 1 col 1
Approximately nobody will understand "No terminal defined for 'G'". Can
the error message be improved?
Björn Persson
pgp5AIXhmHYUH.pgp
Description: OpenPGP
or similar, please make sure that you install those libraries too if
> appropriate.
Was "not" supposed to be "now"? Otherwise these statements don't make
sense together.
Björn Persson
pgpz2V_ix2CZt.pgp
Description: OpenPGP digital signatur
__
ue mode, then maybe Grub
could be programmed to require a passphrase before it will boot that
entry?
Björn Persson
pgp1LnefA7iK9.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubsc
uld also by default require root's or a wheel
user's passphrase before boot parameters can be changed. That is
consistent.
Björn Persson
pgpcT9reGtFmi.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.org
To uns
Chris Adams wrote:
> Once upon a time, Björn Persson said:
> > Chris Adams wrote:
> > > If the admin has done one thing to lock down the system, then they can
> > > do another (removing the sulogin --force addition).
> >
> > How do you propose
is new
release of this particular distribution they need to run this special
command to prevent boot problems from granting root access to whoever
can type on the keyboard.
Björn Persson
pgpUpKi2TnP15.pgp
Description: OpenPGP digital signatur
___
rized? Do I disable FS-verity for that specific file? Disable
FS-verity globally? Add my own key to the kernel's keyring? Build and
sign my own RPM package?
What prevents an attacker from doing the same?
Will files under /etc be covered, or will local configuration still be
possible?
Björn Persson
pgp
1 - 100 of 662 matches
Mail list logo
