Re: TPMs, measured boot and remote attestation in Fedora

On Fri, Apr 8, 2016 at 8:28 AM, Matthew Garrett wrote: [snip] > Remote attestation is a mechanism by which a remote machine can request > (but not compel) another machine to provide evidence of the PCR state. > The TPM provides a signed bundle of information including the PCR

Re: More prominent link to verification hashes

On Mon, Feb 22, 2016 at 7:42 PM, Kevin Fenzi wrote: > My point was that you can get the signatures off the key from the > keyserver and see if any of them are someone you trust. If not, are > they connected to someone you trust (hey, look, web of trust). I think > expanding the

Re: More prominent link to verification hashes

On Mon, Feb 22, 2016 at 6:35 PM, Kevin Fenzi wrote: > Well, I agree the instructions could do better, but how would that help > if the site was compromised? The attackers would write their own > instructions. > > In addition to the verify link, the

Re: More prominent link to verification hashes

On Sun, Feb 21, 2016 at 2:32 PM, Sam Varshavchik wrote: > One has to jump into the installation guide, in order to find a buried link > to https://getfedora.org/verify The instructions here have you download a set of PGP keys from the same https webserver which could have

Re: bundling of jemalloc

On Sat, Mar 21, 2015 at 1:31 PM, Paolo Bonzini pbonz...@redhat.com wrote: Firefox and xulrunner are bundling their own copy of jemalloc (try strings /usr/lib64/xulrunner/xulrunner |grep jemalloc, or similarly with /usr/lib64/firefox/firefox-bin). Why isn't this recorded in the RPM provides

Re: New Group Calls For Boycotting Systemd

On Thu, Sep 4, 2014 at 9:01 AM, Digimer li...@alteeve.ca wrote: This reminds me of the Beefy Miracle fiasco... Everyone complained after it happened, but few said or did anything before then. The scope of systemd has crept dramatically since the start. If the initial discussions of systemd said

Re: Heads up; F22 will require applications to ship appdata to be listed in software center

On Wed, Jan 22, 2014 at 7:47 AM, Richard Hughes hughsi...@gmail.com wrote: Replying to my own email, apologies. I've now gone through the entire list of applications-in-fedora-without-appdata. A *lot* of those applications haven't seen an upstream release in half a decade, some over a decade.

Re: OpenH264 in Fedora

On Mon, Nov 4, 2013 at 9:28 AM, Bruno Wolff III br...@wolff.to wrote: The issue for RTC is that we could be using a royalty free codec, such as VP8 instead. Accepting the binary makes it more likely that h.264 will be made mandatory to implement, which means any company not wanting to

Re: OpenH264 in Fedora

On Mon, Nov 4, 2013 at 10:35 AM, Alberto Ruiz ar...@redhat.com wrote: Google gave up on that battle, Mozilla gave up on that battle, and somehow you expect that the Fedora community can somehow turn the tides? There are better ways to push for improvements in this effort (like the Daala

Re: OpenH264 in Fedora

On Mon, Nov 4, 2013 at 11:03 AM, Bruno Wolff III br...@wolff.to wrote: I was thinking more of the non-commercial use restrictions you might end up agreeing to when you accept the license of the binary. In the places where software patents didn't apply, you'd probably either use x264 or build

Re: OpenH264 in Fedora

On Mon, Nov 4, 2013 at 11:29 AM, Bruno Wolff III br...@wolff.to wrote: I have asked on the advisory-board list about getting an official Fedora position on OpenH264 before the vote occurs. I don't want to be making claims about Fedora on my own on how far Fedora will or won't go in supporting

OpenH264 in Fedora

Greetings. Cisco has announced that they will be releasing an implementation of a BSD licensed H.264 (baseline profile) encoder and decoder, along with offering download of binaries of it under Cisco's licensing umbrella:

Re: Fedora/Redhat and perfect forward secrecy

On Mon, Sep 9, 2013 at 9:12 AM, Paul Wouters p...@nohats.ca wrote: For the client, clearly CPU is not the limiting factor. For regular TLS servers, this should also not matter. For fully loaded TLS servers or TLS accelerators, the factor 3 on the CPU load will matter, but we're talking

Re: Fedora/Redhat and perfect forward secrecy

On Mon, Sep 9, 2013 at 11:46 AM, Paul Wouters p...@nohats.ca wrote: [not speaking for Red Hat] You seem to believe only valid legal claims can put Red Hat in court. Of course not. Though I'm not aware of anyone making any claims at all over basic non-specially optimized ECDH on prime fields.

Re: Fedora/Redhat and perfect forward secrecy

On Fri, Sep 6, 2013 at 2:31 PM, D. Hugh Redelmeier h...@mimosa.com wrote: | From: Reindl Harald h.rei...@thelounge.net | Date: Sat, 24 Aug 2013 11:38:21 +0200 | https://bugzilla.redhat.com/show_bug.cgi?id=3D319901 | | looks like Redhat based systems are the only remaining | which does not

Re: F20 System Wide Change: ARM as primary Architecture

On Tue, Jul 9, 2013 at 10:50 AM, Matthew Garrett mj...@srcf.ucam.org wrote: llvmpipe has been known to be broken for months, and nobody on the ARM team appears capable of fixing it. As a result, ARM shipped in F19 without any out of the box support for running our default desktop. This

Re: Do you think this is a security risk and if not is it a bad UI decision?

On Sat, May 4, 2013 at 11:06 AM, T.C. Hollingsworth tchollingswo...@gmail.com wrote: More to the point, the vast majority of the other software *in Fedora* that accepts passwords for any reason hides the passwords as they are typed. If this is really broken (and who knows; neither side has

Re: fltk

On Wed, Dec 19, 2012 at 10:40 AM, Bruno Wolff III br...@wolff.to wrote: In some cases you can get DSO linking errors when you don't explicitly link to those other packages. People building from source might not care, but this can cause problems for official builds. Can you elaborate on this or

Re: fltk

On Wed, Dec 19, 2012 at 11:42 AM, Adrian vk4...@bigpond.com wrote: This attitude is why people leave redhat for debian/ubuntu, get fltk right and the rest will follow. We have tested already. Adrian, no disrespect intended— but I believe you are making a mistake here. It looks like package

Re: fltk

On Wed, Dec 19, 2012 at 11:53 AM, Dan Williams d...@redhat.com wrote: It's the other way around. If libfoo 1.0.0 linked with -lbar and -lm, and then you upgraded to libfoo 1.0.1 which *no longer* links to -lm, now stuff that links to libfoo might fail if those things did not specifically

Re: remove polkit from core?

On Wed, Nov 14, 2012 at 9:26 AM, Chris Adams cmad...@hiwaay.net wrote: Great - let's take something that people are using, remove that functionality, and not announce it! This is not cool; it represents one of my biggest frustrations with a bunch of the new and improved ways of doing things.

Re: twolame - legal

On Thu, Aug 16, 2012 at 5:27 AM, Nikos Roussos comzer...@fedoraproject.org wrote: I happened to notice that twolame is currently on rpmfusion. Is there a legal reason for that? twolame is an MP2 (MPEG-1 Audio Layer II) encoder (not mp3), which seems to be a free (as free of patents) codec.

Re: prelink should not mess with running executables

On Mon, Jul 16, 2012 at 9:30 AM, Robert Nichols rnicholsnos...@comcast.net wrote: That would mean that prelink would skip much of a running system, and a full prelink could be done only by booting from separate media. Not going to happen. But now that Fedora will have reboot for updates...

Re: Licensing change: Audacious - GPLv3 -- BSD

On Tue, Jul 10, 2012 at 3:48 PM, Martin Langhoff martin.langh...@gmail.com wrote: Yes. And also told Oracle that it was very limited what they could claim as damage caused by the copyright infringement over those 9 lines. Very limited in the context of billion dollar lawsuits. Statutory

Re: Licensing change: Audacious - GPLv3 -- BSD

For a point of accuracy— On Mon, Jul 9, 2012 at 12:10 PM, Michael Schwendt mschwe...@gmail.com wrote: Have you had your name and a copyright statement in any source file? To highlight that you've been the [primary] author of that file? If not, you're not a full/official author to have a stake

Re: Licensing change: Audacious - GPLv3 -- BSD

On Mon, Jul 9, 2012 at 3:17 PM, Michael Schwendt mschwe...@gmail.com wrote: and arbitrary other people, who get their patch contributions merged, don't gain any copyright protection on the file or the proper parts of it, This is not true, and it's the point I was responding to correct. (I

Re: *countable infinities only

(I'm posting in this thread rather than starting a new one in order to respect people who've spam-canned it) It is being widely reported that Canonical's be signing the kernel, they won't be requiring signed drivers, and won't be restricting runtime functionality while securebooted. What is being

Re: Space wasted by Non English Packages shipped by Default on Fedora 17.

On Mon, Jun 25, 2012 at 1:11 PM, Bill Nottingham nott...@redhat.com wrote: To elaborate - dejavu-sans-fonts is the default font for English. However, it also happens to have Arabic, Greek, accented European, etc. characters, so 'support' for those languages will show up as being installed. And

Re: *countable infinities only

On Mon, Jun 25, 2012 at 1:56 PM, Peter Jones pjo...@redhat.com wrote: I feel like this is quite patronizing.  We've stated time and again that we don't believe the scenario you're preaching has any real /viability/, and Sounds like you're not arguing with me, you're arguing with Canonical. I

Re: *countable infinities only

On Mon, Jun 25, 2012 at 2:37 PM, Chris Murphy li...@colorremedies.com wrote: I'm reading they're going to use a modified Intel efilinux, not writing a new boot loader. And that they will not require either signed kernel or kernel modules. Thats my understanding. So what's the point of

Re: *countable infinities only

On Mon, Jun 25, 2012 at 3:28 PM, Chris Murphy li...@colorremedies.com wrote: That does not answer the question. Ubuntu would work on Secure Boot hardware if they recommended users disable Secure Boot. So why not recommend that, and not support Secure Boot at all? I advocated that. It was

Re: [HEADS-UP] Rawhide: /tmp is now on tmpfs

On Wed, Jun 20, 2012 at 12:57 PM, Reindl Harald h.rei...@thelounge.net wrote: i bet now someone is coming up wth he must not dump a 100 Gb file to /tmp this is the wrong perspective the right one is the system must not crash if someone does Good thing it doesn't. -- devel mailing list

Re: [HEADS-UP] Rawhide: /tmp is now on tmpfs

On Wed, Jun 20, 2012 at 1:25 PM, Jef Spaleta jspal...@gmail.com wrote: As a sysadmin...for a multi-seat configuration in a home network environment...do I really need to anticipate maximum large file tmp usage in calculating my swap partition size for my multi-user family? 8 gigs of ram... so

Re: [HEADS-UP] Rawhide: /tmp is now on tmpfs

On Wed, Jun 20, 2012 at 1:54 PM, Jef Spaleta jspal...@gmail.com wrote: On Wed, Jun 20, 2012 at 9:41 AM, Gregory Maxwell gmaxw...@gmail.com wrote: Tmpfs volumes have a size set as a mount option. The default is half the physical ram (not physical ram plus swap). You can change the size

Re: [HEADS-UP] Rawhide: /tmp is now on tmpfs

On Wed, Jun 20, 2012 at 4:57 PM, Brian Wheeler bdwhe...@indiana.edu wrote: But in any case the I/O advantages have never been shown, despite multiple requests by myself and others. I posted some example numbers earlier in this thread. e.g. make on an already compiled firefox source was half

Re: *countable infinities only

On Tue, Jun 19, 2012 at 11:50 AM, Eric Smith e...@brouhaha.com wrote: If the things that make it difficult to run software of your choosing on a device can be proven to serve no purpose but to stifle competition, then yes.  But often those things have other purposes as well.  For example,

Re: Schedule for Monday's FESCo Meeting (2012-06-18)

On Mon, Jun 18, 2012 at 12:09 PM, Lennart Poettering mzerq...@0pointer.de wrote: I mean, have you ever tried to upgrade firefox while running firefox? If you did, you know how awfully wrong that goes... [1] I run Mozilla's nightly builds and receive updates every day. They disrupt nothing

Re: Schedule for Monday's FESCo Meeting (2012-06-18)

On Mon, Jun 18, 2012 at 3:00 PM, Jesse Keating jkeat...@j2solutions.net wrote: On 06/18/2012 09:24 AM, Gregory Maxwell wrote: I run Mozilla's nightly builds and receive updates every day. They disrupt nothing because Mozilla has built infrastructure to make that possible. Firefox must

Re: *countable infinities only

On Mon, Jun 18, 2012 at 3:15 PM, Chris Murphy li...@colorremedies.com wrote: On Jun 18, 2012, at 10:05 AM, Matthew Garrett wrote: 2) Government. If a large enough set of national governments required that secure boot be disabled by default then we could assume that arbitrary hardware would

Re: Schedule for Monday's FESCo Meeting (2012-06-18)

On Mon, Jun 18, 2012 at 4:53 PM, Lennart Poettering mzerq...@0pointer.de wrote: Well, even if Mozilla fixed that, such a solution wouldn't work for OS updates, already due to privilege reasons. i.e. pre-staging changes as root which are applied when a user does something simply cannot work if

Re: *countable infinities only

On Mon, Jun 18, 2012 at 4:45 PM, Adam Williamson awill...@redhat.com wrote: What I should have said is that we have no God-given right to demand that any computing device offered for sale must be explicitly designed to accommodate the retrofitting of other operating systems or software, or

Re: *countable infinities only

On Sun, Jun 17, 2012 at 12:51 PM, Chris Murphy li...@colorremedies.com wrote: It was justified. Only one is speculation. The other utilizes evidence and a track record of behavior. ... Right, In one case the actual participants in the discussion have expressed doubt that they had any effect,

Re: *countable infinities only

On Sun, Jun 17, 2012 at 1:25 PM, Reindl Harald h.rei...@thelounge.net wrote: you are aware that on ARM platform is NO DISABLE SECURE BOOT allowed this is not future requirement this is CURRENT requirement for Win8 on ARM It was also the original requirement on x86 before negative PR was

Re: Schedule for Monday's FESCo Meeting (2012-06-18)

On Sun, Jun 17, 2012 at 12:06 PM, Richard Hughes hughsi...@gmail.com wrote: That's simply not possible. Some processes like dbus-daemon and gnome-session just cannot be restarted in this way. It's a complete fallacy to believe you can update core libraries on a modern Linux system without

Re: Schedule for Monday's FESCo Meeting (2012-06-18)

On Sun, Jun 17, 2012 at 2:08 PM, drago01 drag...@gmail.com wrote: A new feature is being added nothing is getting removed so no there is no regression. Thats newspeak if I ever saw any. Going from a system which generally doesn't prompt users to reboot to one that does is a regression. dbus

Re: *countable infinities only

On Sat, Jun 16, 2012 at 7:14 PM, Chris Murphy li...@colorremedies.com wrote: Ahh, the Ostrich Maneuver. Had this been the policy of others working on this issue, Microsoft would not have updated their Windows 8 certification to require the user be able to disable Secure Boot. And then we'd

Re: *countable infinities only

On Sat, Jun 16, 2012 at 8:16 PM, Chris Murphy li...@colorremedies.com wrote: Calls for speculation. We know what the certification policy used to be. We also know how long DOJ takes to do anything, let alone politicking behind the scenes to arrive at compromise, let alone its day in court.

Re: *countable infinities only

On Tue, Jun 12, 2012 at 10:22 AM, Peter Jones pjo...@redhat.com wrote: This seems like a pretty unlikely scenario. You have to disable secure boot to perform most kernel-level debugging operations in Windows 8. It'd alienate pretty much the entire OEM community for Windows add-on card drivers,

Re: *countable infinities only

On Tue, Jun 12, 2012 at 12:25 PM, Adam Williamson awill...@redhat.com wrote: You are, and that was being very un-excellent, so please refrain from it in future. I'm left wondering where your concern about being excellent to each other has been hiding throughout this thread, and where it was

Re: *countable infinities only

On Tue, Jun 12, 2012 at 1:43 PM, Bill Nottingham nott...@redhat.com wrote: No offense, but you seem to have a very unusual idea about how much leverage Fedora has anywhere. Why would hardware vendors listen to a community distribution that they never preinstall, have no plans to preinstall, and

Re: *countable infinities only

On Tue, Jun 12, 2012 at 1:59 PM, Peter Jones pjo...@redhat.com wrote: Quit trying to have it both ways, Greg. If we get vendors to let us ship a Red Hat key - and to be clear, it was a *Red Hat* key that's been offered to be shipped - then we're putting forked projects and stuff in a

Re: *countable infinities only

On Tue, Jun 12, 2012 at 2:27 PM, Peter Jones pjo...@redhat.com wrote: No, they literally cannot do that. Having a special debugging key that chains to a CA key that's in the key database (DB), which would allow the ability to do kernel debugging activities which could, for example, write to

Re: *countable infinities only

On Mon, Jun 11, 2012 at 9:56 AM, Nicu Buculei nicu_fed...@nicubunu.ro wrote: Of course we are missing that part *now*, there is no motherboard with UEFI and Secure Boot in the wild so we can take screenshots and publish them. Once such board will be released, plenty of instructions and

Re: *countable infinities only

On Sun, Jun 3, 2012 at 10:11 AM, Peter Jones pjo...@redhat.com wrote: On 06/02/2012 05:47 PM, Gregory Maxwell wrote: There is no additional security provided by the feature as so far described—only security theater.   So I can't modify the kernel or bootloader, great—but the kernel wouldn't

Re: *countable infinities only

On Sat, Jun 2, 2012 at 5:32 AM, drago01 drag...@gmail.com wrote: Or you don't do the later and just disable secureboot. Your freedom is in *no way* limited by having secureboot support. Let me repeat it again supporting secureboot on x86 does *NOT* limit your freedom. After all this

Re: *countable infinities only

On Sat, Jun 2, 2012 at 12:04 PM, Chris Adams cmad...@hiwaay.net wrote: Once upon a time, Gregory Maxwell gmaxw...@gmail.com said: When I create a fork, respin, or remix of Fedora and distribute it to people it will not run for them like Fedora does without a level of fiddling which the people

Re: Action required: Rawhide: /tmp is now on tmpfs

On Fri, Jun 1, 2012 at 10:28 PM, Reindl Harald h.rei...@thelounge.net wrote: it does not matter WHAT get swapped out from the moment on the system starts to swap performance sucks This is what I meant about being dogmatic up thread. You're being a anti-swap zealot here. Yes, using swap is

Re: *countable infinities only

On Sat, Jun 2, 2012 at 12:36 PM, Matthew Garrett mj...@srcf.ucam.org wrote: Per spec the machine simply falls back to attempting to execute the next entry in the boot list. An implementation may provide some feedback that that's the case, but there's no requirement for it to do so, so it's

Re: *countable infinities only

On Sat, Jun 2, 2012 at 4:02 PM, Matthew Garrett mj...@srcf.ucam.org wrote: On Sat, Jun 02, 2012 at 03:28:03PM -0400, Gregory Maxwell wrote: This should meet the signing requirements and it removes the opacity without locking down any of Fedora.  Such a bootloader should meet whatever

Re: *countable infinities only

On Sat, Jun 2, 2012 at 4:21 PM, Matthew Garrett mj...@srcf.ucam.org wrote: That's fine as long as you speak English. Come on now, you're building a strawman argument. I never said that it had to be in a single language—notice messages I _normally_ write get put into many languages. I don't see

Re: *countable infinities only

On Sat, Jun 2, 2012 at 5:26 PM, drago01 drag...@gmail.com wrote: On Sat, Jun 2, 2012 at 11:14 PM, Gregory Maxwell gmaxw...@gmail.com wrote:  I think regressing to the installs being somewhat easier than ten yearsish ago is still a better place to be than the cryptographic lockdown. I disagree

Re: *countable infinities only

On Sat, Jun 2, 2012 at 5:57 PM, Matthew Garrett mj...@srcf.ucam.org wrote: You're fine with one level of injustice. I'm fine with another level of injustice. Both compromise the freedoms that Fedora currently gives you. I'm not fine with it. It's an unfortunate situation too. But producing a

Re: *countable infinities only

On Sat, Jun 2, 2012 at 6:09 PM, Gregory Maxwell gmaxw...@gmail.com wrote: On Sat, Jun 2, 2012 at 5:57 PM, Matthew Garrett mj...@srcf.ucam.org wrote: You're fine with one level of injustice. I'm fine with another level of injustice. Both compromise the freedoms that Fedora currently gives you

Re: *countable infinities only

On Sat, Jun 2, 2012 at 6:23 PM, drago01 drag...@gmail.com wrote: It can be argued both ways. Modifying software requires more skills and knowlegde anyway so it is more acceptable to accept that group of people to fiddle with the firmware then everyone including people that don't even know what

Re: [HEADS-UP] Rawhide: /tmp is now on tmpfs

On Fri, Jun 1, 2012 at 9:50 AM, Gerry Reno gr...@verizon.net wrote: So everyone needs to go out and buy twice as much RAM so F18+ can run /tmp as tmpfs without causing memory shortfalls for everything else they do. That's crazy. Thats not true (and I've used tmpfs for tmp for years, so I'm

Re: [HEADS-UP] Rawhide: /tmp is now on tmpfs

On Fri, Jun 1, 2012 at 11:27 AM, Gerry Reno gr...@verizon.net wrote: Wait a minute.  Back in this thread it says that half of RAM is allocated to the tmpfs for /tmp. Plus the purported benefit from this is causing less write cycles on SSD.   (See Wiki page) That may have been a benefit a few

Re: [HEADS-UP] Rawhide: /tmp is now on tmpfs

On Fri, Jun 1, 2012 at 11:09 AM, Reindl Harald h.rei...@thelounge.net wrote: well designed machines do NOT swap and have not alligend swap at all - in the case of virtualization you MUST NOT enforce swapping if you really like perofrmance I'm sorry, I couldn't quite hear you— perhaps more

Re: [HEADS-UP] Rawhide: /tmp is now on tmpfs

On Fri, Jun 1, 2012 at 12:27 PM, DJ Delorie d...@redhat.com wrote: This conclusion is NOT TRUE for me.  I've checked it.  /tmp on ext3 on my system does NOT incur any disk I/O until long after the process using it has finished, if at all, as long as the files are small and transient. Glad to

Re: [HEADS-UP] Rawhide: /tmp is now on tmpfs

On Fri, Jun 1, 2012 at 2:28 PM, DJ Delorie d...@redhat.com wrote: If they really aren't transient then /tmp is the wrong place for them. I will categorically disagree with any argument of the the user shouldn't be doing that type.  Software exists to serve the user, not the other way around.

Re: Action required: Rawhide: /tmp is now on tmpfs

On Fri, Jun 1, 2012 at 1:02 PM, Simo Sorce s...@redhat.com wrote: On my 'normal' systems once the desktop is fully started with Firfox, Gnome, Evolution and all the crap, I already am using more than half the RAM available, so tmpfs in RAM means I hit swap as soon as something decides to write

Re: [HEADS-UP] Rawhide: /tmp is now on tmpfs

On Fri, Jun 1, 2012 at 2:46 PM, DJ Delorie d...@redhat.com wrote: *I* want /tmp on disk.  I still don't want someone else telling me I have to do it that way. You can still put tmp on a disk if you're the kind of advanced users who knows better enough to override the defaults. But there does

Re: [HEADS-UP] Rawhide: /tmp is now on tmpfs

On Fri, Jun 1, 2012 at 2:50 PM, Michael Cronenworth m...@cchtml.com wrote: Not a single person who has claimed a performance or semantic win for this /tmp move has replied when asked for proof. I haven't bothered because I have no clue what you'll accept and I fully accept you to move the

Re: [HEADS-UP] Rawhide: /tmp is now on tmpfs

On Fri, Jun 1, 2012 at 12:32 PM, Reindl Harald h.rei...@thelounge.net wrote: I'm sorry, I couldn't quite hear you— perhaps more all-caps would help? :-) The dogmatic 'swap is bad for performance' is justified only because writing/reading a slow disk is bad for performance. and how does /tmp

*countable infinities only

From Fedora 18 on, Fedora will no longer include the freedom to for a user to create a fork or respin which is the technological equal of the Project's output. Instead, this freedom will be available exclusively from Microsoft for $99 under unspecified conditions. I wish this were a joke.

Re: *countable infinities only

On Thu, May 31, 2012 at 9:56 AM, Bryn M. Reeves b...@redhat.com wrote: abundantly clear that there are no restrictions placed on users who do not wish to have the secure boot signature checks enforced. Yes, I read it and spent several hours talking to MJG before he posted it, in fact. I

*countable infinities only

[I'm sorry for getting repetitive here, but I'm responding to several people concurrently in order to minimize volume] On Thu, May 31, 2012 at 10:32 AM, Bryn M. Reeves b...@redhat.com wrote: That discussion is happening right now. You're welcome to join in. That wasn't my understanding, my

Re: *countable infinities only

On Thu, May 31, 2012 at 12:11 PM, Gerry Reno gr...@verizon.net wrote: This is a monopolistic attack disguised as a security effort. The highly restrictive technological approach that has been taken needs to be challenged in the courts. I'd rather see Microsoft users have to attach a dongle to

Re: *countable infinities only

On Thu, May 31, 2012 at 1:07 PM, Gerry Reno gr...@verizon.net wrote: Could be any of a thousand ways to implement this. Maybe it checks the BIOS to determine whether some SecureBoot flag is set. While it pains me to argue with someone on my side— you're incorrect. The compromised system would

Re: *countable infinities only

On Thu, May 31, 2012 at 12:47 PM, Bill Nottingham nott...@redhat.com wrote: I'm not sure how you meant this, but I'm having a hard time reading this in a way that's not: - directly contradictory - intentional raising of FUD then stepping back - insinuating some Shadowy Cabal Of Others behind

Re: *countable infinities only

On Thu, May 31, 2012 at 4:19 PM, Gerry Reno gr...@verizon.net wrote: And I'd rather see a User-Controlled implementation rather than a Monopoly-Controlled implementation. SecureBoot is (currently, on x86 but not arm) _also_ user-controlled. The monopoly controlled is just the default. --

Re: pidgin-otr security update pushed - please test and give karma

On Wed, May 16, 2012 at 10:16 AM, Paul Wouters pwout...@redhat.com wrote: Please test and give karma so this security release won't get stuck for too long. To add Karma, after testing log into that page and add a comment -- devel mailing list devel@lists.fedoraproject.org

Re: x32 abi support?

On Wed, May 16, 2012 at 10:41 AM, Jakub Jelinek ja...@redhat.com wrote: And, for various programs you usually don't need 64-bit address space, but in the case where you have say bigger input you are simply out of luck if you are limited to 32-bit address space.  Say with compilers/linkers, you

Re: urandom vs haveged

On Mon, Mar 26, 2012 at 6:55 PM, Chris Murphy li...@colorremedies.com wrote: So then the question is, if urandom is what's recommended, are faster substitutes just as good? If they are just as good, then why aren't they the first recommendation? And if this step is superfluous, then I'd

Re: Apple will use LLVM

On Thu, Feb 16, 2012 at 10:25 AM, Vladimir Makarov vmaka...@redhat.com wrote: GCC has a big community of very dedicated people.  LLVM has no such community.  So IMHO GCC will be more high quality compiler than LLVM until LLVM gets such community. That can't be expected to continue now that

Re: A software center for Fedora

On Sun, Nov 27, 2011 at 4:14 PM, Bernd Stramm bernd.str...@gmail.com wrote: Removing the screenshots, icons, popularity vote results etc etc post-install is not a good solution. These things should be available when someone wants to look at them, not installed by default. The mechanisms to

Re: A software center for Fedora

On Fri, Nov 25, 2011 at 6:28 PM, Laurin lin...@fedoraproject.org wrote: I totally agree with you, a software center would be a really nice idea, also for more experienced user because they can browse easily through the available software and may find something interesting. I am really confused

Re: Package segfaults when built with -O2 but not with -O0

On Fri, Nov 18, 2011 at 6:31 AM, Paul Howarth p...@city-fan.org wrote: 2. How to determine what the actual problem is, e.g. a problem with the way the code is written leading to unsafe optimizations, or a gcc bug? [Obviously Andrew's look at warnings advice is good but also…] See if you can

Re: Package segfaults when built with -O2 but not with -O0

On Fri, Nov 18, 2011 at 11:27 PM, Ralf Corsepius rc040...@freenet.de wrote: [1] -Wstrict-aliasing is one of these cases. The spots such warnings point to, often are broken, but not always, because GCC has difficulties in identifying these. This use to be more true, but there are multiple

Re: Proposing Fedora Feature for private /tmp and /var/tmp for all systemd services in Fedora 17.

On Mon, Nov 7, 2011 at 8:48 PM, Lennart Poettering mzerq...@0pointer.de wrote: If run on the main namespace all they see is that the files are in some randomized subdir of /tmp, instead of /tmp itself. Is the randomization required? If they were named after the user/service that created them

Re: Proposing Fedora Feature for private /tmp and /var/tmp for all systemd services in Fedora 17.

On Mon, Nov 7, 2011 at 10:00 PM, Chris Adams cmad...@hiwaay.net wrote: Well, if they're subdirectories of /tmp, you'd have to deal with all the usual /tmp attacks of known targets. Hmph? They wouldn't be accessible to anything except root I assume. Because they're long lived the random names

Re: GNOME 3 - font point sizes now scaled?

rant On Fri, Sep 30, 2011 at 8:53 PM, Kevin Kofler kevin.kof...@chello.at wrote: Daniel Drake wrote: Summary: GNOME hardcodes DPI to 96 regardless of X configuration. This is very broken. Gnome: Reliving Window's horrible past, one emulated bug at a time. At least we can be thankful that

Re: [HEADS UP] remove ddate(1) command from rawhide

On Mon, Aug 29, 2011 at 9:55 AM, Rahul Sundaram methe...@gmail.com wrote:  Otherwise,  make ddate a sub package and don't install it by default.   Solved? As an upstream the willingness of distributions to strip out commands which I wanted to provide and don't offer a build option to disable via

Re: Trusted Boot in Fedora

On Fri, Jun 24, 2011 at 4:07 AM, Rahul Sundaram methe...@gmail.com wrote: If you have *specific* concerns,  let's hear those.  You seem to just quoting parts of a public wiki page anyone can read.  I don't see the point of that If trusted boot in fedora is widely deployed, then $random_things

Re: Trusted Boot in Fedora

2011/6/24 Tomas Mraz tm...@redhat.com: On Fri, 2011-06-24 at 11:10 +0200, Miloslav Trmač wrote: On Fri, Jun 24, 2011 at 10:24 AM, Gregory Maxwell gmaxw...@gmail.com wrote: If trusted boot in fedora is widely deployed, then $random_things may demand I use a particular fedora kernel in order

Re: Delayed encrypted partition mount

On Mon, Mar 21, 2011 at 10:22 AM, Gilboa Davara gilb...@gmail.com wrote: Hello all, I routinely encrypt all important partitions on my laptops / workstations / servers using LUKS both at home and at work. However, due to the above, I can no longer remotely reboot the machines (at least the

Re: New celt build broke jack-audio-connection-kit...

On Sat, Feb 19, 2011 at 6:56 PM, Michael S mschwe...@gmail.com wrote: On 20 February 2011 00:40, Orcan Ogetbil wrote: On Sat, Feb 19, 2011 at 6:29 PM, Michael S wrote: On 17 February 2011 01:02, Jeffrey Ollie wrote: I was just trying to build the latest Asterisk, which uses

Re: New celt build broke jack-audio-connection-kit...

On Sat, Feb 19, 2011 at 9:13 PM, Orcan Ogetbil oget.fed...@gmail.com wrote: I didn't try Michael's fix myself since I don't have a rawhide box with real audio hardware. But looking at the celt code, specifically to the implementations of celt_decoder_create() and celt_decoder_create_custom()

Re: Local system security

On Wed, Jan 5, 2011 at 4:13 PM, Adam Jackson a...@redhat.com wrote: But prevention of DoS on the part of local actors is just not a game you can win.  If nothing else, remember that the way Linux implements malloc() assumes you have infinite memory, which means you overcommit resources, which

Re: memcpy overlap: quickly detect, diagnose, work around

On Mon, Nov 29, 2010 at 6:35 PM, John Reiser jrei...@bitwagon.com wrote: While the details of inlining are subject to change, copying in ascending address order is the order that is assumed by all violators of the no-overlap requirement. All violators? Citation needed. I'm sure lurking

Re: Fixing the glibc adobe flash incompatibility

On Wed, Nov 17, 2010 at 5:11 PM, Genes MailLists li...@sapience.com wrote:  Lets also not forget that the motivation for changing memcpy was to get some speedup - has anyone seen evidence of any significant benefit of that glibc change?  The BZ ref'd in this thread has linus' (simple) tests

  1   2   >