> (3) We should have a "security path", like "critical path".
>
> sshd is linked to a lot of libraries:
>
> /lib64/libaudit.so.1audit-libs
> /lib64/libc.so.6glibc
> /lib64/libcap-ng.so.0 libcap-ng
> /lib64/libcap.so.2 libcap
> /lib64/libcom_err.so.2
On Wed, Jul 15, 2020 at 01:17:50PM -0600, Chris Murphy wrote:
> On Wed, Jul 15, 2020 at 12:49 PM Solomon Peachy wrote:
> >
> > On Wed, Jul 15, 2020 at 01:41:27PM -0500, Michael Catanzaro wrote:
> > > Note: memtest86+ actually had an upstream release recently after a *very*
> > > long hiatus, so I
On Mon, Jan 06, 2020 at 02:48:22PM -0500, Robbie Harwood wrote:
> If you don't have the time to make a new build once every year, you
> shouldn't be a packager, full stop.
I think that's a fair point, but not at all the issue here. I
specifically want not to rebuild this, which is why I *have*
On Mon, Jan 06, 2020 at 12:54:58PM +0100, Miro Hrončok wrote:
> Regardless of different opinions about aggressiveness, having policies
> and no enforcement makes no sense. Either the polices are too
> aggressive and we need to change them, or they are not and we need to
> enforce them.
That
> > There's a lot of clouds going to uEFI now
>
> [citation needed]
...
> I got sort of lost in Azure versus Hyper-V and gen1/gen2 - apparently Hyper-V
> likes
> UEFI and supports secure boot but Azure may not or something?
Ignoring the question of how many is a lot, I think you may just be
On Tue, Jun 26, 2018 at 03:46:59PM +0200, Javier Martinez Canillas wrote:
> > That raises two questions:
> > 1. Why isn't just the bls-snippet filename used as the key? It's
> >necessarily unique and should be usable for the purpose of uniquely
> >identifying the boot entry without
On Mon, Jun 18, 2018 at 02:42:40PM -0700, Andrew Lutomirski wrote:
> > On Jun 18, 2018, at 10:02 AM, Javier Martinez Canillas
> > wrote:
> >
> >> On Thu, Jun 14, 2018 at 10:20 PM, Chris Murphy
> >> wrote:
> >> On Thu, Jun 14, 2018 at 12:51 PM, Adam Williamson
> >> wrote a monolithic config
>
On Mon, Jun 18, 2018 at 11:55:28PM +0100, Tom Hughes wrote:
> On 18/06/18 23:46, Javier Martinez Canillas wrote:
> > On Mon, Jun 18, 2018 at 11:54 PM, Tom Hughes wrote:
> > > On 18/06/18 18:15, Peter Jones wrote:
> > >
> > > > That's true - though we
On Mon, Jun 18, 2018 at 12:14:31PM -0600, Chris Murphy wrote:
> Thanks for the reply.
>
> I think the proposal title is misleading. The BLS file format is,
> depending on one's point of view, 5% of the spec. A bulk of the
> proposal isn't going to follow the spec at all. And even with regards
>
On Mon, Jun 18, 2018 at 03:29:34PM +, Zbigniew Jędrzejewski-Szmek wrote:
> On Mon, Jun 18, 2018 at 11:17:50AM -0400, Peter Jones wrote:
> > On Thu, Jun 14, 2018 at 12:40:50PM -0700, Adam Williamson wrote:
> > > On Thu, 2018-06-14 at 15:10 -0400, Matthew Miller wrote:
>
On Thu, Jun 14, 2018 at 12:40:50PM -0700, Adam Williamson wrote:
> On Thu, 2018-06-14 at 15:10 -0400, Matthew Miller wrote:
> > On Thu, Jun 14, 2018 at 11:51:33AM -0700, Adam Williamson wrote:
> > > > ** Have a grubby wrapper for backward compatbility that manipulates BLS
> > > > files.
> > >
>
On Thu, May 31, 2018 at 12:14:57PM -0500, Chris Adams wrote:
> Once upon a time, Jason L Tibbitts III said:
> > If we're going to patch grub to expand the set of keys it will watch
> > for, is it possible to just expand the set to encompass all keys? We
> > don't really need to make it that hard
On Thu, May 31, 2018 at 05:47:36PM +0200, Hans de Goede wrote:
> Hi,
>
> On 31-05-18 15:20, Robert Marcano wrote:
> > On 05/31/2018 06:52 AM, Hans de Goede wrote:
> > > ...
> > > This will basically get us back the F28 behavior of showing the
> > > menu but only after a failed boot, I think that
On Wed, Aug 23, 2017 at 07:27:44AM -0500, Bruno Wolff III wrote:
> Currently grub2 isn't being built for i686 since somewhere between 2.02-8
> and 2.02-10.
> I looked through the change log (but not the git log yet) and didn't see
> anything mentioning this, which I would have expected if it was
On Thu, Aug 03, 2017 at 10:21:43AM -0600, Chris Murphy wrote:
> security@ and security-team@ have no meaningful activity in at least
> the last 6 months so I'm posting this here.
>
> grub2 incorrectly initialises the boot_params from the kernel image
>
On Fri, Oct 09, 2015 at 10:16:31AM -0400, Adam Jackson wrote:
> So from an OS maintenance perspective we have to recognize that
> bundling code occasionally does have merit, and that it is incumbent on
> us to manage it well. And from a Fedora perspective, we have to
> acknowledge that a
On Sun, Nov 02, 2014 at 09:13:07AM -0800, Adam Williamson wrote:
On Sun, 2014-11-02 at 10:13 -0500, Matthew Miller wrote:
On Sun, Nov 02, 2014 at 04:08:36PM +0100, Michael Schwendt wrote:
Is there any authoritative group at Fedora who wants the product to not
suck like that?
On Wed, Jun 18, 2014 at 02:16:49PM -0400, Adam Jackson wrote:
On Mon, 2014-06-09 at 14:18 -0400, Adam Jackson wrote:
libguestfs uses hfsplus-tools in order to provide some HFS+ filesystem
features (mainly for Mac filesystems and .DMG files). We can remove
this functionality from the
On Tue, Jun 17, 2014 at 02:40:45PM -0500, Dennis Gilmore wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 11 Jun 2014 08:52:34 -0400
Matthew Miller mat...@fedoraproject.org wrote:
On Wed, Jun 11, 2014 at 02:44:10PM +0200, Jaroslav Reznik wrote:
* package
On Wed, Jun 04, 2014 at 07:30:47AM -0700, Toshio Kuratomi wrote:
Sorry for the late notification. I took a look at making an agenda for this
week and saw that we only have a few tickets to look at and all of them
are pending input from various other people so I'm cancelling the meeting.
On Fri, Jul 12, 2013 at 10:37:41AM -0400, Matthew Miller wrote:
On Fri, Jul 12, 2013 at 02:17:28PM +, Jóhann B. Guðmundsson wrote:
1. https://bugzilla.redhat.com/show_bug.cgi?id=949328
2. https://bugzilla.redhat.com/show_bug.cgi?id=869540
Often, people maintain a package because it's
On Wed, Jul 10, 2013 at 11:04:51PM -0700, Brendan Conoboy wrote:
The relentless I don't want ARM to sully the good name of Fedora is
absurd: User for user, ARM is considerably more popular than Fedora.
No, this is completely wrong. It's entirely propaganda, and you need to
stop saying things
On Thu, Jul 11, 2013 at 10:58:59AM -0700, Brendan Conoboy wrote:
Security features are implemented and working- except
evidently pointer guards, which we found out about *yesterday*.
The point of this isn't just that it was broken, though - the concern
here is that the test suite said it was
On Wed, Jul 10, 2013 at 07:45:53AM -0400, Josh Boyer wrote:
On Wed, Jul 10, 2013 at 6:02 AM, Jaroslav Reznik jrez...@redhat.com wrote:
I don't see a problem with different set of blocking desktops for ARM, even
as primary architecture. But it's really about resources - do we have people
On Wed, Jul 10, 2013 at 11:19:33AM -0500, Dennis Gilmore wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 9 Jul 2013 16:33:28 -0400
Peter Jones pjo...@redhat.com wrote:
On Tue, Jul 09, 2013 at 06:50:07PM +0100, Matthew Garrett wrote:
llvmpipe has been known to be broken
On Tue, Jul 09, 2013 at 06:50:07PM +0100, Matthew Garrett wrote:
llvmpipe has been known to be broken for months, and nobody on the ARM
team appears capable of fixing it. As a result, ARM shipped in F19
without any out of the box support for running our default desktop.
This doesn't make
On Mon, May 20, 2013 at 06:42:47PM +0200, Miloslav Trmač wrote:
On Mon, May 20, 2013 at 5:51 PM, Sandro Mani manisan...@gmail.com wrote:
I've just hit a bug which causes $HOME to be owned by root if a mountpoint
is created inside $HOME during install, see [1].
Ouch. Recent libuser
While this doesn't solve unicode-releated problems with /etc/os-release
or /etc/fedora-release, for example, it does mean that we won't have
problems with parsing this through shell scripts, which we do quite
often.
Signed-off-by: Peter Jones pjo...@redhat.com
---
fedora-release.spec | 2 +-
1
character for a displayed apostrophe, as opposed to /typewriter
apostrophe/, U=0027, which is also the shell quote character.
Signed-off-by: Peter Jones pjo...@redhat.com
Reviewed-by: Adam Jackson a...@redhat.com
---
fedora-release.spec | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
On Mon, Mar 11, 2013 at 12:58:05PM -0400, Matthias Clasen wrote:
Hi,
I would love to see F19 make a good first impression. The first time you see
something Fedora-related on the screen currently is the graphical grub
screen, followed by the filling-in-Fedora of Plymouth, followed by the
On Mon, Mar 11, 2013 at 01:43:28PM -0400, Ryan Lerch wrote:
IIRC, in f17, the GRUB screen was not visible. (you could still
press f11 to bring it up if you needed it to). Does anyone know why
this behaviour changed?
I think you're thinking of F15. It was a patch we were carrying to grub1,
On Mon, Mar 11, 2013 at 05:51:06PM -0400, Máirín Duffy wrote:
On 03/11/2013 05:01 PM, Lennart Poettering wrote:
By hooking this up to keys people would natrually try, such as shift,
space, enter, escape, or whatever windows does for their boot menu stuff.
FWIW Windows uses F8
Windows 8 on
On Tue, Mar 12, 2013 at 09:28:28AM -0600, Kevin Fenzi wrote:
On Tue, 12 Mar 2013 11:10:27 -0400
Peter Jones pjo...@redhat.com wrote:
Honestly, I'd like to do this anyway - the grub2 gfxterm code seems to
cause nothing but bugs in later graphics setup. That said, I'd rather
go back
On Tue, Mar 12, 2013 at 09:51:14AM -0600, Pete Travis wrote:
For the use cases where it doesn't work, what about dropping a bootloader
config spoke into anaconda, or revealing the appropriate features in
kickstart options? Perhaps probing to test for dual boot to determine if a
brief timeout
On Tue, Mar 12, 2013 at 05:19:52PM +0100, Nicolas Mailhot wrote:
Le Mar 12 mars 2013 16:10, Peter Jones a écrit :
On Mon, Mar 11, 2013 at 12:58:05PM -0400, Matthias Clasen wrote:
The idea would be to have a positive indication from systemd that
we've gotten to some pre-defined point
On Tue, Mar 12, 2013 at 07:17:26PM +0100, Reindl Harald wrote:
Am 12.03.2013 18:51, schrieb Peter Jones:
So I'd really rather have it so that /under normal circumstances/, if the
user wants the non-default kernel or parameters, they tell us so before
rebooting
/under normal
On Tue, Mar 12, 2013 at 07:36:56PM +0100, Reindl Harald wrote:
hpw do you imagine the system to smell booting the new
one has failed? if it fails it will hopefully not remount
the rootfs RW (if it would be possible at this time)
and write something to disk so that the next reboot knows
hmm
On Tue, Jan 29, 2013 at 04:25:05AM -0800, Dan Mashal wrote:
I'm sure QA, releng, docs, etc will go with what the community decides.
Lets have a poll. A very public one.
On the main website. Not somebody's blog. And let's let the users decide
what they want.
Do we have any significant data
On Thu, Jan 24, 2013 at 06:57:09PM +0100, Miloslav Trmač wrote:
On Wed, Jan 23, 2013 at 8:30 PM, Jaroslav Reznik jrez...@redhat.com wrote:
= Features/SyslinuxOption =
https://fedoraproject.org/wiki/Features/SyslinuxOption
Feature owner(s): Matthew Miller mat...@fedoraproject.org
This
On Thu, Jan 24, 2013 at 12:48:18PM -0600, Chris Adams wrote:
Once upon a time, Miloslav Trmač m...@volny.cz said:
So, to summarize, this saves = 6 MB of disk space, and = 1 second of
boot time, at the cost of extra maintenance and QA burden in anaconda
and grubby?
Well, there's already
On Wed, Jan 09, 2013 at 11:55:42AM +0100, Florian Weimer wrote:
On 01/08/2013 07:15 PM, Peter Jones wrote:
On Tue, Jan 08, 2013 at 11:04:30AM -0500, Steve Clark wrote:
What about repins? I want to add my own custom package that is not signed
and create a new CD with a custom ks.cfg.
How
On Wed, Jan 09, 2013 at 03:39:42PM +0100, Florian Weimer wrote:
On 01/09/2013 03:26 PM, Peter Jones wrote:
You've misunderstood the mechanism at work. dhowell's current kernel
patch set allows you to add keys which are wrapped (in a well defined
way) in a pecoff binary that's signed
On Wed, Jan 09, 2013 at 01:52:05PM +0100, Florian Weimer wrote:
On 01/08/2013 04:25 PM, Jaroslav Reznik wrote:
Following the implementation of Features/SecureBoot, we can extend the Secure
Boot keys as a root of trust provided by the hardware against which we can
verify a signature on our key
On Tue, Jan 08, 2013 at 03:52:02PM +, Petr Pisar wrote:
On 2013-01-08, Jaroslav Reznik jrez...@redhat.com wrote:
= Features/PackageSignatureCheckingDuringInstall =
https://fedoraproject.org/wiki/Features/PackageSignatureCheckingDuringInstall
* Detailed description:
One
On Tue, Jan 08, 2013 at 05:46:04PM +0100, Björn Persson wrote:
One long-standing problem in Fedora is that we don't check package
signatures
during installation.
[...]
Following the implementation of Features/SecureBoot, we can extend the
Secure
Boot keys as a root of trust provided
On Tue, Jan 08, 2013 at 11:04:30AM -0500, Steve Clark wrote:
What about repins? I want to add my own custom package that is not signed and
create a new CD with a custom ks.cfg.
How would that work?
You'd generate your own key, and people using your packages, who have
presumably decided they
On Tue, Jan 08, 2013 at 08:28:03PM +0100, Björn Persson wrote:
I'll agree that most users probably don't verify their DVD images as it
takes some manual work to do it properly, so that's another weak link,
but the possibility does exist for those of us who care enough about
our security.
On Tue, Jan 08, 2013 at 02:03:31PM -0700, Chris Murphy wrote:
On Jan 8, 2013, at 12:45 PM, Chris Murphy li...@colorremedies.com wrote:
On Jan 8, 2013, at 12:34 PM, Matthew Garrett mj...@srcf.ucam.org wrote:
On Tue, Jan 08, 2013 at 12:16:52PM -0700, Chris Murphy wrote:
cp
On Mon, Dec 10, 2012 at 10:10:54AM -0500, Jaroslav Reznik wrote:
- Original Message -
I just saw the Fedora election results, and was surprised to learn
there
had been an election. After some digging I figured out what happened.
Robyn sends her announce emails to: announce@,
On Tue, Nov 20, 2012 at 08:14:08AM -0500, Jaroslav Reznik wrote:
Btw. Thanksgiving conflict is known, but we decided not to move
Go/No-Go to Wednesday because of limited time for testing, let me
know in case of (strong) objections.
I really think having this meeting during the second largest
On Fri, Nov 09, 2012 at 05:33:05PM +0100, Matej Cepl wrote:
On 2012-11-09, 14:30 GMT, David Cantrell wrote:
Just to cite similar complaints I see from time to time... It
irritates me that people think it's a problem that in 2012 they can't
install in a VM that is allocated with 256M of
On Wed, Oct 31, 2012 at 10:47:39AM -0700, Jesse Keating wrote:
On 10/31/2012 08:08 AM, Tom Lane wrote:
My concern at this point is exactly that we're slipping a week at a
time, rather than facing up to the*undeniable fact* that anaconda is
not close to being shippable. If we don't have a
On Thu, Oct 04, 2012 at 03:09:24PM +0200, Hans de Goede wrote:
pulseaudio -- Improved Linux sound server
??? !!!
As others have mentioned, packages are on this list even if the only
place he owns them is EPEL.
--
Peter
--
devel mailing list
devel@lists.fedoraproject.org
On Mon, 2012-08-20 at 12:37 +0100, Richard W.M. Jones wrote:
https://admin.fedoraproject.org/updates/qemu-1.2-0.3.20120806git3e430569.fc18
I built the package, and I tested it. Yet doing the right thing means
my karma doesn't count ...
IMO this change makes the karma system (even) worse
On Mon, 2012-07-30 at 21:23 +0300, Pasi Kärkkäinen wrote:
On Thu, Jul 26, 2012 at 11:02:07PM +0300, Pasi Kärkkäinen wrote:
I'm pretty sure this is a Intel firmware bug, but it'd be nice to be
able to
confirm that somehow..
Well, either the bootloader or the kernel (or
On 07/26/2012 06:32 AM, Pasi Kärkkäinen wrote:
UEFI boot fails with all of the listed operating systems. Symptoms:
- I get the Fedora/RHEL EFI boot menu, and I let it boot with the default
options.
- I get text on the screen about allocating memory pages for Linux-EFI,
loading VMLINUZ, etc.
-
On 07/26/2012 02:36 PM, Przemek Klosowski wrote:
On 07/26/2012 06:32 AM, Pasi Kärkkäinen wrote:
I have a new Intel DQ77MK motherboard, based on the Intel Q77 chipset.
CPU is Intel Ivy Bridge i7-3770.
I'm running the latest BIOS version (0048), and UEFI boot is enabled in the
BIOS.
I take it
On 07/26/2012 01:59 PM, Pasi Kärkkäinen wrote:
noefi kernel cmdline option didn't help unfortunately.
When booting Fedora 17 x64 there's the GRUB bootloader with graphical
background image, I let it boot the default entry Fedora 17, I see it the
allocating memory pages, loading VMLINUZ etc, and
On 07/25/2012 10:21 AM, Tomasz Torcz wrote:
On Wed, Jul 25, 2012 at 04:13:54PM +0200, Nicolas Mailhot wrote:
Le Mar 24 juillet 2012 23:17, Michael Cronenworth a écrit :
It also turns every font into a blurry mess. This is not a subjective
opinion. Run the listed command on the Feature Page
On 07/10/2012 03:52 PM, Ralf Ertzinger wrote:
Hi.
On Tue, 10 Jul 2012 17:52:28 +0530, Rahul Sundaram wrote
Do we have any such firmware at all? Let's stick to practical issues.
Wei don't, as far as I am aware. But with Intel actually preparing
to ship Xeon Phi hardware we might sooner than
On 07/12/2012 11:20 AM, Tom Callaway wrote:
On 07/12/2012 11:01 AM, Paul Wouters wrote:
I would like to prevent this from happening. But since this only happens
when upgrading from a third-party 1.3 (which we don't ship) to a 1.4,
even if I used triggers to work around the config file issue,
On 07/12/2012 12:13 PM, Tom Callaway wrote:
On 07/12/2012 11:41 AM, Paul Wouters wrote:
On 07/12/2012 11:38 AM, Peter Jones wrote:
So, this makes me wonder. Is there a good reason rpm doesn't check the new
package and the old package for having the same file during an upgrade, and
simply use
On 06/28/2012 09:11 AM, Kamil Paral wrote:
If you are knowledgeable about UEFI, I'll welcome your advice. This is the
issue I encountered:
1. I enabled UEFI mode in BIOS in Lenovo X220 (more exactly I set UEFI as the
preferred method).
2. I installed Fedora 17.
3. Fedora item appeared in BIOS
On 06/28/2012 09:25 AM, Peter Jones wrote:
On 06/28/2012 09:11 AM, Kamil Paral wrote:
If you are knowledgeable about UEFI, I'll welcome your advice. This is the
issue I encountered:
1. I enabled UEFI mode in BIOS in Lenovo X220 (more exactly I set UEFI as the
preferred method).
2. I installed
On 06/28/2012 09:40 AM, Lennart Poettering wrote:
On Thu, 28.06.12 09:29, Peter Jones (pjo...@redhat.com) wrote:
Having sent that mail it became obvious that what's happened is that your
new x220 board doesn't have the efi boot variable set. Some machines allow
you to boot from a file
On 06/28/2012 10:08 AM, Kamil Paral wrote:
Having sent that mail it became obvious that what's happened is that
your
new x220 board doesn't have the efi boot variable set. Some machines
allow
you to boot from a file, in which case it'll be
/efi/fedora/grubx64.efi .
If your firmware doesn't have
On 06/28/2012 12:17 PM, Chris Murphy wrote:
It is perturbing that in 2012, with a nearly 30MB operating system as a
pre-boot environment, that by design it doesn't scan the EFI System
partition for other possible boot options - like a rescue mode - in the event
efi boot variables aren't set.
On 06/28/2012 02:04 PM, Chris Murphy wrote:
On Jun 28, 2012, at 10:26 AM, Peter Jones wrote:
On 06/28/2012 12:17 PM, Chris Murphy wrote:
It is perturbing that in 2012, with a nearly 30MB operating system as a
pre-boot environment, that by design it doesn't scan the EFI System
partition
On 06/28/2012 03:54 PM, Chris Murphy wrote:
2.
It doesn't at all indicate who should do this. If anything 12.3.1.3 implies
it's vendor domain. Not operating system domain.
It's completely obvious that if we want something to happen, we have to do it.
Given there's no mandate that this
On 06/28/2012 05:03 PM, Chris Murphy wrote:
On Jun 28, 2012, at 1:59 PM, Matthew Garrett wrote:
The only obvious thing for it to boot is EFI/BOOT/BOOT${ARCH}.efi.
An optional file in an optional vendor subdirectory is the obvious choice?
Maybe a future spec could be more clear that the
On 06/28/2012 05:03 PM, Chris Murphy wrote:
They have a vendor defined order, which 3.3 allows, even though Apple EFI is
not UEFI. When PRAM is zapped, the NVRAM is empty and nothing is blessed,
therefore the sequence I described earlier applies.
This is actually wrong as well. Blessing is a
On 06/26/2012 02:50 PM, Toshio Kuratomi wrote:
A pie in the sky option might be to have minidebuginfo/debuginfo reside
in the same package as the binaries it belongs to but in separate files
which are marked in the rpm filelist. Then rpm could have a --nodebuginfo
similar to how it has --nodoc
On 06/25/2012 11:25 AM, Gregory Maxwell wrote:
This seems a bit incongruent with many of the claims made here about
the degree of participation with cryptographic lockdown required and
the importance of it.
I think we've made it fairly clear that we don't believe their interpretation
is
On 06/25/2012 09:14 PM, Jay Sulzberger wrote:
[...] I have some questions about what sort of
capabilities the UEFI will have in machines sold later this year:
1. What is the mechanism for remote revocation of signing keys?
There's 2 mechanisms here. The first is a key list called DBX. This is
On 06/25/2012 11:08 PM, Jay Sulzberger wrote:
Is there a hardware switch or jumper that can be set so that no
modification of the firmware is possible? My question here is:
if I have gross physical possession of the hardware can I disable
firmware updates done just via code running on the
On 06/19/2012 11:57 PM, Adam Williamson wrote:
On Tue, 2012-06-19 at 23:28 -0400, Ben Rosser wrote:
So far, the only actual arguments against this (specifically, the
above solution to the problem) I've heard is that it breaks being able
to configure /boot/grub2/grub.cfg by hand. But that's
On 06/20/2012 11:04 AM, Ben Rosser wrote:
On Wed, Jun 20, 2012 at 9:21 AM, Peter Jones pjo...@redhat.com
mailto:pjo...@redhat.com wrote:
I think what's actually needed is a small patch to grubby to make it keep
track of the bounding block the current default is in and add the new
On 06/20/2012 10:16 AM, Reindl Harald wrote:
Am 20.06.2012 16:11, schrieb Ralf Corsepius:
On 06/20/2012 03:35 PM, Chris Lumens wrote:
Again: I'm perfectly happy if it is rejected as a feature. I don't
really care either way. What I'd really hate to see is a checkbox in the
installer so we
On 06/20/2012 12:42 PM, Adam Williamson wrote:
On Wed, 2012-06-20 at 09:21 -0400, Peter Jones wrote:
On 06/19/2012 11:57 PM, Adam Williamson wrote:
On Tue, 2012-06-19 at 23:28 -0400, Ben Rosser wrote:
So far, the only actual arguments against this (specifically, the
above solution
On 06/20/2012 01:32 PM, Naheem Zaffar wrote:
would fixing this also fix the bug where installing a new kernel changes the
default boot OS even when the default is non Linux?
What's the bugzilla number for that?
--
Peter
--
devel mailing list
devel@lists.fedoraproject.org
On 06/18/2012 12:53 AM, Matthew Garrett wrote:
On Sun, Jun 17, 2012 at 11:52:48PM -0400, Jay Sulzberger wrote:
So why does the SecureBoot private key require a so much higher
cost of administration?
Fedora's keys are currently only relevant on hardware where users have
voluntarialy installed
On 06/18/2012 01:17 AM, Seth Johnson wrote:
On Mon, Jun 18, 2012 at 1:15 AM, Matthew Garrett mj...@srcf.ucam.org wrote:
On Mon, Jun 18, 2012 at 01:09:52AM -0400, Jay Sulzberger wrote:
The game is now just about over. What if one day, Microsoft
makes it even harder to install Fedora without a
On 06/18/2012 09:26 AM, Seth Johnson wrote:
On Mon, Jun 18, 2012 at 8:59 AM, Matthew Garrett mj...@srcf.ucam.org wrote:
On Mon, Jun 18, 2012 at 08:45:07AM -0400, Seth Johnson wrote:
On Mon, Jun 18, 2012 at 7:43 AM, Matthew Garrett mj...@srcf.ucam.org wrote:
The features you wanted in a free
On 06/18/2012 11:03 AM, Jay Sulzberger wrote:
Microsoft has not refused to grant Fedora a key for ARM.
This I do not understand. By reports in the admittedly
incompetent magazines dealing with home computers, Microsoft's
policy is to keep Fedora, and any other OSes, except for
Microsoft
On 06/18/2012 11:14 AM, Jay Sulzberger wrote:
System76 have committed to providing hardware without pre-enabled secure boot.
Matthew, I am delighted to hear this.
Note that this contradicts the claim, made more than once in
this thread, that such an arrangement is, in practice, impossible.
On 06/18/2012 11:54 AM, Jay Sulzberger wrote:
If I understand correctly, Fedora has now formally allowed
Microsoft to lock Fedora out of many coming ARM devices.
Well, no. At this point it's still just a proposal.
--
Peter
--
devel mailing list
devel@lists.fedoraproject.org
On 06/14/2012 07:57 PM, Kevin Kofler wrote:
Hi,
I've been pointed to a news item about a (apparently the first) x86 (Atom)
based smartphone:
http://www.engadget.com/2012/06/14/orange-san-diego-review/
So even smartphones are going x86 now.
It's probably best not to extrapolate the extent of
On 06/14/2012 10:42 AM, Kevin Fenzi wrote:
On Thu, 14 Jun 2012 07:40:50 -0500
Josh Bressers j...@bress.net wrote:
Hello all,
I suspect this is going to be a weird problem to figure out.
Relevation password manager
https://admin.fedoraproject.org/pkgdb/applications/Revelation
Password Manager
On 06/14/2012 01:56 PM, Jay Sulzberger wrote:
If Fedora appears to accept that Microsoft should have the
Hardware Root Key, our side's arguments, in several arenas, are
weakened.
Okay, first off, quit hijacking fedora-devel-list for your unrelated DMCA
stuff. It's entirely the wrong place for
On 06/12/2012 08:10 AM, Orcan Ogetbil wrote:
Due to my respect to your request, I thought about it for nearly 72
hours. I still stand behind what I said: People who are incapable of
switching a BIOS setting, which might involve doing a simple web
search beforehand, should better not touch any
On 06/12/2012 09:00 AM, Steve Clark wrote:
This is MS classic ploy against free software embrace and extend. First it
will be it can be disabled then for windows 9 if you want to have approved
hardware MS will require, like ARM, x86 secure boot can not be disabled and
they will point to Fedora
On 06/12/2012 01:48 PM, Gregory Maxwell wrote:
On Tue, Jun 12, 2012 at 1:43 PM, Bill Nottingham nott...@redhat.com wrote:
No offense, but you seem to have a very unusual idea about how much leverage
Fedora has anywhere. Why would hardware vendors listen to a community
distribution that they
On 06/12/2012 01:11 PM, Gregory Maxwell wrote:
On Tue, Jun 12, 2012 at 12:25 PM, Adam Williamson awill...@redhat.com wrote:
You are, and that was being very un-excellent, so please refrain from it
in future.
I'm left wondering where your concern about being excellent to each
other has been
On 06/12/2012 11:33 AM, Gregory Maxwell wrote:
On Tue, Jun 12, 2012 at 10:22 AM, Peter Jones pjo...@redhat.com wrote:
This seems like a pretty unlikely scenario. You have to disable secure boot
to perform most kernel-level debugging operations in Windows 8. It'd
alienate
pretty much
On 06/12/2012 01:46 PM, Denis Arnaud wrote:
Though most of you already certainly know about it, Linus Torvalds has
expressed his point of view about that story:
http://www.zdnet.com/blog/open-source/linus-torvalds-on-windows-8-uefi-and-fedora/11187
Yes, though he's wrong on some facts. Not
On 06/02/2012 12:31 PM, Kevin Fenzi wrote:
What happens if you try and boot an unsigned image? I assume the error
you get is up to the BIOS folks? So, it could be misleading, confusing,
depressing or all three. It may be that people will see just Failed to
secure boot and think there's
On 06/02/2012 05:47 PM, Gregory Maxwell wrote:
There is no additional security provided by the feature as so far
described—only security theater. So I can't modify the kernel or
bootloader, great—but the kernel wouldn't have let me do that in the
first place unless it had an exploit. So I just
On 06/02/2012 03:28 PM, Gregory Maxwell wrote:
On Sat, Jun 2, 2012 at 12:36 PM, Matthew Garrettmj...@srcf.ucam.org wrote:
Per spec the machine simply falls back to attempting to execute the next
entry in the boot list. An implementation may provide some feedback that
that's the case, but
On 06/02/2012 05:32 AM, drago01 wrote:
Either by using your own key or by using one from a CA (in this case
MS) for 99$.
This is incorrect, btw. The $99 goes to verisign/Symantec. Microsoft is
subsidizing it considerably to get it down to that price, and they'd doing
much of the work on the
On 06/01/2012 07:56 PM, Kevin Kofler wrote:
Peter Jones wrote:
We don't know what all firmwares' UI's will look like, and it's possible -
even somewhat reasonable - that instead of enable secure boot [X] some
vendors would implement it, for example, as [remove trusted key] or
possibly a combo
1 - 100 of 226 matches
Mail list logo
