On 8/14/21 12:19 PM, Kevin Fenzi wrote:
> On Fri, Aug 13, 2021 at 09:34:11PM -0600, Orion Poplawski wrote:
>> Have there been any recent changes to the arm (32bit) builders? It seems
>> like I'm having much more issues there with builds likely running out of
>> memory or similar.
>
> Yes. They
On 9/1/21 8:15 AM, Vitaly Zaitsev via devel wrote:
> On 01/09/2021 10:47, Dominik 'Rathann' Mierzejewski wrote:
>> Also, there are tons of old closed-source i686-only games that depend on
>> i686 libraries other than Wine or Steam.
>
> We can't provide i686 support forever.
I think we can
On 9/1/21 1:55 PM, Florian Weimer wrote:
> In autotools parlance, cross-compilation is defined by the inability of
> running even the most trivial program that was just compiled.
It is often possible to avoid this problem using qemu in user-mode
emulation mode, but even that is not needed here.
ld.
Should the FF builds be given more resources? Does Mozilla provide a signed
Flatpak that could be used instead?
Sincerely,
Demi Marie Obenour
she/her/hers
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP
On 9/9/21 12:45 PM, Neal Gompa wrote:
> On Thu, Sep 9, 2021 at 12:42 PM Demi Marie Obenour
> wrote:
>>
>> On 9/8/21 10:49 PM, Bojan Smojver via devel wrote:
>>> Just being devil's advocate for a second here...
>>>
>>> Two days to build FF in k
S currently ships a PulseAudio
module for sound support in VMs. Is there a replacement for PulseAudio
modules in Fedora 35? Some sort of PipeWire plugin?
Sincerely,
Demi Marie Obenour
she/her/hers
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description:
On 9/1/21 1:32 PM, Neal Gompa wrote:
> On Wed, Sep 1, 2021 at 1:24 PM Demi Marie Obenour
> wrote:
>>
>> On 9/1/21 8:15 AM, Vitaly Zaitsev via devel wrote:
>>> On 01/09/2021 10:47, Dominik 'Rathann' Mierzejewski wrote:
>>>> Also, there are tons of old cl
On 9/18/21 3:10 AM, Mattia Verga via devel wrote:
> On 17/09/21 14:07, Ben Cotton wrote:
>> I'm passing along a lightly-edited announcement from the Red Hat
>> Bugzilla admins. You may have noticed this change already. The short
>> version is that the search API now defaults to returning 20 bugs,
; https://bugzilla.redhat.com/show_bug.cgi?id=1536762
>
> so it might be more of a saga than just changing a few commands.
>
> Rich.
As the person who reported that bug, I don’t think it is likely to be hit
normally. Most of the problems are either poor performance (not using
direc
is actually a call to a
standard library routine. If this is not inlined, performance will be abysmal.
Rust generics are basically C++ templates, in that code is generated for them
when they are instantiated, so ABI stability would require a commitment to
never changing the representation
emergency mode.
>
> The workaround is to edit the Dracut script that decides which modules
> to include in the initramfs - to ensure that xen-blkfront is included.
This also affects Qubes OS: https://github.com/QubesOS/qubes-issues/issues/6919.
Sincerely,
Demi Mar
/hosts, and a flood of other things.. and 'fixes
> them'. Those fixes add in complexity and it goes back to 'this is
> stupid, keep yp'.
How many of these can be solved by tunneling everything in a WireGuard
mesh network, and using nftables rules to prevent spoofing?
Sincerely,
Demi M
ion when the debuginfo for a huge package consumes too
much memory or disk space?
--
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
ts and minified sources before
> creating a vendored tarball.
Does this apply to stuff like bison or flex output that is supposed
to be in autotools-generated release tarballs, or can those tarballs
be used as-is?
--
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.as
On 12/18/21 3:04 AM, Andreas Schneider wrote:
> On Thursday, 16 December 2021 23:59:23 CET Demi Marie Obenour wrote:
>> On 12/10/21 6:56 AM, Sandro Mani wrote:
>>> On 10.12.21 01:54, Demi Marie Obenour wrote:
>>>> On 12/9/21 1:05 PM, Sandro Mani wrote:
>>>&
ly using fixed-size fields, so one only needs to check that the
field is of the correct length. Qubes OS uses the same solution in
at least its GUI protocol.
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
Op
Does ARMv7 work, and could cross-compiling from x64 work?
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
___
devel mailing
ackages are still finally reassembled
> and the signature checked, so that is what matters in terms of security
> (those algorithms and computations need to be FIPS approved and the
> implementation certified).
This is enough for FIPS, yes, but it is still very risky, as a bug in the
packa
space. Both of which are limited resources on the part
> of Fedora Infrastructure.
Would it be possible to just stop making deltarpms entirely and disable
them outright? It appears that this would save a significant amount of
resources on the Fedora side, and they increase the attack surface of
all
ty-relevant, libdeltarpm won't know or care.
>
> This is not true with libdrpm though, and that version is what
> createrepo_c uses.
Yes, but createrepo_c isn’t what runs on end-user devices.
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPG
usage.
>
> Fedora on a smartphone is a very rare and niche case. It's something
> that can be considered, but should not be a driver for the distro's
> technology choices. Regardless, as the other points mentioned, I have
> not seen any significant download saving from it a
on manually.
In the future, deltarpms should be cryptographically signed, which would
mitigate these concerns.
Sincerely,
Demi Marie Obenour
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
__
hink of,
> - more computationally intensive to reconstruct locally,
> - needs compute time and storage space in Fedora build system,
> - makes compose process more complicated.
>
> Fabio
I don’t think you are missing anything.
Sincerely,
Demi Marie Obenour
OpenPGP_0xB288B55FFF9C2
bundles node_modules
>>> dir in svgo-2.8.0-nm-dev.tgz resp svgo-2.8.0-nm-prod.tgz.
>>
>> You can vendor only sources. No prebuilt assets are allowed.
> Which would basically mean bundling the node_modules folder?
No, it would mean bundling the source from which the stuff in
eployment. Their own signing process might
> as well check the RPM header signature instead.
+1 on this. There have also been bugs in RPM's handling of IMA signatures,
and fs-verity signature handling could have similar issues. Since IMA and
fs-verity signatures are currently stored in the
On 12/10/21 6:56 AM, Sandro Mani wrote:
> On 10.12.21 01:54, Demi Marie Obenour wrote:
>> On 12/9/21 1:05 PM, Sandro Mani wrote:
>>> On 09.12.21 17:31, Vitaly Zaitsev via devel wrote:
>>>> On 09/12/2021 16:56, Sandro Mani wrote:
>>>>> This does not app
l probably pick it up.
Which use-cases are these? Does systemd-networkd address them?
--
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
On 1/7/22 12:27, Steve Grubb wrote:
> Hello,
>
> On Thursday, January 6, 2022 5:20:04 PM EST Demi Marie Obenour wrote:>> Or
> could auditctl handle everything itself, perhaps by talking to auditd
>> over a socket instead of sending a signal?
>
> To use a socket or
efinition Rule and is undefined behavior. Furthermore,
any bug fixes in template code or inline functions will not propagate
to users of the library until the users are rebuilt.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenP
On 3/13/22 15:29, Cătălin George Feștilă wrote:
> I run this command on my root
>
> #cat /usr/bin/gcc
>
> ... and I got a large strange output ...
>
> What is this? Is it a bug?
It’s normal: you are viewing the contents of `/usr/bin/gcc`, which is
a binary file.
--
combined with the long time for doing a gcc build is seemingly
>> going to result in a slip because a firefox downgrade (from the f35 version)
>> would cause problems for some testers.
>
> So ... this sounds like firefox would be a good example of a package
> tha
en't actually getting used (e.g., no browsers). At that
> point, seems like we'd be better off not building for the arch at all,
> and doing cross-builds from x86_64 for the packages that need it.
+1 on cross-compilation. Native compilation on 32-bit is a dead end.
--
Sincerely,
Demi Marie Oben
ith SHA-256
or later, and presumably the same holds for all releases since Fedora
25.
Qubes OS’s rpmcanon tool can be used to check if a package is signed
with SHA-1: it will return an `InsecureAlgorithm` error for such
packages unless the `--allow-weak-hashes` flag is passed. It
lt than
just finding a collision.
In short, Git *does* need to move away from SHA-1, but it isn’t a
crisis — yet.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_
s. They expand the size of the
> frequently downloaded metadata with little overall benefit.
I have also strongly disliked deltarpms. They very rarely help and
significantly increase attack surface.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: O
s of RAM.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe s
There are no
known attacks on HMAC-SHA-1, and it is actually stronger than AES-128
in CBC-MAC (160 bits of security vs. 128).
--
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signat
d also there is already bunch of "Fails to install" (F36FailsToInstall)
> reports:
>
> https://bugzilla.redhat.com/buglist.cgi?bug_id=1992487_id_type=anddependson=tvp_id=12486533
>
> Thank you
>
> Miroslav
It tries to downgrade Thunderbird, which is a bad ide
o do this? Or should I desist on packaging this project on
> Fedora for now?
>
> [1] https://github.com/Genymobile/scrcpy
>
> Best regards.
>
> --
> Diego Herrera C.
Why is packaging the Android SDK not an option?
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Open
AS should get
support for them. OTPs are still phishable, whereas FIDO2 generally
isn’t.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
__
On 2/22/22 16:47, Chris Adams wrote:
> Once upon a time, Demi Marie Obenour said:
>> As mentioned above, the purpose of this change is to ensure that
>> vulnerabilities in obscure protocols impact a smaller fraction of
>> users. Right now, a vulnerability in an obscure pro
ith licenses files as they should, and one of the deno
> projects (rusty_v8) bundles sources for the V8 runtime from chromium,
> but doesn't include license files for all bundled components.
>
> Fabio
Please report bugs against the crates in question. This is an upstream
problem, n
you, I guess
> it kinda becomes a judgment call whether fixing the security issue is
> "worth" the compatibility problems. I don't think we have a definite
> guide/policy to what to do if the optimal solution isn't practical,
> here?
Security researcher here. My
ruption vulnerabilities in C. This
could be avoided if iotop was written in a memory safe language, or
if it uses privilege separation so that only a small part of the code
actually runs with elevated privileges.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP
equirement
that uploads be digitally signed, which Debian already enforces.
I would also like to see certificate pinning implemented for all Fedora
Project infrastructure.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_sig
s struct getters) can be inlined into users of the library.
Not doing so is (according to their documentation) a huge performance
hit. That said, should such a library just be shipped as source code?
--
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP
On 2/21/22 22:17, Ian McInerney via devel wrote:
> On Tue, Feb 22, 2022 at 2:15 AM Demi Marie Obenour
> wrote:
>
>> On 2/21/22 14:16, Vitaly Zaitsev via devel wrote:
>>> On 21/02/2022 19:25, Demi Marie Obenour wrote:
>>>> FIDO keys are significantly more
On 2/21/22 14:16, Vitaly Zaitsev via devel wrote:
> On 21/02/2022 19:25, Demi Marie Obenour wrote:
>> FIDO keys are significantly more secure than OTPs, and FAS should get
>> support for them. OTPs are still phishable, whereas FIDO2 generally
>> isn’t.
>
> OTP is abso
, whereas Fedora and Debian cannot?
Tom Callaway, what is the hardest part for you?
--
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
___
On 3/1/22 19:42, Michael Catanzaro wrote:
> On Tue, Mar 1 2022 at 07:21:14 PM -0500, Demi Marie Obenour
> wrote:
>> Tom Callaway, what is the hardest part for you?
>
> Keep in mind Tom is a volunteer and Chromium packaging is not fun. I'm
> impressed that anybody is will
On 3/1/22 22:44, Kevin Kofler via devel wrote:
> Demi Marie Obenour wrote:
>> Me too. I am surprised that the answer is not to automatically
>> download and install Canonical’s Snap package; they seem to have
>> figured out everything already. Arch manages to do it by havin
On 3/1/22 23:14, Adam Williamson wrote:
> On Tue, 2022-03-01 at 19:21 -0500, Demi Marie Obenour wrote:
>> On 3/1/22 16:02, Jonathan Schleifer wrote:
>>> Hi!
>>>
>>> It looks like Chromium on Fedora is not receiving timely updates. It
>>> hasn't bee
On 3/2/22 04:05, Vitaly Zaitsev via devel wrote:
> On 02/03/2022 01:21, Demi Marie Obenour wrote:
>> What are the differences between the RPMFusion SRPM and the
>> Fedora SRPM?
>
> RPM Fusion version includes all available multimedia codecs.
That doesn’t explain why RPM F
How much recurring work is this?
> Additionally, Fedora uses GCC (intentionally) which requires patch work for
> each release, but improves the quality of the resulting package.
Would it be possible to make a one-off exception for Chromium?
--
Sincerely,
Demi Marie Obenou
> containers, my point is this is not a worthwhile goal to pursue given
> the costs.
>
> (2) Once people have unbroken their Fedora by installing curl-full,
> the security claims you make about compiled code paths are not
> applicable.
Not everyone will need to install curl-full!
ally source code. Yes, I know that most
other packagers are likely using this approach, but it doesn’t meet
Fedora’s “everything must be built from source” requirement.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signatur
On 2/27/22 02:32, Andreas Schneider wrote:
> On Sunday, 27 February 2022 01:37:08 CET Demi Marie Obenour wrote:
>> On 2/26/22 02:21, Andreas Schneider wrote:
>>> On Friday, 25 February 2022 14:02:11 CET Neal Gompa wrote:
>>>> I think this is probably one of th
e meantime.
> FIDO2 support requires significant dev work on a service that is not
> under Fedora's control and make take many many years to arrive in a
> form that is usable.
I wholeheartedly agree with this statement.
> With regards,
> Daniel
>
> [1]
> https://lists.fed
scure protocols impact a smaller fraction of
users. Right now, a vulnerability in an obscure protocol impacts
most users. With this change, it will only impact users that have
installed the full version of curl. This is independent of whether a
given protocol should be disabled outright.
--
Sincerely
On 3/22/22 11:19, Petr Pisar wrote:
> V Tue, Mar 22, 2022 at 07:30:13AM -0400, Demi Marie Obenour napsal(a):
>> All kernel-mode drivers, to be specific. User-mode drivers are an
>> underutilized alternative for systems that have an IOMMU/SMMU. Obviously,
>> the drivers
lerepo=updates-testing upgrade &&
dnf --best upgrade
I’d much rather be able to do just `dnf --best --refresh upgrade`.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signatur
erstanding of what we want, start
> fitting pieces like the above into that picture, define the gaps, and then
> find exactly what we need to fill them.
It’s worth noting that Bugzilla is used for far more than just RHEL,
CentOS Stream, and Fedora. Bugzilla is also used for LVM2, libguestfs,
el.org/>.
All kernel-mode drivers, to be specific. User-mode drivers are an
underutilized alternative for systems that have an IOMMU/SMMU. Obviously,
the drivers still need to be free software for Fedora to package them, but
user-mode drivers have the advantage of not running with kerne
Frédéric, would you be interested in taking python-magic-wormhole?
I believe Qubes OS requires it for remote assistant.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
get better soon! Also I really wish there were better Linux speech
recognition options.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
___
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an em
rnel modules last I checked.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
T
r packages. ;(
>
> 1. Deltarpm can handle this situation as JPEG/PNG files will be the same.
deltarpms are not reliable in practice, and are sometimes disabled for
security reasons.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP pub
ide, can Linux and/or glibc please disallow passing a NULL
argv[0]? I would honestly be okay with glibc just crashing the process
during startup if argv[0] is NULL or empty.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: O
On 1/28/22 11:38, Michael Catanzaro wrote:
> On Fri, Jan 28 2022 at 10:55:43 AM -0500, Demi Marie Obenour
> wrote:
>> As an aside, can Linux and/or glibc please disallow passing a NULL
>> argv[0]? I would honestly be okay with glibc just crashing the
>> process
>
On 1/28/22 10:48, Vitaly Zaitsev via devel wrote:
> On 28/01/2022 16:40, Demi Marie Obenour wrote:
>> sometimes disabled for security reasons.
>
> Can you elaborate what do you mean by "security reasons"?
deltarpm’s integration into DNF is poorly designed: delta
s if it was setuid root, without it actually being setuid root?
I imagine the hardest part would be TTY handling, as not being able
to Ctrl-C a command launched by sudo is a rather poor user experience.
That might be solvable, though.
--
Sincerely,
Demi Marie Obenour (she/her/he
asn't been touched since 2019. Bus1 had an RFC in
> 2016 on LKML[1] and that's it.
>
> We *could* use Binder, but there's a general lethargy around trying to
> leverage stuff from the Android/ChromeOS ecosystem to benefit regular
> Linux systems. We *do* have it enabled in our kern
t so much "let's come up with an
> elegant design" as "um it seems like things are going to break
> catastrophically in 19 days, we need to do something really quite
> urgently to make that not happen".
Why does all authentication need to go through a browser? 2FA
requireme
On 2/10/22 18:49, Demi Marie Obenour wrote:
> On 2/10/22 13:39, Adam Williamson wrote:
>> On Thu, 2022-02-10 at 18:58 +0100, Zbigniew Jędrzejewski-Szmek wrote:
>>> On Mon, Oct 18, 2021 at 10:33:59AM +0200, Kamil Dudka wrote:
>>>> For example dracut
me here: if an url with ftp:// was actually
>> configured somewhere, the download would fail. But I don't think we have many
>> such urls...
>
> We aren't the only ones who set up repositories. Organizations which
> run Fedora and RHEL often have internal
anks for your time,
>
> Chris Rapier
This is awesome! That said, have you considered submitting as many patches
as possible upstream? That way *all* OpenSSH users would benefit. I know
they have rejected some of the changes (such as NULL ciphers) for security
reasons, but others might b
stemctl. There have been
> multiple bz opened and closed on this.
What would you need in order to be able to migrate to systemctl? Could
the dbus daemon or systemd generate the necessary audit records? Or could
auditctl handle everything itself, perhaps by talking to auditd over a
socket instead of sendi
> to a degree that you can just ship the hardware away.
>
> - Panu -
Agreed. “Factory reset” means either “I trust the secure erase function
on all of my disks” or “all the data that has ever hit the disk was
encrypted and I just securely deleted the encryption key”.
--
fits far outweigh any
risks.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproj
None of the three options Robbie suggested are reasonable for
non-technical users.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
___
On 4/5/22 15:09, Neal Gompa wrote:
> On Tue, Apr 5, 2022 at 3:06 PM Demi Marie Obenour
> wrote:
>>
>> On 4/5/22 13:38, Neal Gompa wrote:
>>> On Tue, Apr 5, 2022 at 1:31 PM Tom Hughes via devel
>>> wrote:
>>>>
>>>> On 05/04/2022 15:52
grate from BIOS to UEFI booting?
>>
>
> In Fedora Linux default partitioning for all but Server, it is
> possible to reconfigure existing systems to UEFI. Fedora Server is
> screwed because they use XFS and you cannot shrink an XFS volume.
Time to get the XFS developers to support shrinking?
gt; there we usually have a drm driver these days, and where we don't we
> can probably club it into bochs_drm since that's the only rom anyone
> bothers to use for that.
Do we have DRM drivers for the UEFI framebuffer and the standard
QEMU-emulated graphics?
--
Sincerely,
Demi Marie Ob
can tamper with the bootloader of a running system with the
disks unlocked, they have already won. If this is an offline attack,
measured boot is a much more effective mitigation.
> If you are making UEFI the only way people boot, ***fix*** the
> experience. If you're not committed
roprietary. That's a better user experience across
> the board, including the security messaging is made consistent. The
> existing policy serves no good at all and is double talk. If we really
> care about security more than ideological worry, we'd sign the driver.
I agree with this. Sign t
ack[1]. Some hardware manufactures
> even doesn't test CSM support.
Modern *physical* hardware. *Virtual* hardware is another matter entirely.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: O
On 4/6/22 16:17, Neal Gompa wrote:
> On Wed, Apr 6, 2022 at 4:09 PM Demi Marie Obenour
> wrote:
>>
>> On 4/6/22 06:43, Neal Gompa wrote:
>>> On Wed, Apr 6, 2022 at 12:04 AM Gary Buhrmaster
>>> wrote:
>>>>
>>>> On Wed, Apr 6, 2022 at 12
t; drop MBR by default when legacy BIOS is detected), and due to firmware
> bugs, it never progressed to any Fedora release. I can't guess what
> percent of hardware in the Fedora community is BIOS vs UEFI, and it's
> even harder to estimate what percent of BIOS hardware are affected by
> th
On 4/6/22 06:43, Neal Gompa wrote:
> On Wed, Apr 6, 2022 at 12:04 AM Gary Buhrmaster
> wrote:
>>
>> On Wed, Apr 6, 2022 at 12:59 AM Demi Marie Obenour
>> wrote:
>>>
>>> On 4/5/22 19:38, Chris Murphy wrote:
>>>> We either want users with
On 4/6/22 16:59, Robbie Harwood wrote:
> Demi Marie Obenour writes:
>
>> On 4/5/22 12:29, Michael Catanzaro wrote:
>>> On Tue, Apr 5 2022 at 11:56:07 AM -0400, Robbie Harwood
>>> wrote:
>>>> Users wishing to use NVIDIA hardware have the following op
ort
>> UEFI as at least an alternative …
>
> It’s not so much about kicking and streaming, but about time, man power and
> financial resources.
Given how large a company Red Hat is, I presume that they could come up
with these resources. The cost to Red Hat of maintaining legacy BIOS
s
didn't exist. People don't usually just boot straight in
> "basic graphics mode", after all. They try a regular boot, and if it
> fails, maybe they try "basic graphics mode". So they already *know*
> there's a bug - and at least this way we give them a working system and
>
ve driver is temporarily broken on the given hardware for whatever
> reason. Hence, I am strongly opposed to this change.
>
> Kevin Kofler
Same here. There needs to be an always-working fallback, even if it
is slow.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
__
drm/kms drivers for almost all
> hw out there, esp. also focusing on weird server hw VGA cards.
>
> So most hw will either be new enough to offer an efifb which
> simpledrm will turn into a drm/kms /dev/dri/card0 device. Or it
> will be ol
ryption, which means
that the entire drive (not just the keyring) is encrypted. That is one
factor, and the keyring is the other.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send
IcedTea replacement that 'mostly' works and deals with the trademark
> issues, and the marketing to get it seen and used.
>
> Staying the same is not an option and is off the table.
I would be fine with either dropping TCK certification or only
certifying a subset of the packages. Fedora users
in repositories. All Fedora
> packages (except linux-firmware) are built from sources without network
> access.
I don’t think this was a lie. Whether or not it was accurate,
there was no malicious intent.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
__
re and Fedora cannot
ship it at all. Conversely, if OpenJDK is free software, then Fedora
can strip out any problematic trademarks without losing compatibility.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Descri
On 5/19/22 01:00, Kevin Kofler via devel wrote:
> Demi Marie Obenour wrote:
>> If Fedora legally cannot ship a version of OpenJDK that hasn’t
>> passed the TCK, but which is still compatible with the vast majority
>> of Java code, then OpenJDK isn’t free software and
1 - 100 of 298 matches
Mail list logo