On Mon, Feb 1, 2010 at 8:10 AM, Mat Booth wrote:
> On 30 January 2010 22:57, Mike Chambers wrote:
>> On Sat, 2010-01-30 at 22:37 +, Mat Booth wrote:
>>> Maybe but I agree with Braden: I don't think it's worth it. Seems like
>>> a lot of extra work for not a lot of gain.
>> Running a fully upd
On Sun, Aug 15, 2010 at 8:31 PM, Bruno Wolff III wrote:
> On Sun, Aug 15, 2010 at 16:44:29 -0700,
> Matt McCutchen wrote:
>> On Mon, 2010-08-16 at 01:15 +0200, Kevin Kofler wrote:
>> > Some web sites are indeed abusing JavaScript.
>>
>> > A web site is
>> > not and should not be an application,
On Mon, Aug 16, 2010 at 8:01 PM, Manuel Wolfshant
wrote:
> Do you REALLY believe that in a world where 90% of the desktops are
> Windows, where 2 thirds of the browser market is shared by IE and safari
> and where making governments to share public documents in a public
> format rather than .do
On Fri, Aug 20, 2010 at 3:24 PM, Till Maas wrote:
> On Fri, Aug 20, 2010 at 02:38:59PM -0400, Matthew Miller wrote:
>> On Thu, Aug 19, 2010 at 06:49:33PM +0100, Matthew Garrett wrote:
>> > > I think "run X as user Xorg if you're on KMS" would be a fine
>> > > F15Feature to aim for. Ubuntu's been
In many of the recent systemd threads there is an underlying point
which I think is on many people's minds but which I haven't seen
called out. I think this is a generic issue, so it's a but unfair to
single out systemd but it makes a good example.
To say it bluntly: Any significant infrastructur
On Thu, Sep 9, 2010 at 9:45 AM, Neal Becker wrote:
> This article:
>
> http://labs.mwrinfosecurity.com/notices/security_mechanisms_in_linux_environment__part_1___userspace_memory_protection/
>
> seems to say that fedora is ranking poorly in deployment of various
> userspace memory protection mecha
The Fedora web resources (e.g. http://fedoraproject.org/get-fedora )
continue to promote i686 installs over x86_64, the result being that
only a third of fedora users are on x86_64.
When will the Fedora project begin recommending x86_64 as the
preferred option on the relevant hardware?
--
devel m
On Mon, Sep 27, 2010 at 1:58 PM, Stephen John Smoogen wrote:
> On Mon, Sep 27, 2010 at 13:48, Gregory Maxwell wrote:
>> The Fedora web resources (e.g. http://fedoraproject.org/get-fedora )
>> continue to promote i686 installs over x86_64, the result being that
>> only a thir
On Mon, Sep 27, 2010 at 3:26 PM, Frank Murphy wrote:
> On 27/09/10 20:12, Gregory Maxwell wrote:
>
>>
>> If you're not swapping x86_64 bringing increased performance is easily
>> demonstrated, and has been previously demonstrated here... if there is
>> any dou
On Mon, Sep 27, 2010 at 4:12 PM, Mike McGrath wrote:
> FWIW, we have two measurements of x86_64 vs i686.
>
> Smolt:
> 65% i686
> 35% x86_64
>
> mirrors.fedoraproject.org:
> 70% i686
> 30% x86_64
Right— it's clear that i686 is far more commonly installed today but a
no
On Tue, Sep 28, 2010 at 8:58 AM, mike cloaked wrote:
>> Huh? Sure they are.
>
> Some people use nightlies for example -
> Here there are no 64 bit versions that I am aware of?
>
> I do this when the stock version is somewhat behind even the stable
> release from mozilla. eg in f12 the current th
On Wed, Sep 29, 2010 at 10:10 PM, Takanori MATSUURA wrote:
> Hi Chen,
>
> For modules/libimg/png, mozilla products use aPNG which was rejected
> by upstream.
> http://en.wikipedia.org/wiki/APNG
>
> So we have to use internal png.
>
> For media/libvorbis, mozilla has custom patches in the source tr
On Thu, Sep 30, 2010 at 1:09 PM, Christopher Aillon wrote:
> On 09/30/2010 05:19 AM, Sven Lankes wrote:
>> On Thu, Sep 30, 2010 at 06:37:33PM +0900, Takanori MATSUURA wrote:
>>
>>> If someone implement
>>> --enable-system-libvpx
>>> --enable-system-vorbis
>>> --enable-system-ogg
>>> --enable-syste
On Thu, Sep 30, 2010 at 2:29 PM, Toshio Kuratomi wrote:
> On Thu, Sep 30, 2010 at 02:22:36PM -0400, Toshio Kuratomi wrote:
>> On Thu, Sep 30, 2010 at 01:29:38PM -0400, Gregory Maxwell wrote:
>> >
>> > I yelled pretty loudly when Fedora first packaged libvpx becaus
On Sat, Oct 2, 2010 at 1:34 PM, Paul F. Johnson
wrote:
> Hi,
>
>> "You shall not create images with arithmetic coding" is like saying "You
>> shall not create images of the flying sphagetti monster." It's not up to
>> Fedora to make this choice for me.
>
> It is though - you have chosen to use Fed
On Wed, Oct 6, 2010 at 10:08 AM, Michal Schmidt wrote:
[snip]
> Of course. But there's in fact no disagreement, only looking at
> different aspects of the same thing.
>
> Why do you think the copying takes place? Because the companies have
> built a good reputation and brand, allowing them to incr
On Tue, Oct 12, 2010 at 7:28 PM, Chris Adams wrote:
> I noticed that ethtool is not in the default install anymore (probably
> for a release or so, but I didn't notice it until now). Why is that?
> It is the only tool that can show and configure a variety of network
> device options, such as spee
On Tue, Oct 12, 2010 at 8:01 PM, Chris Adams wrote:
> Once upon a time, Gregory Maxwell said:
>> On Tue, Oct 12, 2010 at 7:28 PM, Chris Adams wrote:
>> > I noticed that ethtool is not in the default install anymore (probably
>> > for a release or so, but I didn'
On Wed, Oct 13, 2010 at 6:46 PM, Adam Williamson wrote:
> On Thu, 2010-10-14 at 00:36 +0200, Kevin Kofler wrote:
>> Thorsten Leemhuis wrote:
>> > * Why haven't those that want iceweasel and icedove in Fedora not
>> > simply invested some time and got them integrated into the repository?(¹)
>>
>>
On Tue, Oct 26, 2010 at 2:18 PM, Przemek Klosowski
wrote:
> The security role and rationale for the filesystem encryption is to
> prevent the access to lost or stolen media, when you can't rely on the
> mechanisms existent within the OS. The underlying device encryption
> technology is not set up
On Tue, Oct 26, 2010 at 4:10 PM, Bruno Wolff III wrote:
> This is where we should be going. Encryption is really irrelavent. The issue
> should be if a removable device is inserted, who should have access to it
> if it gets automounted. I would expect encrypted and unencrypted devices
> to get the
On Sun, Nov 7, 2010 at 1:57 PM, Stephen John Smoogen wrote:
> Ok there are several different "cold boot attacks". The one I think
> you are talking about is the removing memory from the system and
> reading its contents with a special board. The kernel does not
[snip]
Not even with a special boa
On Mon, Aug 29, 2011 at 9:55 AM, Rahul Sundaram wrote:
> Otherwise, make
> ddate a sub package and don't install it by default. Solved?
As an upstream the willingness of distributions to strip out commands
which I wanted to provide and don't offer a build option to disable
via sub-packaging wi
On Fri, Sep 30, 2011 at 8:53 PM, Kevin Kofler wrote:
> Daniel Drake wrote:
>> Summary: GNOME hardcodes DPI to 96 regardless of X configuration.
>
> This is very broken.
Gnome: Reliving Window's horrible past, one emulated bug at a time.
At least we can be thankful that unlike windows, gnome doe
On Fri, Jun 24, 2011 at 4:07 AM, Rahul Sundaram wrote:
> If you have *specific* concerns, let's hear those. You seem to just
> quoting parts of a public wiki page anyone can read. I don't see the
> point of that
If trusted boot in fedora is widely deployed, then $random_things may
demand I use
2011/6/24 Tomas Mraz :
> On Fri, 2011-06-24 at 11:10 +0200, Miloslav Trmač wrote:
>> On Fri, Jun 24, 2011 at 10:24 AM, Gregory Maxwell wrote:
>> > If trusted boot in fedora is widely deployed, then $random_things may
>> > demand I use a particular fedora kernel in or
On Sat, Feb 27, 2010 at 1:00 PM, Dirk Gottschalk
wrote:
> Hello,
>
> i can not import the browser-cert from fedora in to mozilla.
> Mozilla says that it can not be imported for unknown reasons.
>
> Can somebody help me?
Disable the torbutton add-on. No kidding.
failing that, try
pk12util -i ce
On Mon, Nov 7, 2011 at 8:48 PM, Lennart Poettering wrote:
> If run on the main namespace all they see is that the files are in some
> randomized subdir of /tmp, instead of /tmp itself.
Is the randomization required? If they were named after the
user/service that created
them (perhaps with some ra
On Mon, Nov 7, 2011 at 10:00 PM, Chris Adams wrote:
> Well, if they're subdirectories of /tmp, you'd have to deal with all the
> usual /tmp attacks of known targets.
Hmph? They wouldn't be accessible to anything except root I assume.
Because they're long lived the random names shouldn't provide
On Fri, Nov 18, 2011 at 6:31 AM, Paul Howarth wrote:
> 2. How to determine what the actual problem is, e.g. a problem with the
> way the code is written leading to unsafe optimizations, or a gcc bug?
[Obviously Andrew's look at warnings advice is good but also…]
See if you can reproduce it when
On Fri, Nov 18, 2011 at 11:27 PM, Ralf Corsepius wrote:
> [1] -Wstrict-aliasing is one of these cases.
> The spots such warnings point to, often are broken, but not always,
> because GCC has difficulties in identifying these.
This use to be more true, but there are multiple levels of -Wstrict-ali
On Fri, Nov 25, 2011 at 6:28 PM, Laurin wrote:
> I totally agree with you, a software center would be a really nice idea,
> also for more experienced user because they can browse easily through the
> available software and may find something interesting.
I am really confused by this thread.
Here
On Sun, Nov 27, 2011 at 4:14 PM, Bernd Stramm wrote:
> Removing the screenshots, icons, popularity vote results etc etc
> post-install is not a good solution. These things should be available
> when someone wants to look at them, not installed by default.
>
> The mechanisms to look at them should
On Thu, Feb 16, 2012 at 10:25 AM, Vladimir Makarov wrote:
> GCC has a big community of very dedicated people. LLVM has no such
> community. So IMHO GCC will be more high quality compiler than LLVM until
> LLVM gets such community.
>
That can't be expected to continue now that there are many emp
On Tue, Nov 9, 2010 at 11:35 AM, Jesse Keating wrote:
> On 11/9/10 8:23 AM, Andrew Haley wrote:
>> I've seen the responses on the Wayland list, and it's always "Wayland
>> isn't intended to do that." So, there's no point raising objections
>> there.
>>
>> The risk is that Wayland gets developed a
On Tue, Nov 9, 2010 at 11:55 AM, Adam Jackson wrote:
> On Tue, 2010-11-09 at 04:05 -0500, Jon Masters wrote:
>
>> +1 for bringing these points up. No offense to krh (because it's nice
>> technology) but you can pull my genuine networked applications from my
>> cold dead hands. I agree that I see t
On Tue, Nov 9, 2010 at 1:12 PM, Dennis Jacobfeuerborn
wrote:
> On 11/09/2010 06:12 PM, Gregory Maxwell wrote:
>> I've mostly been watching here and I think people have been fairly
>> clearly about their concerns: Network transparency is important to
>> them, and they u
On Wed, Nov 17, 2010 at 5:11 PM, Genes MailLists wrote:
>
> Lets also not forget that the motivation for changing memcpy was to
> get some speedup - has anyone seen evidence of any significant benefit
> of that glibc change?
>
> The BZ ref'd in this thread has linus' (simple) tests which dont
>
On Wed, Nov 17, 2010 at 10:03 PM, Chris Adams wrote:
[snip]
> shouldn't be done in a "stable" release of glibc. Is memcpy called
> often enough (and on large enough blocks) that this change makes a real
> performance difference (not just on a synthetic memcpy benchmark)?
Most code is not perform
On Mon, Nov 29, 2010 at 6:35 PM, John Reiser wrote:
> While the details of inlining are subject
> to change, copying in ascending address order is the order that is
> assumed by all violators of the no-overlap requirement.
All violators? Citation needed.
I'm sure lurking somewhere there are ovel
On Wed, Jan 5, 2011 at 4:13 PM, Adam Jackson wrote:
> But prevention of DoS on the part of local actors is just not a game you
> can win. If nothing else, remember that the way Linux implements
> malloc() assumes you have infinite memory, which means you overcommit
> resources, which means failur
On Sat, Feb 19, 2011 at 6:56 PM, Michael S wrote:
> On 20 February 2011 00:40, Orcan Ogetbil wrote:
>> On Sat, Feb 19, 2011 at 6:29 PM, Michael S wrote:
>>> On 17 February 2011 01:02, Jeffrey Ollie wrote:
I was just trying to build the latest Asterisk, which uses
jack-audio-connection-ki
On Sat, Feb 19, 2011 at 9:13 PM, Orcan Ogetbil wrote:
> I didn't try Michael's fix myself since I don't have a rawhide box
> with real audio hardware.
>
> But looking at the celt code, specifically to the implementations of
> celt_decoder_create() and celt_decoder_create_custom() , I don't think
>
On Mon, Mar 21, 2011 at 10:22 AM, Gilboa Davara wrote:
> Hello all,
>
> I routinely encrypt all important partitions on my laptops /
> workstations / servers using LUKS both at home and at work.
> However, due to the above, I can no longer remotely reboot the machines
> (at least the ones that doe
On Sun, May 9, 2010 at 4:15 PM, Ryan Rix wrote:
> Here is how I see this: The user installs their system for the first time,
> they set their clock using NTP while they have the connection to the
> internet when they installed their packageset/updates. Now they have an
> accurate clock.
>
> How mu
2010/5/20 Conan Kudo (ニール・ゴンパ) :
> It's too bad that we can't say that Fedora 13 has all these cool things.
> Fedora would get some considerable notoriety for being the first to fully
> support it. Then again, we cannot fully support it for HTML5 since Firefox
> doesn't have it... And Chromium is s
On Thu, Jul 8, 2010 at 3:43 AM, Jakub Jelinek wrote:
> On Thu, Jul 08, 2010 at 12:54:35PM +0530, Rahul Sundaram wrote:
>> Do you plan on doing a mass rebuild?
>
> I don't think it is necessary, at least not for the reason of a compiler
> upgrade. The mass rebuilds are usually done when we have so
On Sat, Jul 10, 2010 at 7:06 AM, drago01 wrote:
>>> - Helper routines used by yum to extract dependencies
>>>
>>> - X-Windows server and libraries used for 2D and 3D display such as
>>> opengl, compiz, etc.
>> and ghostscript, poppler, ...
>> Everyone will easily suggest Firefox and OpenOffice.
On Fri, Jul 30, 2010 at 1:30 PM, Rahul Sundaram wrote:
>
> On Fri, Jul 30, 2010 at 10:50 PM, Bill Nottingham wrote:
>>
>> Everything I've seen you ask about repos stems from an apparent end goal
>> of 'get rpmfusion onto Fedora systems as much as possible', and consists
>> of attempting to either
On Thu, Sep 4, 2014 at 9:01 AM, Digimer wrote:
> This reminds me of the "Beefy Miracle" fiasco... Everyone complained after
> it happened, but few said or did anything before then.
The scope of systemd has crept dramatically since the start. If the
initial discussions of systemd said it would mer
On Sat, Mar 21, 2015 at 1:31 PM, Paolo Bonzini wrote:
> Firefox and xulrunner are bundling their own copy of jemalloc (try
> "strings /usr/lib64/xulrunner/xulrunner |grep jemalloc", or similarly
> with /usr/lib64/firefox/firefox-bin).
>
> Why isn't this recorded in the RPM provides (and why is the
On Mon, Mar 26, 2012 at 6:55 PM, Chris Murphy wrote:
> So then the question is, if urandom is what's recommended, are faster
> substitutes just as good? If they are just as good, then why aren't they the
> first recommendation? And if this step is superfluous, then I'd suggest
> documentation b
On Wed, May 16, 2012 at 10:16 AM, Paul Wouters wrote:
> Please test and give karma so this security release won't get stuck for
> too long.
To add Karma, after testing log into that page and "add a comment"
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailm
On Wed, May 16, 2012 at 10:41 AM, Jakub Jelinek wrote:
> And, for various programs you usually don't need 64-bit address space,
> but in the case where you have say bigger input you are simply out of luck
> if you are limited to 32-bit address space. Say with compilers/linkers,
> you can usually
From Fedora 18 on, Fedora will no longer include the freedom to for a
user to create a fork or respin which is the technological equal of
the Project's output. Instead, this freedom will be available
exclusively from Microsoft for $99 under unspecified conditions.
I wish this were a joke.
http://
On Thu, May 31, 2012 at 9:56 AM, Bryn M. Reeves wrote:
> abundantly clear that there are no restrictions placed on users who do
> not wish to have the secure boot signature checks enforced.
Yes, I read it and spent several hours talking to MJG before he posted
it, in fact.
I thought I'd pay him
[I'm sorry for getting repetitive here, but I'm responding to several
people concurrently in order to minimize volume]
On Thu, May 31, 2012 at 10:32 AM, Bryn M. Reeves wrote:
> That discussion is happening right now. You're welcome to join in.
That wasn't my understanding, my understanding is th
On Thu, May 31, 2012 at 12:11 PM, Gerry Reno wrote:
> This is a monopolistic attack disguised as a security effort.
> The highly restrictive technological approach that has been taken needs to be
> challenged in the courts.
> I'd rather see Microsoft users have to attach a dongle to their system
On Thu, May 31, 2012 at 12:22 PM, Peter Jones wrote:
> The argument that it's a security effort is bolstered in many vendors eyes
> by the existence of attacks in the wild which Secure Boot would prevent.
I'm not aware of any attack _objectives_ (as compared to methods)
which this would prevent,
On Thu, May 31, 2012 at 1:07 PM, Gerry Reno wrote:
> Could be any of a thousand ways to implement this.
> Maybe it checks the BIOS to determine whether some SecureBoot flag is set.
While it pains me to argue with someone on my side— you're incorrect.
The compromised system would just intercept an
On Thu, May 31, 2012 at 12:47 PM, Bill Nottingham wrote:
> I'm not sure how you meant this, but I'm having a hard time reading this in
> a way that's not:
>
> - directly contradictory
> - intentional raising of FUD then stepping back
> - insinuating some Shadowy Cabal Of Others behind this decisio
On Thu, May 31, 2012 at 4:19 PM, Gerry Reno wrote:
> And I'd rather see a User-Controlled implementation rather than a
> Monopoly-Controlled implementation.
SecureBoot is (currently, on x86 but not arm) _also_ user-controlled.
The monopoly controlled is just the default.
--
devel mailing list
d
On Fri, Jun 1, 2012 at 9:50 AM, Gerry Reno wrote:
> So everyone needs to go out and buy twice as much RAM so F18+ can run /tmp as
> tmpfs without causing memory shortfalls
> for everything else they do.
> That's crazy.
Thats not true (and I've used tmpfs for tmp for years, so I'm speaking
from e
On Fri, Jun 1, 2012 at 11:27 AM, Gerry Reno wrote:
> Wait a minute. Back in this thread it says that half of RAM is allocated to
> the tmpfs for /tmp.
> Plus the purported benefit from this is causing less write cycles on SSD.
> (See Wiki page)
> That may have been a benefit a few years ago bu
On Fri, Jun 1, 2012 at 11:09 AM, Reindl Harald wrote:
> well designed machines do NOT swap and have not alligend
> swap at all - in the case of virtualization you MUST NOT
> enforce swapping if you really like perofrmance
I'm sorry, I couldn't quite hear you— perhaps more all-caps would help? :-)
On Fri, Jun 1, 2012 at 12:27 PM, DJ Delorie wrote:
> This conclusion is NOT TRUE for me. I've checked it. /tmp on ext3 on
> my system does NOT incur any disk I/O until long after the process
> using it has finished, if at all, as long as the files are small and
> transient.
Glad to see you've t
On Fri, Jun 1, 2012 at 2:28 PM, DJ Delorie wrote:
>> If they really aren't transient then /tmp is the wrong place for them.
> I will categorically disagree with any argument of the "the user
> shouldn't be doing that" type. Software exists to serve the user, not
> the other way around.
Your quot
On Fri, Jun 1, 2012 at 1:02 PM, Simo Sorce wrote:
> On my 'normal' systems once the desktop is fully started with Firfox,
> Gnome, Evolution and all the crap, I already am using more than half the
> RAM available, so tmpfs in RAM means I hit swap as soon as something
> decides to write a tmp file
On Fri, Jun 1, 2012 at 2:46 PM, DJ Delorie wrote:
> *I* want /tmp on disk. I still don't want someone else telling me I
> have to do it that way.
You can still put tmp on a disk if you're the kind of advanced users
who knows better enough to override the defaults.
But there does have to be a de
On Fri, Jun 1, 2012 at 2:50 PM, Michael Cronenworth wrote:
> Not a single person who has claimed a performance or semantic win for
> this /tmp move has replied when asked for proof.
I haven't bothered because I have no clue what you'll accept and I
fully accept you to move the goalposts.
For exa
On Fri, Jun 1, 2012 at 12:32 PM, Reindl Harald wrote:
>> I'm sorry, I couldn't quite hear you— perhaps more all-caps would help? :-)
>>
>> The dogmatic 'swap is bad for performance' is justified only because
>> writing/reading a slow disk is bad for performance.
>
> and how does /tmp in RAm change
On Sat, Jun 2, 2012 at 5:32 AM, drago01 wrote:
> Or you don't do the later and just disable secureboot. Your freedom is
> in *no way* limited by having secureboot support.
> Let me repeat it again supporting secureboot on x86 does *NOT* limit
> your freedom.
After all this discussion you'll still
On Sat, Jun 2, 2012 at 12:04 PM, Chris Adams wrote:
> Once upon a time, Gregory Maxwell said:
>> When I create a fork, respin, or remix of Fedora and distribute it to
>> people it will not run for them like Fedora does without a level of
>> fiddling which the people advo
On Fri, Jun 1, 2012 at 10:28 PM, Reindl Harald wrote:
> it does not matter WHAT get swapped out
> from the moment on the system starts to swap performance sucks
This is what I meant about being dogmatic up thread. You're being a
anti-swap zealot here.
Yes, using swap is slow. It's slow because
On Sat, Jun 2, 2012 at 12:36 PM, Matthew Garrett wrote:
> Per spec the machine simply falls back to attempting to execute the next
> entry in the boot list. An implementation may provide some feedback that
> that's the case, but there's no requirement for it to do so, so it's
> perfectly valid for
On Sat, Jun 2, 2012 at 4:02 PM, Matthew Garrett wrote:
> On Sat, Jun 02, 2012 at 03:28:03PM -0400, Gregory Maxwell wrote:
>
>> This should meet the signing requirements and it removes the opacity
>> without locking down any of Fedora. Such a bootloader should meet
>> what
On Sat, Jun 2, 2012 at 4:21 PM, Matthew Garrett wrote:
> That's fine as long as you speak English.
Come on now, you're building a strawman argument. I never said that it
had to be in a single language—notice messages I _normally_ write get
put into many languages.
I don't see why the text of the
On Sat, Jun 2, 2012 at 5:26 PM, drago01 wrote:
> On Sat, Jun 2, 2012 at 11:14 PM, Gregory Maxwell wrote:
>> I think regressing to the installs
>> being somewhat easier than ten yearsish ago is still a better place to
>> be than the cryptographic lockdown.
>
> I disagr
On Sat, Jun 2, 2012 at 5:57 PM, Matthew Garrett wrote:
> You're fine with one level of injustice. I'm fine with another level of
> injustice. Both compromise the freedoms that Fedora currently gives you.
I'm not fine with it. It's an unfortunate situation too. But producing
a single special case
On Sat, Jun 2, 2012 at 6:09 PM, Gregory Maxwell wrote:
> On Sat, Jun 2, 2012 at 5:57 PM, Matthew Garrett wrote:
>> You're fine with one level of injustice. I'm fine with another level of
>> injustice. Both compromise the freedoms that Fedora currently gives you.
>
>
On Sat, Jun 2, 2012 at 6:23 PM, drago01 wrote:
> It can be argued both ways. Modifying software requires more "skills"
> and knowlegde anyway so it is more acceptable to accept that group of
> people to fiddle with the firmware then everyone including people that
> don't even know what a firmware
On Sun, Jun 3, 2012 at 10:11 AM, Peter Jones wrote:
> On 06/02/2012 05:47 PM, Gregory Maxwell wrote:
>> There is no additional security provided by the feature as so far
>> described—only security theater. So I can't modify the kernel or
>> bootloader, great—but the k
On Mon, Jun 11, 2012 at 9:56 AM, Nicu Buculei wrote:
> Of course we are missing that part *now*, there is no motherboard with UEFI
> and Secure Boot in the wild so we can take screenshots and publish them.
> Once such board will be released, plenty of instructions and tutorials will
> follow, to m
On Tue, Jun 12, 2012 at 10:22 AM, Peter Jones wrote:
> This seems like a pretty unlikely scenario. You have to disable secure boot
> to perform most kernel-level debugging operations in Windows 8. It'd
> alienate
> pretty much the entire OEM community for Windows add-on card drivers, pretty
> much
On Tue, Jun 12, 2012 at 12:25 PM, Adam Williamson wrote:
> You are, and that was being very un-excellent, so please refrain from it
> in future.
I'm left wondering where your concern about being excellent to each
other has been hiding throughout this thread, and where it was when
you made the "Yo
On Tue, Jun 12, 2012 at 1:43 PM, Bill Nottingham wrote:
> No offense, but you seem to have a very unusual idea about how much leverage
> Fedora has anywhere. Why would hardware vendors listen to a community
> distribution that they never preinstall, have no plans to preinstall, and
> brings them a
On Tue, Jun 12, 2012 at 1:59 PM, Peter Jones wrote:
> Quit trying to have it both ways, Greg. If we get vendors to let us ship a
> Red Hat key - and to be clear, it was a *Red Hat* key that's been offered
> to be shipped - then we're putting forked projects and stuff in a
> significantly worse pos
On Tue, Jun 12, 2012 at 2:27 PM, Peter Jones wrote:
> No, they literally cannot do that. Having a special debugging key that
> chains to a CA key that's in the key database (DB), which would allow the
> ability to do kernel debugging activities which could, for example, write
> to arbitrary memory
On Sat, Jun 16, 2012 at 7:14 PM, Chris Murphy wrote:
> Ahh, the Ostrich Maneuver.
>
> Had this been the policy of others working on this issue, Microsoft would
> not have updated their Windows 8 certification to require the user be able
> to disable Secure Boot. And then we'd all be in a significa
On Sat, Jun 16, 2012 at 8:16 PM, Chris Murphy wrote:
> Calls for speculation. We know what the certification policy used to be. We
> also know how long DOJ takes to do anything, let alone politicking behind the
> scenes to arrive at compromise, let alone its day in court. Years.
> Generations o
On Sun, Jun 17, 2012 at 12:51 PM, Chris Murphy wrote:
> It was justified. Only one is speculation. The other utilizes evidence and a
> track record of behavior.
... Right, In one case the actual participants in the discussion have
expressed doubt that they had any effect, and in the other we ha
On Sun, Jun 17, 2012 at 1:25 PM, Reindl Harald wrote:
> you are aware that on ARM platform is NO DISABLE SECURE BOOT allowed
> this is not "future requirement"
> this is CURRENT requirement for Win8 on ARM
It was also the original requirement on x86 before negative PR was
generated and the requir
On Sun, Jun 17, 2012 at 12:06 PM, Richard Hughes wrote:
> That's simply not possible. Some processes like dbus-daemon and
> gnome-session just cannot be restarted in this way. It's a complete
> fallacy to believe you can update core libraries on a modern Linux
> system without rebooting.
I upgrad
On Sun, Jun 17, 2012 at 2:08 PM, drago01 wrote:
> A new feature is being added nothing is getting removed so no there is
> no regression.
Thats newspeak if I ever saw any.
Going from a system which generally doesn't prompt users to reboot to
one that does is a regression.
> dbus is not optional
On Mon, Jun 18, 2012 at 12:09 PM, Lennart Poettering
wrote:
> I mean, have you ever tried to upgrade firefox while running firefox? If
> you did, you know how awfully wrong that goes... [1]
I run Mozilla's nightly builds and receive updates every day. They
disrupt nothing because Mozilla has buil
On Mon, Jun 18, 2012 at 3:00 PM, Jesse Keating wrote:
> On 06/18/2012 09:24 AM, Gregory Maxwell wrote:
>> I run Mozilla's nightly builds and receive updates every day. They
>> disrupt nothing because Mozilla has built infrastructure to make that
>> possible. Firefox
On Mon, Jun 18, 2012 at 3:15 PM, Chris Murphy wrote:
> On Jun 18, 2012, at 10:05 AM, Matthew Garrett wrote:
>> 2) Government. If a large enough set of national governments required
>> that secure boot be disabled by default then we could assume that
>> arbitrary hardware would work out of the box.
On Mon, Jun 18, 2012 at 4:53 PM, Lennart Poettering
wrote:
> Well, even if Mozilla "fixed" that, such a solution wouldn't work for OS
> updates, already due to privilege reasons. i.e. "pre-staging" changes as
> root which are applied when a user does something simply cannot work if
> you care abou
On Mon, Jun 18, 2012 at 4:45 PM, Adam Williamson wrote:
> What I should have said is that we have no God-given right to demand
> that any computing device offered for sale must be explicitly designed
> to accommodate the retrofitting of other operating systems or software,
> or indeed to demand th
On Tue, Jun 19, 2012 at 11:50 AM, Eric Smith wrote:
> If the things that make it difficult to run software of your choosing on a
> device can be proven to serve no purpose but to stifle competition, then
> yes. But often those things have other purposes as well. For example,
> requiring firmware
1 - 100 of 135 matches
Mail list logo