On Sun, Dec 26, 2021 at 1:10 AM Dan Čermák <dan.cer...@cgc-instruments.com> wrote: > > Ben Cotton <bcot...@redhat.com> writes: > > *snip* > > > > > It will also make Fedora able to detect tampering of its components at > > a more privileged level, the kernel, without the interference of user > > space programs. Once tampering has been detected, the actions of the > > altered component are prevented before that component gets the chance > > to perform any action. Fedora could be configured to also allow the > > usage of components provided by the user, if he wishes to do so > > (DIGLIM has a tool to build custom digest lists). > > How would that look in practice? Will a user just get a message in the > journal? > > > == Upgrade/compatibility impact == > > The user should ensure that software (not updated) from the old > > distribution is packaged and the package header is signed, or he > > should create and sign a custom digest list for the software he wishes > > to use after the upgrade. > > Uhm, so locally/manually installed software (i.e. not signed by Fedora's > signkeys) will silently break when switching to F36? How about 3rd party > repositories?
It wouldn't be the first time software has been deliberately broken by well-intended kernel security changes. Remember when systemd decided to cancel all backgrounded processes belong to a user when they logged out, breaking "screen" and "tux", with no record of killing the jobs whatsover? Fortunately, people screamed pretty hard about that one. Nico Kadel-Garcia > Cheers, > > Dan > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
