On Fri, 25 Aug 2023 at 07:44, Richard Hughes <hughsi...@gmail.com> wrote:

> Hi all,
>
> I was thinking of adding Passim as a default-installed and
> default-enabled dep of fwupd in the Fedora 40 release. Before I create
> lots of unnecessary drama, is there any early feedback on what's
> described in https://github.com/hughsie/passim/blob/main/README.md
> please.
>
> The tl;dr: is I want to add a mDNS server that reshares the public
> firmware update metadata from the LVFS on your LAN. The idea is that
> rather than 25 users in an office downloading the same ~2MB file from
> the CDN every day, the first downloads from the CDN and the other 24
> download from the first machine. All machines still download the
> [tiny] jcat file from the CDN still so we know the SHA256 to search
> for and verify.
>
>
I am not sure how much this will actually help things. My understanding was
that Microsoft found their own 'share updates' not working as much as
expected and causing way too many security headaches even on 'nice friendly
networks' either by network scans or just the fact that as soon as someone
puts up a service like this.. it is profitable for the crooks to abuse it.

I am not against it, but I think the days of "Here we've assuming your
local network (aka LAN) is a nice and friendly place, without evil people
trying to overwhelm your system or feed you fake files." is dead and
whatever tool applied needs to be designed with the fact that it only takes
0.01% of 'evil people' in the population to make things crap.


> The backstory is that as the fwupd grows and grows (to ChromeOS,
> FreeBSD, Windows and macOS) we need to scale things up a couple of
> orders of magnitude. This isn't specific to firmware stuff, although I
> think it makes a great testcase which we could add dnf or ostree
> content to in the future. Comments and questions are most welcome.
> Thanks,
>
> Richard.
> _______________________________________________
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>


-- 
Stephen Smoogen, Red Hat Automotive
Let us be kind to one another, for most of us are fighting a hard battle.
-- Ian MacClaren
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to