Re: *countable infinities only

On 05/31/2012 05:13 PM, Chris Adams wrote: Please don't spread FUD like this. You are wrong for a couple of reasons: - Secure boot is required to be able to be disabled on x86 (the only platform Fedora will support it). - Users can generate their own keys, enroll them in the secure boot

Re: *countable infinities only

On Fri, Jun 1, 2012 at 3:14 AM, Kevin Kofler wrote: > Chris Adams wrote: >> - Secure boot is required to be able to be disabled on x86 (the only >> platform Fedora will support it). > > And this is exactly why we should just require our users to disable it! > > I don't see any advantage at all fro

Re: Fedora remixes and Microsoft's secure booting crapola

On Fri, Jun 1, 2012 at 9:22 AM, Basil Mohamed Gohar < basilgo...@librevideo.org> wrote: > > >https://lists.fedoraproject.**org/pipermail/devel/2012-May/**167605.html > > >(Note that the first e-mail in that archive somehow got c

Re: Fedora remixes and Microsoft's secure booting crapola

On 05/31/2012 10:26 PM, Arun SAG wrote: I have been reading about secure boot. I understand that we are going to pay Microsoft to get our keys signed. Will this change affect people creating remixes? What about kernel modules from third party repositories like rpmfusion? Will it be affected?

Re: *countable infinities only

> This will exclude a whole class of usages that are currently available > to Fedora users, such as the ReSpin projects that Fedora Unity used to > produce from stock Fedora packages as well as any other downstream > projects that build on Fedora. This is not something affecting only a > limit set

Re: *countable infinities only

> What if anaconda was change to a license which required forks to > certify and pay a one time $99 fee to some shell company, would anyone > call Fedora still a free software distribution with a straight face? Yes, if after paying $99 you are free to redistribute your own modified versions. By t

Re: [HEADS-UP] Rawhide: /tmp is now on tmpfs

On 06/01/2012 12:15 AM, Sergio Durigan Junior wrote: > On Thursday, May 31 2012, Ralf Corsepius wrote: > >> On 05/31/2012 12:45 PM, Pádraig Brady wrote: >>> On 05/31/2012 08:14 AM, Roberto Ragusa wrote: > >>> Now /var/tmp should be "more persistent" which we don't need, >> Correct, using /var/tmp

Re: *countable infinities only

On 05/31/2012 09:14 PM, Kevin Kofler wrote: > Chris Adams wrote: >> - Secure boot is required to be able to be disabled on x86 (the only >> platform Fedora will support it). > And this is exactly why we should just require our users to disable it! > > I don't see any advantage at all from supportin

Re: *countable infinities only

Chris Adams wrote: > - Secure boot is required to be able to be disabled on x86 (the only > platform Fedora will support it). And this is exactly why we should just require our users to disable it! I don't see any advantage at all from supporting this "feature", just problems: * extra restrictio

Re: [HEADS-UP] Rawhide: /tmp is now on tmpfs

On Thursday, May 31 2012, Ralf Corsepius wrote: > On 05/31/2012 12:45 PM, Pádraig Brady wrote: >> On 05/31/2012 08:14 AM, Roberto Ragusa wrote: >> Now /var/tmp should be "more persistent" which we don't need, > Correct, using /var/tmp is wrong and a mistake. > > IMO, advising people to modify the

Re: *countable infinities only

On 05/31/2012 05:47 PM, Adam Williamson wrote: > On Thu, 2012-05-31 at 16:31 -0400, Gerry Reno wrote: >> On 05/31/2012 04:26 PM, Gregory Maxwell wrote: >>> On Thu, May 31, 2012 at 4:19 PM, Gerry Reno wrote: And I'd rather see a User-Controlled implementation rather than a Monopoly-Contr

Re: another upgrade, another disaster

On Fri, 2012-06-01 at 07:30 +1000, Rob K wrote: > On Wed, May 30, 2012 at 6:46 AM, Corey Richardson wrote: > > On Tue, 29 May 2012 16:42:30 -0400 > > Neal Becker wrote: > > > >> Basically the same kind of failure as the last several times I did > >> updates. This time f16->f17. Used preupgrade.

Re: another upgrade, another disaster

On Thu, 2012-05-31 at 22:21 +0200, Caterpillar wrote: > I would like to share my experience about upgrading from Fedora 16 to > 17 a quiet number of machines. > > 100% percenteage computer base have putted my hands on, had problems > during the upgrade from Fedora 16 to 17. > > Which problems? F

Re: F16: Sandy Bridge -> lags, missing effects, ui-crashes

Once upon a time, Adam Williamson said: > Gah. Sorry, I stopped reading after VT-. =) No problem; I was making sure I wasn't missing some magical bit about VT-d! -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trou

Re: F16: Sandy Bridge -> lags, missing effects, ui-crashes

On Thu, 2012-05-31 at 20:47 +0100, Richard W.M. Jones wrote: > On Thu, May 31, 2012 at 02:42:11PM -0500, Chris Adams wrote: > > Once upon a time, Adam Williamson said: > > > On Tue, 2012-05-29 at 20:36 -0400, Jared K. Smith wrote: > > > > Yes, that's a possible culprit. I've had massive problems w

Re: *countable infinities only

On Thu, 2012-05-31 at 16:31 -0400, Gerry Reno wrote: > On 05/31/2012 04:26 PM, Gregory Maxwell wrote: > > On Thu, May 31, 2012 at 4:19 PM, Gerry Reno wrote: > >> And I'd rather see a User-Controlled implementation rather than a > >> Monopoly-Controlled implementation. > > SecureBoot is (currently

Re: *countable infinities only

On Thu, 2012-05-31 at 15:07 -0400, Gerry Reno wrote: > >> Yes, all these would currently support what I'm suggesting. > > Actually, if you're willing to flip a lot of switches, you could > > probably make your / a raid5 of floppies, but the performance would be > > suboptimal. > > > > -J > > > >

Re: another upgrade, another disaster

On Wed, May 30, 2012 at 6:46 AM, Corey Richardson wrote: > On Tue, 29 May 2012 16:42:30 -0400 > Neal Becker wrote: > >> Basically the same kind of failure as the last several times I did >> updates. This time f16->f17.  Used preupgrade. >> > > I've heard nothing but bad things about preupgrade f

Re: *countable infinities only

On 05/31/2012 04:32 PM, Adam Jackson wrote: On 5/31/12 3:23 PM, Peter Jones wrote: On 05/31/2012 03:18 PM, Adam Jackson wrote: Not that I want to discourage multiple signatures - quite the opposite - but could we not install the bootloader after (and based on) looking at the enrolled keys? We

Re: *countable infinities only

On 5/31/12 3:23 PM, Peter Jones wrote: On 05/31/2012 03:18 PM, Adam Jackson wrote: Not that I want to discourage multiple signatures - quite the opposite - but could we not install the bootloader after (and based on) looking at the enrolled keys? Well, that adds complexity and makes files bigg

Re: *countable infinities only

On 05/31/2012 04:26 PM, Gregory Maxwell wrote: > On Thu, May 31, 2012 at 4:19 PM, Gerry Reno wrote: >> And I'd rather see a User-Controlled implementation rather than a >> Monopoly-Controlled implementation. > SecureBoot is (currently, on x86 but not arm) _also_ user-controlled. > The monopoly co

Re: *countable infinities only

On Thu, May 31, 2012 at 4:19 PM, Gerry Reno wrote: > And I'd rather see a User-Controlled implementation rather than a > Monopoly-Controlled implementation. SecureBoot is (currently, on x86 but not arm) _also_ user-controlled. The monopoly controlled is just the default. -- devel mailing list d

vfsmount mnt_parent element change

I'm trying to find out the changes in the kernel relating the 3.2 to 3.3 changes in relation to the vfsmount structure change as we use an application that uses the mnt_parent element that no longer exists in the source. I looked at the Documentation directory for the kernel in Fedora 16 but it

Re: another upgrade, another disaster

2012/5/31 Adam Williamson > On Tue, 2012-05-29 at 16:50 -0400, Tom Callaway wrote: > > On 05/29/2012 04:46 PM, Corey Richardson wrote: > > > I've heard nothing but bad things about preupgrade from lots of people, > > > and I've heard the developers either never hear about it, ignore it, or > > >

Re: *countable infinities only

On 05/31/2012 04:04 PM, Jon Ciesla wrote: > On Thu, May 31, 2012 at 2:57 PM, Jon Ciesla wrote: >> On Thu, May 31, 2012 at 2:07 PM, Gerry Reno wrote: >>> On 05/31/2012 02:52 PM, Jon Ciesla wrote: On Thu, May 31, 2012 at 1:21 PM, Gerry Reno wrote: > On 05/31/2012 02:17 PM, Jon Ciesla wrot

Re: *countable infinities only

On Thu, May 31, 2012 at 03:18:54PM -0400, Adam Jackson wrote: > Not that I want to discourage multiple signatures - quite the > opposite - but could we not install the bootloader after (and based > on) looking at the enrolled keys? Certainly, providing you can boot the software that can examine t

Re: As we develop SELinux we are adding new labels to homedir content

On Thu, May 31, 2012 at 9:44 PM, Daniel J Walsh wrote: > A third option would be to run "restorecon -R -v $HOME" in background in an > profile script the first time you login on a new OS Version.  This would seem > to be the least time consuming, but could be subject to race conditions, you > hit

Re: *countable infinities only

On Thu, May 31, 2012 at 2:57 PM, Jon Ciesla wrote: > On Thu, May 31, 2012 at 2:07 PM, Gerry Reno wrote: >> On 05/31/2012 02:52 PM, Jon Ciesla wrote: >>> On Thu, May 31, 2012 at 1:21 PM, Gerry Reno wrote: On 05/31/2012 02:17 PM, Jon Ciesla wrote: > On Thu, May 31, 2012 at 1:08 PM, Gerry

Re: As we develop SELinux we are adding new labels to homedir content

On 31.5.2012 21:44, Daniel J Walsh wrote: A third option would be to run "restorecon -R -v $HOME" in background in an profile script the first time you login on a new OS Version. This would seem to be the least time consuming, but could be subject to race conditions, you hit the mislabeled file

Re: *countable infinities only

On Thu, May 31, 2012 at 2:07 PM, Gerry Reno wrote: > On 05/31/2012 02:52 PM, Jon Ciesla wrote: >> On Thu, May 31, 2012 at 1:21 PM, Gerry Reno wrote: >>> On 05/31/2012 02:17 PM, Jon Ciesla wrote: On Thu, May 31, 2012 at 1:08 PM, Gerry Reno wrote: > On 05/31/2012 01:57 PM, Jon Ciesla wrot

Re: *countable infinities only

On 05/31/2012 02:55 PM, Chris Adams wrote: Once upon a time, Peter Jones said: That's why we didn't simply ask vendors to ship our key. That would be /less/ equitable to other distributions than the solution we're looking at right now. Has any thought been given to setting up group between v

Re: F16: Sandy Bridge -> lags, missing effects, ui-crashes

On Thu, May 31, 2012 at 02:42:11PM -0500, Chris Adams wrote: > Once upon a time, Adam Williamson said: > > On Tue, 2012-05-29 at 20:36 -0400, Jared K. Smith wrote: > > > Yes, that's a possible culprit. I've had massive problems with VT-d > > > enabled on both a Thinkpad T510 and on a Thinkpad X220

As we develop SELinux we are adding new labels to homedir content

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We have added file trans by name rules to policy to fix a lot of files/directories being created with the correct label. We have problems on Distribution updates (F16-F17) though, where there is a files/directories in the homedir that are mislabeled.

Re: F16: Sandy Bridge -> lags, missing effects, ui-crashes

Once upon a time, Adam Williamson said: > On Tue, 2012-05-29 at 20:36 -0400, Jared K. Smith wrote: > > Yes, that's a possible culprit. I've had massive problems with VT-d > > enabled on both a Thinkpad T510 and on a Thinkpad X220. I don't > > pretend to understand what advantages VT-d is *suppose

[Bug 656544] Please Update Spec File to use %ghost on files in /var/run and /var/lock

https://bugzilla.redhat.com/show_bug.cgi?id=656544 Peter Backes changed: What|Removed |Added Blocks||827166 -- You are receiving this mail be

Re: [HEADS-UP] Rawhide: /tmp is now on tmpfs

On Thu, May 31, 2012 at 02:57:17PM +0200, Roberto Ragusa wrote: > I suppose that an additional small-tmp (e.g. /tmpram) could > be useful for some programs currently using tmp for very > small files. We already have it: /dev/shm In a double irony, the only user of it on my system is pulseaudio, w

Re: [HEADS-UP] Rawhide: /tmp is now on tmpfs

On Thu, May 31, 2012 at 11:45:36AM +0100, Pádraig Brady wrote: > On 05/31/2012 08:14 AM, Roberto Ragusa wrote: > > On 05/31/2012 02:40 AM, Lennart Poettering wrote: > >> Heya! > >> > >> Please be aware that since the most recent systemd uploads /tmp is now > >> in tmpfs by default in Rawhide/F18. >

Re: F16: Sandy Bridge -> lags, missing effects, ui-crashes

On Tue, 2012-05-29 at 20:36 -0400, Jared K. Smith wrote: > On Tue, May 29, 2012 at 5:29 PM, Reindl Harald wrote: > > Am 29.05.2012 22:45, schrieb Roberto Ragusa: > > i think i have to mention taht VT-d is active in the BIOS and > > i was wondering that it was stable because the combination of the

Re: On a related note...

On Tue, 2012-05-29 at 17:16 -0400, seth vidal wrote: > On Tue, 29 May 2012 17:04:52 -0400 > Neal Becker wrote: > > > You know what was the painless part of this re-install? After firing > > up google chrome, I didn't need to reinstall anything for it. It's > > all synced with gmail. > > > > I

Re: another upgrade, another disaster

On Thu, 2012-05-31 at 15:08 -0400, Neal Becker wrote: > But we can, and should, at least try to make our systems tolerant of > failures. > Just because we can't test everything. Defensive programming. Sure. As someone else said, though, that's an issue in rpm if anywhere... -- Adam Williamso

Re: *countable infinities only

On 05/31/2012 03:18 PM, Adam Jackson wrote: On 5/31/12 2:17 PM, Peter Jones wrote: On 05/31/2012 12:37 PM, Adam Jackson wrote: Now if you're suggesting Fedora should ship another version of the shimloader that's signed with a common Fedora key... sure, why not, that could be nice. Of course

Re: *countable infinities only

On 5/31/12 2:17 PM, Peter Jones wrote: On 05/31/2012 12:37 PM, Adam Jackson wrote: Now if you're suggesting Fedora should ship another version of the shimloader that's signed with a common Fedora key... sure, why not, that could be nice. Of course since we have to /install/ a bootloader, for

Re: *countable infinities only

On 05/31/2012 03:03 PM, Gregory Maxwell wrote: Because maintaining the boot portion of the system shouldn't automatically create a position to make fundamental decisions like this. The authors of Fedora packages also don't normally spend large amounts of time in consultation with Redhat legal, M

Re: *countable infinities only

On 05/31/2012 02:55 PM, Chris Adams wrote: Once upon a time, Peter Jones said: That's why we didn't simply ask vendors to ship our key. That would be /less/ equitable to other distributions than the solution we're looking at right now. Has any thought been given to setting up group between v

Re: another upgrade, another disaster

Adam Williamson wrote: > On Tue, 2012-05-29 at 16:50 -0400, Tom Callaway wrote: >> On 05/29/2012 04:46 PM, Corey Richardson wrote: >> > I've heard nothing but bad things about preupgrade from lots of people, >> > and I've heard the developers either never hear about it, ignore it, or >> > don't ca

Re: F16: Sandy Bridge -> lags, missing effects, ui-crashes

On Thu, May 31, 2012 at 2:45 PM, drago01 wrote: > On Thu, May 31, 2012 at 8:04 PM, Josh Boyer wrote: > You could just do boot with intel_iommu=igfx_off to verify that sounds not really smart if you are using the integrated graphics engine as only graphics card which is fast eno

Re: *countable infinities only

On 05/31/2012 02:52 PM, Jon Ciesla wrote: > On Thu, May 31, 2012 at 1:21 PM, Gerry Reno wrote: >> On 05/31/2012 02:17 PM, Jon Ciesla wrote: >>> On Thu, May 31, 2012 at 1:08 PM, Gerry Reno wrote: On 05/31/2012 01:57 PM, Jon Ciesla wrote: > On Thu, May 31, 2012 at 12:52 PM, Gerry Reno wro

Re: *countable infinities only

On Thu, May 31, 2012 at 12:47 PM, Bill Nottingham wrote: > I'm not sure how you meant this, but I'm having a hard time reading this in > a way that's not: > > - directly contradictory > - intentional raising of FUD then stepping back > - insinuating some Shadowy Cabal Of Others behind this decisio

Re: *countable infinities only

Once upon a time, Peter Jones said: > That's why we didn't simply ask vendors to ship our key. That would be > /less/ equitable to other distributions than the solution we're looking at > right now. Has any thought been given to setting up group between various Open Source distributions (Linux,

Re: *countable infinities only

On Thu, May 31, 2012 at 1:21 PM, Gerry Reno wrote: > On 05/31/2012 02:17 PM, Jon Ciesla wrote: >> On Thu, May 31, 2012 at 1:08 PM, Gerry Reno wrote: >>> On 05/31/2012 01:57 PM, Jon Ciesla wrote: On Thu, May 31, 2012 at 12:52 PM, Gerry Reno wrote: > On 05/31/2012 01:48 PM, Jon Ciesla wro

Re: *countable infinities only

On 05/31/2012 12:59 PM, Gerry Reno wrote: On 05/31/2012 12:57 PM, Basil Mohamed Gohar wrote: I take it that virtualization of the OS is completely off the table as well, then? (I think it must be, if this is the case.) Why would that be? VM's have a BIOS. And SecureBoot can be part of that

Re: another upgrade, another disaster

On Tue, 2012-05-29 at 16:50 -0400, Tom Callaway wrote: > On 05/29/2012 04:46 PM, Corey Richardson wrote: > > I've heard nothing but bad things about preupgrade from lots of people, > > and I've heard the developers either never hear about it, ignore it, or > > don't care. I tried a preupgrade and i

Re: F16: Sandy Bridge -> lags, missing effects, ui-crashes

On Thu, May 31, 2012 at 8:04 PM, Josh Boyer wrote: > On Thu, May 31, 2012 at 1:02 PM, drago01 wrote: >> On Wed, May 30, 2012 at 10:32 PM, Reindl Harald >> wrote: >>> >>> >>> Am 30.05.2012 10:52, schrieb drago01: On Wed, May 30, 2012 at 2:36 AM, Jared K. Smith wrote: > On Tue, May

Re: *countable infinities only

On Thu, May 31, 2012 at 4:23 PM, Gregory Maxwell wrote: > None the less,  I do not believe it is "FUD" or in any way inaccurate > to say that this will mean that Fedora will be losing a freedom it > once had— the freedom to make forks at no cost which are technically > equal to the projects, ones

Re: sys/sysctl.h and bits/sysctl.h in rawhide/f18?

On Thu, May 31, 2012 at 2:21 PM, Josh Boyer wrote: > On Thu, May 31, 2012 at 1:43 PM, Bill Nottingham wrote: >> Kaleb Keithley (kkeit...@redhat.com) said: >>> >>> About a week ago I did a scratch build of one of my packages that includes >>> and it built successfully. >>> >>> Today I did anothe

Re: *countable infinities only

On 05/31/2012 02:08 PM, Gerry Reno wrote: The hardware is under control of the user. At some point the user has to know what they consider trusted. I totally agree. This is why I've been writing tools to do your own signing and key management. It's totally okay to do your own thing, I expect

Re: *countable infinities only

On 05/31/2012 02:17 PM, Jon Ciesla wrote: > On Thu, May 31, 2012 at 1:08 PM, Gerry Reno wrote: >> On 05/31/2012 01:57 PM, Jon Ciesla wrote: >>> On Thu, May 31, 2012 at 12:52 PM, Gerry Reno wrote: On 05/31/2012 01:48 PM, Jon Ciesla wrote: > On Thu, May 31, 2012 at 12:42 PM, Gerry Reno wr

Re: sys/sysctl.h and bits/sysctl.h in rawhide/f18?

On Thu, May 31, 2012 at 1:43 PM, Bill Nottingham wrote: > Kaleb Keithley (kkeit...@redhat.com) said: >> >> About a week ago I did a scratch build of one of my packages that includes >> and it built successfully. >> >> Today I did another scratch build and it broke with: >> >> ... >> Making all i

Re: *countable infinities only

On 05/31/2012 12:37 PM, Adam Jackson wrote: Now if you're suggesting Fedora should ship another version of the shimloader that's signed with a common Fedora key... sure, why not, that could be nice. Of course since we have to /install/ a bootloader, for this to be effective it needs to be the

Re: *countable infinities only

On Thu, May 31, 2012 at 1:08 PM, Gerry Reno wrote: > On 05/31/2012 01:57 PM, Jon Ciesla wrote: >> On Thu, May 31, 2012 at 12:52 PM, Gerry Reno wrote: >>> On 05/31/2012 01:48 PM, Jon Ciesla wrote: On Thu, May 31, 2012 at 12:42 PM, Gerry Reno wrote: > On 05/31/2012 01:34 PM, Jon Ciesla wr

Re: *countable infinities only

On 05/31/2012 12:42 PM, Miloslav Trmač wrote: Well, Fedora will enjoy a different security benefit by removing the user-space ability to manipulate DMA, even for users that don't have SecureBoot-capable hardware. Our current plan is actually to only disable these methods if Secure Boot is enabl

Re: *countable infinities only

Gregory Maxwell (gmaxw...@gmail.com) said: > > It's perhaps just as troubling that there are people involved in this > non-public decision who apparently have such a limited understanding > of free software that they were unable to understand the point I made > explicitly in my message (and more e

Re: *countable infinities only

On 05/31/2012 01:57 PM, Jon Ciesla wrote: > On Thu, May 31, 2012 at 12:52 PM, Gerry Reno wrote: >> On 05/31/2012 01:48 PM, Jon Ciesla wrote: >>> On Thu, May 31, 2012 at 12:42 PM, Gerry Reno wrote: On 05/31/2012 01:34 PM, Jon Ciesla wrote: > On Thu, May 31, 2012 at 12:22 PM, Gerry Reno w

Re: sys/sysctl.h and bits/sysctl.h in rawhide/f18?

Kaleb Keithley (kkeit...@redhat.com) said: > > About a week ago I did a scratch build of one of my packages that includes > and it built successfully. > > Today I did another scratch build and it broke with: > > ... > Making all in src > CC fuse-helpers.lo > CC fuse-resolve.lo >

Re: *countable infinities only

On 05/31/2012 12:15 PM, Basil Mohamed Gohar wrote: On 05/31/2012 12:06 PM, Peter Jones wrote: On 05/31/2012 12:04 PM, Gerry Reno wrote: SecureBoot is not about security. It is about restriction. If you're looking for a mantra to recite ad infinitum, that's a fine one, but right now we're loo

Re: F16: Sandy Bridge -> lags, missing effects, ui-crashes

On Thu, May 31, 2012 at 1:02 PM, drago01 wrote: > On Wed, May 30, 2012 at 10:32 PM, Reindl Harald > wrote: >> >> >> Am 30.05.2012 10:52, schrieb drago01: >>> On Wed, May 30, 2012 at 2:36 AM, Jared K. Smith >>> wrote: On Tue, May 29, 2012 at 5:29 PM, Reindl Harald wrote: > Am 29.

Re: *countable infinities only

On 5/31/12 12:20 PM, Basil Mohamed Gohar wrote: On 05/31/2012 12:18 PM, Miloslav Trmač wrote: Remove Microsoft's keys, problem solved. Mirek Ah, yes, but then you also won't be able to run Fedora, under the currently proposed solution. Oops! See how slick the slope is? False. Quoting

Re: *countable infinities only

On 05/31/2012 12:21 PM, Bill Nottingham wrote: Basil Mohamed Gohar (basilgo...@librevideo.org) said: Remove Microsoft's keys, problem solved. Ah, yes, but then you also won't be able to run Fedora, under the currently proposed solution. Oops! See how slick the slope is? If you're dumb enou

Re: sys/sysctl.h and bits/sysctl.h in rawhide/f18?

Kaleb Keithley wrote: > About a week ago I did a scratch build of one of my packages that > includes and it built successfully. > > Today I did another scratch build and it broke with: > > ... > Making all in src > CC fuse-helpers.lo > CC fuse-resolve.lo > CC fuse-bridge.lo > C

Re: *countable infinities only

On Thu, May 31, 2012 at 12:52 PM, Gerry Reno wrote: > On 05/31/2012 01:48 PM, Jon Ciesla wrote: >> On Thu, May 31, 2012 at 12:42 PM, Gerry Reno wrote: >>> On 05/31/2012 01:34 PM, Jon Ciesla wrote: On Thu, May 31, 2012 at 12:22 PM, Gerry Reno wrote: > On 05/31/2012 01:19 PM, Jon Ciesla w

Re: *countable infinities only

On 05/31/2012 01:48 PM, Jon Ciesla wrote: > On Thu, May 31, 2012 at 12:42 PM, Gerry Reno wrote: >> On 05/31/2012 01:34 PM, Jon Ciesla wrote: >>> On Thu, May 31, 2012 at 12:22 PM, Gerry Reno wrote: On 05/31/2012 01:19 PM, Jon Ciesla wrote: > On Thu, May 31, 2012 at 12:16 PM, Gerry Reno w

Re: *countable infinities only

On 05/31/2012 01:47 PM, Matthew Garrett wrote: > Platforms implementing secure boot will require cryptographically signed > firmware updates, so the only way an attacker > will be able to modify your system is by having physical access to the flash. Well, at least that part is good. -- devel m

Re: *countable infinities only

On Thu, May 31, 2012 at 12:42 PM, Gerry Reno wrote: > On 05/31/2012 01:34 PM, Jon Ciesla wrote: >> On Thu, May 31, 2012 at 12:22 PM, Gerry Reno wrote: >>> On 05/31/2012 01:19 PM, Jon Ciesla wrote: On Thu, May 31, 2012 at 12:16 PM, Gerry Reno wrote: > On 05/31/2012 01:10 PM, Gregory Maxw

Re: Live CD or USB (was Re: *countable infinities only)

On Thu, May 31, 2012 at 12:46:15PM -0500, Chris Adams wrote: > Once upon a time, Michael Cronenworth said: > > What effect on CD or USB boot images does this have? Will Live images on > > fp.o be required to be signed to be useful to the general public with a > > Dell/HP machine that will most cer

Re: *countable infinities only

On Thu, May 31, 2012 at 01:42:30PM -0400, Gerry Reno wrote: > This game of cat and mouse with the blackhats is not going to end until we > have some type of read-only partitions where > known good code resides. > > And the user must hit a hardware button to enable read-write to change > anything

Re: Live CD or USB (was Re: *countable infinities only)

Once upon a time, Michael Cronenworth said: > What effect on CD or USB boot images does this have? Will Live images on > fp.o be required to be signed to be useful to the general public with a > Dell/HP machine that will most certainly have this feature enabled (and > possibly not allowed to disab

Re: *countable infinities only

On 05/31/2012 01:34 PM, Jon Ciesla wrote: > On Thu, May 31, 2012 at 12:22 PM, Gerry Reno wrote: >> On 05/31/2012 01:19 PM, Jon Ciesla wrote: >>> On Thu, May 31, 2012 at 12:16 PM, Gerry Reno wrote: On 05/31/2012 01:10 PM, Gregory Maxwell wrote: > On Thu, May 31, 2012 at 1:07 PM, Gerry Ren

Re: sys/sysctl.h and bits/sysctl.h in rawhide/f18?

A scratch build on koji if that wasn't apparent. - Original Message - From: "Kaleb Keithley" To: "Development discussions related to Fedora" Sent: Thursday, May 31, 2012 1:38:32 PM Subject: sys/sysctl.h and bits/sysctl.h in rawhide/f18? About a week ago I did a scratch build of one of

sys/sysctl.h and bits/sysctl.h in rawhide/f18?

About a week ago I did a scratch build of one of my packages that includes and it built successfully. Today I did another scratch build and it broke with: ... Making all in src CC fuse-helpers.lo CC fuse-resolve.lo CC fuse-bridge.lo CC misc.lo In file included from fuse

Re: *countable infinities only

On Thu, May 31, 2012 at 12:22 PM, Gerry Reno wrote: > On 05/31/2012 01:19 PM, Jon Ciesla wrote: >> On Thu, May 31, 2012 at 12:16 PM, Gerry Reno wrote: >>> On 05/31/2012 01:10 PM, Gregory Maxwell wrote: On Thu, May 31, 2012 at 1:07 PM, Gerry Reno wrote: > Could be any of a thousand ways

Re: *countable infinities only

On 05/31/2012 01:19 PM, Jon Ciesla wrote: > On Thu, May 31, 2012 at 12:16 PM, Gerry Reno wrote: >> On 05/31/2012 01:10 PM, Gregory Maxwell wrote: >>> On Thu, May 31, 2012 at 1:07 PM, Gerry Reno wrote: Could be any of a thousand ways to implement this. Maybe it checks the BIOS to determi

Re: *countable infinities only

On Thu, May 31, 2012 at 12:16 PM, Gerry Reno wrote: > On 05/31/2012 01:10 PM, Gregory Maxwell wrote: >> On Thu, May 31, 2012 at 1:07 PM, Gerry Reno wrote: >>> Could be any of a thousand ways to implement this. >>> Maybe it checks the BIOS to determine whether some SecureBoot flag is set. >> While

Re: *countable infinities only

On 05/31/2012 01:10 PM, Gregory Maxwell wrote: > On Thu, May 31, 2012 at 1:07 PM, Gerry Reno wrote: >> Could be any of a thousand ways to implement this. >> Maybe it checks the BIOS to determine whether some SecureBoot flag is set. > While it pains me to argue with someone on my side— you're incor

Re: *countable infinities only

On Thu, May 31, 2012 at 01:07:13PM -0400, Gerry Reno wrote: > On 05/31/2012 01:03 PM, Matthew Garrett wrote: > > How does the Microsoft OS know that it's being invoked in an > > unauthorised manner? > > > > Could be any of a thousand ways to implement this. > > Maybe it checks the BIOS to determ

Re: *countable infinities only

On Thu, May 31, 2012 at 1:07 PM, Gerry Reno wrote: > Could be any of a thousand ways to implement this. > Maybe it checks the BIOS to determine whether some SecureBoot flag is set. While it pains me to argue with someone on my side— you're incorrect. The compromised system would just intercept an

Live CD or USB (was Re: *countable infinities only)

Gregory Maxwell wrote: > http://mjg59.dreamwidth.org/12368.html What effect on CD or USB boot images does this have? Will Live images on fp.o be required to be signed to be useful to the general public with a Dell/HP machine that will most certainly have this feature enabled (and possibly not allo

Re: *countable infinities only

On 05/31/2012 01:03 PM, Matthew Garrett wrote: > On Thu, May 31, 2012 at 12:53:30PM -0400, Gerry Reno wrote: >> On 05/31/2012 12:51 PM, Matthew Garrett wrote: >>> On Thu, May 31, 2012 at 12:49:53PM -0400, Gerry Reno wrote: The issue could be solved by having the SecureBoot default setting depe

Re: *countable infinities only

On Thu, May 31, 2012 at 12:53:30PM -0400, Gerry Reno wrote: > On 05/31/2012 12:51 PM, Matthew Garrett wrote: > > On Thu, May 31, 2012 at 12:49:53PM -0400, Gerry Reno wrote: > >> The issue could be solved by having the SecureBoot default setting depend > >> on the OS being booted: > >> > >> SecureB

Re: F16: Sandy Bridge -> lags, missing effects, ui-crashes

On Wed, May 30, 2012 at 10:32 PM, Reindl Harald wrote: > > > Am 30.05.2012 10:52, schrieb drago01: >> On Wed, May 30, 2012 at 2:36 AM, Jared K. Smith >> wrote: >>> On Tue, May 29, 2012 at 5:29 PM, Reindl Harald >>> wrote: Am 29.05.2012 22:45, schrieb Roberto Ragusa: i think i have to

Re: *countable infinities only

On 05/31/2012 12:57 PM, Basil Mohamed Gohar wrote: > On 05/31/2012 12:53 PM, Gerry Reno wrote: >> On 05/31/2012 12:51 PM, Matthew Garrett wrote: >>> On Thu, May 31, 2012 at 12:49:53PM -0400, Gerry Reno wrote: The issue could be solved by having the SecureBoot default setting depend on th

Re: How do you use fedpkg chain-build for released Fedorae?

On Thu, May 31, 2012 at 08:46:22AM -0700, Jesse Keating wrote: > that. You have to either get your build shipped in updates (stable) > or create a buildroot override in order to get that build into the > buildroots. Because this case rise on packages which has Requires dependencies a buildroot o

Re: *countable infinities only

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/31/2012 05:16 PM, Gerry Reno wrote: > On 05/31/2012 12:13 PM, Miloslav Trma? wrote: >> On Thu, May 31, 2012 at 6:04 PM, Gerry Reno >> wrote: >>> http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement >>> >>> >>> SecureBoot is not

Re: F16: Sandy Bridge -> lags, missing effects, ui-crashes

Am 30.05.2012 10:52, schrieb drago01: > On Wed, May 30, 2012 at 2:36 AM, Jared K. Smith > wrote: >> On Tue, May 29, 2012 at 5:29 PM, Reindl Harald >> wrote: >>> Am 29.05.2012 22:45, schrieb Roberto Ragusa: >>> i think i have to mention taht VT-d is active in the BIOS and >>> i was wondering th

Re: *countable infinities only

On 05/31/2012 12:53 PM, Gerry Reno wrote: > On 05/31/2012 12:51 PM, Matthew Garrett wrote: >> On Thu, May 31, 2012 at 12:49:53PM -0400, Gerry Reno wrote: >>> The issue could be solved by having the SecureBoot default setting depend >>> on the OS being booted: >>> >>> SecureBoot should only be Defa

Re: How do you use fedpkg chain-build for released Fedorae?

On Thu, May 31, 2012 at 08:46:22AM -0700, Jesse Keating wrote: > that. You have to either get your build shipped in updates (stable) > or create a buildroot override in order to get that build into the > buildroots. Because this case rise on packages which has Requires dependencies a buildroot o

Re: *countable infinities only

On 05/31/2012 12:51 PM, Matthew Garrett wrote: > On Thu, May 31, 2012 at 12:49:53PM -0400, Gerry Reno wrote: >> The issue could be solved by having the SecureBoot default setting depend on >> the OS being booted: >> >> SecureBoot should only be Default:ON for Microsoft OS's and any other OS's >>

Re: *countable infinities only

On Thu, May 31, 2012 at 12:49:53PM -0400, Gerry Reno wrote: > The issue could be solved by having the SecureBoot default setting depend on > the OS being booted: > > SecureBoot should only be Default:ON for Microsoft OS's and any other OS's > that want to deal with that > > and should be Defaul

Re: *countable infinities only

On Thu, May 31, 2012 at 12:22 PM, Peter Jones wrote: > The argument that it's a security effort is bolstered in many vendors eyes > by the existence of attacks in the wild which Secure Boot would prevent. I'm not aware of any attack _objectives_ (as compared to methods) which this would prevent,

Re: *countable infinities only

On 05/31/2012 12:46 PM, Peter Jones wrote: > On 05/31/2012 12:16 PM, Gerry Reno wrote: >> On 05/31/2012 12:13 PM, Miloslav Trmač wrote: >>> On Thu, May 31, 2012 at 6:04 PM, Gerry Reno wrote: http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement SecureBoot is not

Re: *countable infinities only

On 05/31/2012 12:16 PM, Gerry Reno wrote: On 05/31/2012 12:13 PM, Miloslav Trmač wrote: On Thu, May 31, 2012 at 6:04 PM, Gerry Reno wrote: http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement SecureBoot is not about security. It is about restriction. That is just untrue

  1   2   >