> (3) We should have a "security path", like "critical path".
>
> sshd is linked to a lot of libraries:
>
> /lib64/libaudit.so.1audit-libs
> /lib64/libc.so.6glibc
> /lib64/libcap-ng.so.0 libcap-ng
> /lib64/libcap.so.2 libcap
> /lib64/libcom_err.so.2 libcom_
On Wed, Jul 15, 2020 at 01:17:50PM -0600, Chris Murphy wrote:
> On Wed, Jul 15, 2020 at 12:49 PM Solomon Peachy wrote:
> >
> > On Wed, Jul 15, 2020 at 01:41:27PM -0500, Michael Catanzaro wrote:
> > > Note: memtest86+ actually had an upstream release recently after a *very*
> > > long hiatus, so I
On Mon, Jan 06, 2020 at 02:48:22PM -0500, Robbie Harwood wrote:
> If you don't have the time to make a new build once every year, you
> shouldn't be a packager, full stop.
I think that's a fair point, but not at all the issue here. I
specifically want not to rebuild this, which is why I *have* r
On Mon, Jan 06, 2020 at 12:54:58PM +0100, Miro Hrončok wrote:
> Regardless of different opinions about aggressiveness, having policies
> and no enforcement makes no sense. Either the polices are too
> aggressive and we need to change them, or they are not and we need to
> enforce them.
That seems
> > There's a lot of clouds going to uEFI now
>
> [citation needed]
...
> I got sort of lost in Azure versus Hyper-V and gen1/gen2 - apparently Hyper-V
> likes
> UEFI and supports secure boot but Azure may not or something?
Ignoring the question of how many is a lot, I think you may just be
dis
On Tue, Jun 26, 2018 at 03:46:59PM +0200, Javier Martinez Canillas wrote:
> > That raises two questions:
> > 1. Why isn't just the bls-snippet filename used as the key? It's
> >necessarily unique and should be usable for the purpose of uniquely
> >identifying the boot entry without creating
On Mon, Jun 18, 2018 at 02:42:40PM -0700, Andrew Lutomirski wrote:
> > On Jun 18, 2018, at 10:02 AM, Javier Martinez Canillas
> > wrote:
> >
> >> On Thu, Jun 14, 2018 at 10:20 PM, Chris Murphy
> >> wrote:
> >> On Thu, Jun 14, 2018 at 12:51 PM, Adam Williamson
> >> wrote a monolithic config
> >
On Mon, Jun 18, 2018 at 11:55:28PM +0100, Tom Hughes wrote:
> On 18/06/18 23:46, Javier Martinez Canillas wrote:
> > On Mon, Jun 18, 2018 at 11:54 PM, Tom Hughes wrote:
> > > On 18/06/18 18:15, Peter Jones wrote:
> > >
> > > > That's true - though w
On Mon, Jun 18, 2018 at 12:14:31PM -0600, Chris Murphy wrote:
> Thanks for the reply.
>
> I think the proposal title is misleading. The BLS file format is,
> depending on one's point of view, 5% of the spec. A bulk of the
> proposal isn't going to follow the spec at all. And even with regards
> to
On Mon, Jun 18, 2018 at 03:29:34PM +, Zbigniew Jędrzejewski-Szmek wrote:
> On Mon, Jun 18, 2018 at 11:17:50AM -0400, Peter Jones wrote:
> > On Thu, Jun 14, 2018 at 12:40:50PM -0700, Adam Williamson wrote:
> > > On Thu, 2018-06-14 at 15:10 -0400, Matthew Miller wrote:
>
On Thu, Jun 14, 2018 at 12:40:50PM -0700, Adam Williamson wrote:
> On Thu, 2018-06-14 at 15:10 -0400, Matthew Miller wrote:
> > On Thu, Jun 14, 2018 at 11:51:33AM -0700, Adam Williamson wrote:
> > > > ** Have a grubby wrapper for backward compatbility that manipulates BLS
> > > > files.
> > >
> >
On Thu, May 31, 2018 at 12:14:57PM -0500, Chris Adams wrote:
> Once upon a time, Jason L Tibbitts III said:
> > If we're going to patch grub to expand the set of keys it will watch
> > for, is it possible to just expand the set to encompass all keys? We
> > don't really need to make it that hard
On Thu, May 31, 2018 at 05:47:36PM +0200, Hans de Goede wrote:
> Hi,
>
> On 31-05-18 15:20, Robert Marcano wrote:
> > On 05/31/2018 06:52 AM, Hans de Goede wrote:
> > > ...
> > > This will basically get us back the F28 behavior of showing the
> > > menu but only after a failed boot, I think that i
On Wed, Aug 23, 2017 at 07:27:44AM -0500, Bruno Wolff III wrote:
> Currently grub2 isn't being built for i686 since somewhere between 2.02-8
> and 2.02-10.
> I looked through the change log (but not the git log yet) and didn't see
> anything mentioning this, which I would have expected if it was an
On Thu, Aug 03, 2017 at 10:21:43AM -0600, Chris Murphy wrote:
> security@ and security-team@ have no meaningful activity in at least
> the last 6 months so I'm posting this here.
>
> grub2 incorrectly initialises the boot_params from the kernel image
> https://bugzilla.redhat.com/show_bug.cgi?id=1
On Fri, Oct 09, 2015 at 10:16:31AM -0400, Adam Jackson wrote:
> So from an OS maintenance perspective we have to recognize that
> bundling code occasionally does have merit, and that it is incumbent on
> us to manage it well. And from a Fedora perspective, we have to
> acknowledge that a prohibi
On Sun, Nov 02, 2014 at 09:13:07AM -0800, Adam Williamson wrote:
> On Sun, 2014-11-02 at 10:13 -0500, Matthew Miller wrote:
> > On Sun, Nov 02, 2014 at 04:08:36PM +0100, Michael Schwendt wrote:
> > > Is there any authoritative group at Fedora who wants the product to not
> > > suck like that?
> >
On Wed, Jun 18, 2014 at 02:16:49PM -0400, Adam Jackson wrote:
> On Mon, 2014-06-09 at 14:18 -0400, Adam Jackson wrote:
>
> > > libguestfs uses hfsplus-tools in order to provide some HFS+ filesystem
> > > features (mainly for Mac filesystems and .DMG files). We can remove
> > > this functionality
On Tue, Jun 17, 2014 at 02:40:45PM -0500, Dennis Gilmore wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Wed, 11 Jun 2014 08:52:34 -0400
> Matthew Miller wrote:
>
> > On Wed, Jun 11, 2014 at 02:44:10PM +0200, Jaroslav Reznik wrote:
> > > * package 'dnf-yum-compat-command' is inst
On Wed, Jun 04, 2014 at 07:30:47AM -0700, Toshio Kuratomi wrote:
> Sorry for the late notification. I took a look at making an agenda for this
> week and saw that we only have a few tickets to look at and all of them
> are pending input from various other people so I'm cancelling the meeting.
>
>
On Fri, Jul 12, 2013 at 10:37:41AM -0400, Matthew Miller wrote:
> On Fri, Jul 12, 2013 at 02:17:28PM +, "Jóhann B. Guðmundsson" wrote:
> > 1. https://bugzilla.redhat.com/show_bug.cgi?id=949328
> > 2. https://bugzilla.redhat.com/show_bug.cgi?id=869540
>
> Often, people maintain a package becaus
On Thu, Jul 11, 2013 at 10:58:59AM -0700, Brendan Conoboy wrote:
> Security features are implemented and working- except
> evidently pointer guards, which we found out about *yesterday*.
The point of this isn't just that it was broken, though - the concern
here is that the test suite said it was
On Wed, Jul 10, 2013 at 11:04:51PM -0700, Brendan Conoboy wrote:
> The relentless "I don't want ARM to sully the good name of Fedora" is
> absurd: User for user, ARM is considerably more popular than Fedora.
No, this is completely wrong. It's entirely propaganda, and you need to
stop saying thin
On Wed, Jul 10, 2013 at 11:19:33AM -0500, Dennis Gilmore wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Tue, 9 Jul 2013 16:33:28 -0400
> Peter Jones wrote:
>
> > On Tue, Jul 09, 2013 at 06:50:07PM +0100, Matthew Garrett wrote:
> > > llvmpip
On Wed, Jul 10, 2013 at 07:45:53AM -0400, Josh Boyer wrote:
> On Wed, Jul 10, 2013 at 6:02 AM, Jaroslav Reznik wrote:
> >
> > I don't see a problem with different set of blocking desktops for ARM, even
> > as primary architecture. But it's really about resources - do we have people
> > willing to
On Tue, Jul 09, 2013 at 06:50:07PM +0100, Matthew Garrett wrote:
> llvmpipe has been known to be broken for months, and nobody on the ARM
> team appears capable of fixing it. As a result, ARM shipped in F19
> without any out of the box support for running our default desktop.
>
> This doesn't ma
On Mon, May 20, 2013 at 06:42:47PM +0200, Miloslav Trmač wrote:
> On Mon, May 20, 2013 at 5:51 PM, Sandro Mani wrote:
>
> > I've just hit a bug which causes $HOME to be owned by root if a mountpoint
> > is created inside $HOME during install, see [1].
> >
>
> Ouch. Recent libuser versions refus
This fixes all of our problems with punctuation and unicode. It may
introduce other problems.
---
fedora-release.spec | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fedora-release.spec b/fedora-release.spec
index 0791715..43eed3e 100644
--- a/fedora-release.spec
+++ b/fedora-
ed
unicode character for a displayed apostrophe, as opposed to /typewriter
apostrophe/, U=0027, which is also the shell quote character.
Signed-off-by: Peter Jones
Reviewed-by: Adam Jackson
---
fedora-release.spec | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fedora-release.spe
While this doesn't solve unicode-releated problems with /etc/os-release
or /etc/fedora-release, for example, it does mean that we won't have
problems with parsing this through shell scripts, which we do quite
often.
Signed-off-by: Peter Jones
---
fedora-release.spec | 2 +-
1 file
On Tue, Mar 12, 2013 at 07:36:56PM +0100, Reindl Harald wrote:
> hpw do you imagine the system to smell booting the new
> one has failed? if it fails it will hopefully not remount
> the rootfs RW (if it would be possible at this time)
> and write something to disk so that the next reboot knows
> "
On Tue, Mar 12, 2013 at 07:17:26PM +0100, Reindl Harald wrote:
>
>
> Am 12.03.2013 18:51, schrieb Peter Jones:
> > So I'd really rather have it so that /under normal circumstances/, if the
> > user wants the non-default kernel or parameters, they tell us so before
On Tue, Mar 12, 2013 at 05:19:52PM +0100, Nicolas Mailhot wrote:
>
> Le Mar 12 mars 2013 16:10, Peter Jones a écrit :
> > On Mon, Mar 11, 2013 at 12:58:05PM -0400, Matthias Clasen wrote:
>
> > The idea would be to have a positive indication from systemd that
> > we&#x
On Tue, Mar 12, 2013 at 09:51:14AM -0600, Pete Travis wrote:
> For the use cases where it doesn't work, what about dropping a bootloader
> config spoke into anaconda, or revealing the appropriate features in
> kickstart options? Perhaps probing to test for dual boot to determine if a
> brief timeo
On Tue, Mar 12, 2013 at 09:28:28AM -0600, Kevin Fenzi wrote:
> On Tue, 12 Mar 2013 11:10:27 -0400
> Peter Jones wrote:
>
> > Honestly, I'd like to do this anyway - the grub2 gfxterm code seems to
> > cause nothing but bugs in later graphics setup. That said, I'd r
On Mon, Mar 11, 2013 at 05:51:06PM -0400, Máirín Duffy wrote:
> On 03/11/2013 05:01 PM, Lennart Poettering wrote:
> > By hooking this up to keys people would natrually try, such as shift,
> > space, enter, escape, or whatever windows does for their boot menu stuff.
>
> FWIW Windows uses F8
Window
On Mon, Mar 11, 2013 at 01:43:28PM -0400, Ryan Lerch wrote:
> IIRC, in f17, the GRUB screen was not visible. (you could still
> press f11 to bring it up if you needed it to). Does anyone know why
> this behaviour changed?
I think you're thinking of F15. It was a patch we were carrying to grub1,
On Mon, Mar 11, 2013 at 12:58:05PM -0400, Matthias Clasen wrote:
> Hi,
>
> I would love to see F19 make a good first impression. The first time you see
> something Fedora-related on the screen currently is the graphical grub
> screen, followed by the filling-in-Fedora of Plymouth, followed by th
On Tue, Jan 29, 2013 at 04:25:05AM -0800, Dan Mashal wrote:
> I'm sure QA, releng, docs, etc will go with what the community decides.
>
> Lets have a poll. A very public one.
>
> On the main website. Not somebody's blog. And let's let the users decide
> what they want.
Do we have any significant
On Thu, Jan 24, 2013 at 12:48:18PM -0600, Chris Adams wrote:
> Once upon a time, Miloslav Trmač said:
> > So, to summarize, this saves <= 6 MB of disk space, and <= 1 second of
> > boot time, at the cost of extra maintenance and QA burden in anaconda
> > and grubby?
>
> Well, there's already code
On Thu, Jan 24, 2013 at 06:57:09PM +0100, Miloslav Trmač wrote:
> On Wed, Jan 23, 2013 at 8:30 PM, Jaroslav Reznik wrote:
> > = Features/SyslinuxOption =
> > https://fedoraproject.org/wiki/Features/SyslinuxOption
> >
> > Feature owner(s): Matthew Miller
> >
> > This feature will make Syslinux an
On Wed, Jan 09, 2013 at 01:52:05PM +0100, Florian Weimer wrote:
> On 01/08/2013 04:25 PM, Jaroslav Reznik wrote:
> >Following the implementation of Features/SecureBoot, we can extend the Secure
> >Boot keys as a root of trust provided by the hardware against which we can
> >verify a signature on ou
On Wed, Jan 09, 2013 at 03:39:42PM +0100, Florian Weimer wrote:
> On 01/09/2013 03:26 PM, Peter Jones wrote:
>
> >You've misunderstood the mechanism at work. dhowell's current kernel
> >patch set allows you to add keys which are wrapped (in a well defined
> >way
On Wed, Jan 09, 2013 at 11:55:42AM +0100, Florian Weimer wrote:
> On 01/08/2013 07:15 PM, Peter Jones wrote:
> >On Tue, Jan 08, 2013 at 11:04:30AM -0500, Steve Clark wrote:
> >>
> >>What about repins? I want to add my own custom package that is not signed
> >&
On Tue, Jan 08, 2013 at 02:03:31PM -0700, Chris Murphy wrote:
>
> On Jan 8, 2013, at 12:45 PM, Chris Murphy wrote:
>
> >
> > On Jan 8, 2013, at 12:34 PM, Matthew Garrett wrote:
> >
> >> On Tue, Jan 08, 2013 at 12:16:52PM -0700, Chris Murphy wrote:
> >>
> >>> cp /boot/efi/EFI/fedora/grubx64.e
On Tue, Jan 08, 2013 at 08:28:03PM +0100, Björn Persson wrote:
> I'll agree that most users probably don't verify their DVD images as it
> takes some manual work to do it properly, so that's another weak link,
> but the possibility does exist for those of us who care enough about
> our security.
On Tue, Jan 08, 2013 at 11:04:30AM -0500, Steve Clark wrote:
>
> What about repins? I want to add my own custom package that is not signed and
> create a new CD with a custom ks.cfg.
> How would that work?
You'd generate your own key, and people using your packages, who have
presumably decided th
On Tue, Jan 08, 2013 at 05:46:04PM +0100, Björn Persson wrote:
> > One long-standing problem in Fedora is that we don't check package
> > signatures
> > during installation.
> [...]
> > Following the implementation of Features/SecureBoot, we can extend the
> > Secure
> > Boot keys as a root of tr
On Tue, Jan 08, 2013 at 03:52:02PM +, Petr Pisar wrote:
> On 2013-01-08, Jaroslav Reznik wrote:
> >
> >= Features/PackageSignatureCheckingDuringInstall =
> > https://fedoraproject.org/wiki/Features/PackageSignatureCheckingDuringInstall
> >
> > * Detailed description:
> > One long-standing prob
On Mon, Dec 10, 2012 at 10:10:54AM -0500, Jaroslav Reznik wrote:
> - Original Message -
> > I just saw the Fedora election results, and was surprised to learn
> > there
> > had been an election. After some digging I figured out what happened.
> >
> > Robyn sends her announce emails to: ann
On Tue, Nov 20, 2012 at 08:14:08AM -0500, Jaroslav Reznik wrote:
> Btw. Thanksgiving conflict is known, but we decided not to move
> Go/No-Go to Wednesday because of limited time for testing, let me
> know in case of (strong) objections.
I really think having this meeting during the second largest
On Fri, Nov 09, 2012 at 05:33:05PM +0100, Matej Cepl wrote:
> On 2012-11-09, 14:30 GMT, David Cantrell wrote:
> > Just to cite similar complaints I see from time to time... It
> > irritates me that people think it's a problem that in 2012 they can't
> > install in a VM that is allocated with 256
On Wed, Oct 31, 2012 at 10:47:39AM -0700, Jesse Keating wrote:
> On 10/31/2012 08:08 AM, Tom Lane wrote:
> >My concern at this point is exactly that we're "slipping a week at a
> >time", rather than facing up to the*undeniable fact* that anaconda is
> >not close to being shippable. If we don't ha
On Thu, Oct 04, 2012 at 03:09:24PM +0200, Hans de Goede wrote:
> >pulseaudio -- Improved Linux sound server
>
> ??? !!!
As others have mentioned, packages are on this list even if the only
place he owns them is EPEL.
--
Peter
--
devel mailing list
devel@lists.fedoraproject.org
https:/
On Mon, 2012-08-20 at 12:37 +0100, Richard W.M. Jones wrote:
> https://admin.fedoraproject.org/updates/qemu-1.2-0.3.20120806git3e430569.fc18
>
> I built the package, and I tested it. Yet doing the right thing means
> my karma doesn't count ...
>
> IMO this change makes the karma system (even) wo
On Mon, 2012-07-30 at 21:23 +0300, Pasi Kärkkäinen wrote:
> On Thu, Jul 26, 2012 at 11:02:07PM +0300, Pasi Kärkkäinen wrote:
> >
> > > >I'm pretty sure this is a Intel firmware bug, but it'd be nice to be
> > > >able to
> > > >confirm that somehow..
> > >
> > > Well, either the bootloader or the
On 07/26/2012 01:59 PM, Pasi Kärkkäinen wrote:
"noefi" kernel cmdline option didn't help unfortunately.
When booting Fedora 17 x64 there's the GRUB bootloader with graphical
background image, I let it boot the default entry "Fedora 17", I see it the
allocating memory pages, loading VMLINUZ etc,
On 07/26/2012 02:36 PM, Przemek Klosowski wrote:
On 07/26/2012 06:32 AM, Pasi Kärkkäinen wrote:
I have a new Intel DQ77MK motherboard, based on the Intel Q77 chipset.
CPU is Intel Ivy Bridge i7-3770.
I'm running the latest BIOS version (0048), and UEFI boot is enabled in the
BIOS.
I take it
On 07/26/2012 06:32 AM, Pasi Kärkkäinen wrote:
UEFI boot fails with all of the listed operating systems. Symptoms:
- I get the Fedora/RHEL EFI boot menu, and I let it boot with the default
options.
- I get text on the screen about allocating memory pages for Linux-EFI,
loading VMLINUZ, etc.
- Th
On 07/25/2012 10:21 AM, Tomasz Torcz wrote:
> On Wed, Jul 25, 2012 at 04:13:54PM +0200, Nicolas Mailhot wrote:
>>
>> Le Mar 24 juillet 2012 23:17, Michael Cronenworth a écrit :
>>
>>> It also turns every font into a blurry mess. This is not a subjective
>>> opinion. Run the listed command on the Fe
On 07/10/2012 03:52 PM, Ralf Ertzinger wrote:
Hi.
On Tue, 10 Jul 2012 17:52:28 +0530, Rahul Sundaram wrote
Do we have any such firmware at all? Let's stick to practical issues.
Wei don't, as far as I am aware. But with Intel actually preparing
to ship Xeon Phi hardware we might sooner than
On 07/12/2012 12:13 PM, Tom Callaway wrote:
On 07/12/2012 11:41 AM, Paul Wouters wrote:
On 07/12/2012 11:38 AM, Peter Jones wrote:
So, this makes me wonder. Is there a good reason rpm doesn't check the new
package and the old package for having the same file during an upgrade, and
simpl
On 07/12/2012 11:20 AM, Tom Callaway wrote:
On 07/12/2012 11:01 AM, Paul Wouters wrote:
I would like to prevent this from happening. But since this only happens
when upgrading from a third-party 1.3 (which we don't ship) to a 1.4,
even if I used triggers to work around the config file issue, th
On 06/28/2012 05:03 PM, Chris Murphy wrote:
They have a vendor defined order, which 3.3 allows, even though Apple EFI is
not UEFI. When PRAM is zapped, the NVRAM is empty and nothing is blessed,
therefore the sequence I described earlier applies.
This is actually wrong as well. Blessing is a p
On 06/28/2012 05:03 PM, Chris Murphy wrote:
On Jun 28, 2012, at 1:59 PM, Matthew Garrett wrote:
The only obvious thing for it to boot is EFI/BOOT/BOOT${ARCH}.efi.
An optional file in an optional vendor subdirectory is the obvious choice?
Maybe a future spec could be more clear that the subd
On 06/28/2012 03:54 PM, Chris Murphy wrote:
2.
It doesn't at all indicate who should do this. If anything 12.3.1.3 implies
it's vendor domain. Not operating system domain.
It's completely obvious that if we want something to happen, we have to do it.
Given there's no mandate that this subdire
On 06/28/2012 02:04 PM, Chris Murphy wrote:
On Jun 28, 2012, at 10:26 AM, Peter Jones wrote:
On 06/28/2012 12:17 PM, Chris Murphy wrote:
It is perturbing that in 2012, with a nearly 30MB operating system as a
pre-boot environment, that by design it doesn't scan the EFI System
partitio
On 06/28/2012 12:17 PM, Chris Murphy wrote:
It is perturbing that in 2012, with a nearly 30MB operating system as a
pre-boot environment, that by design it doesn't scan the EFI System
partition for other possible boot options - like a rescue mode - in the event
efi boot variables aren't set.
W
On 06/28/2012 10:08 AM, Kamil Paral wrote:
Having sent that mail it became obvious that what's happened is that
your
new x220 board doesn't have the efi boot variable set. Some machines
allow
you to boot from a file, in which case it'll be
/efi/fedora/grubx64.efi .
If your firmware doesn't have
On 06/28/2012 09:40 AM, Lennart Poettering wrote:
On Thu, 28.06.12 09:29, Peter Jones (pjo...@redhat.com) wrote:
Having sent that mail it became obvious that what's happened is that your
new x220 board doesn't have the efi boot variable set. Some machines allow
you to boot from
On 06/28/2012 09:25 AM, Peter Jones wrote:
On 06/28/2012 09:11 AM, Kamil Paral wrote:
If you are knowledgeable about UEFI, I'll welcome your advice. This is the
issue I encountered:
1. I enabled UEFI mode in BIOS in Lenovo X220 (more exactly I set UEFI as the
preferred method).
2. I inst
On 06/28/2012 09:11 AM, Kamil Paral wrote:
If you are knowledgeable about UEFI, I'll welcome your advice. This is the
issue I encountered:
1. I enabled UEFI mode in BIOS in Lenovo X220 (more exactly I set UEFI as the
preferred method).
2. I installed Fedora 17.
3. "Fedora" item appeared in BIO
On 06/26/2012 02:50 PM, Toshio Kuratomi wrote:
A pie in the sky option might be to have minidebuginfo/debuginfo reside
in the same package as the binaries it belongs to but in separate files
which are marked in the rpm filelist. Then rpm could have a --nodebuginfo
similar to how it has --nodoc
On 06/25/2012 11:08 PM, Jay Sulzberger wrote:
Is there a hardware switch or jumper that can be set so that no
modification of the firmware is possible? My question here is:
if I have gross physical possession of the hardware can I disable
firmware updates done just via code running on the x86/U
On 06/25/2012 09:14 PM, Jay Sulzberger wrote:
[...] I have some questions about what sort of
capabilities the UEFI will have in machines sold later this year:
1. What is the mechanism for remote revocation of signing keys?
There's 2 mechanisms here. The first is a key list called DBX. This is
On 06/25/2012 11:25 AM, Gregory Maxwell wrote:
This seems a bit incongruent with many of the claims made here about
the degree of participation with cryptographic lockdown required and
the importance of it.
I think we've made it fairly clear that we don't believe their interpretation
is correc
On 06/20/2012 01:32 PM, Naheem Zaffar wrote:
would fixing this also fix the bug where installing a new kernel changes the
default boot OS even when the default is non Linux?
What's the bugzilla number for that?
--
Peter
--
devel mailing list
devel@lists.fedoraproject.org
https://admi
On 06/20/2012 12:42 PM, Adam Williamson wrote:
On Wed, 2012-06-20 at 09:21 -0400, Peter Jones wrote:
On 06/19/2012 11:57 PM, Adam Williamson wrote:
On Tue, 2012-06-19 at 23:28 -0400, Ben Rosser wrote:
So far, the only actual arguments against this (specifically, the
above solution to the
On 06/20/2012 10:16 AM, Reindl Harald wrote:
Am 20.06.2012 16:11, schrieb Ralf Corsepius:
On 06/20/2012 03:35 PM, Chris Lumens wrote:
Again: I'm perfectly happy if it is rejected as a feature. I don't
really care either way. What I'd really hate to see is a checkbox in the
installer so we are
On 06/20/2012 11:04 AM, Ben Rosser wrote:
On Wed, Jun 20, 2012 at 9:21 AM, Peter Jones mailto:pjo...@redhat.com>> wrote:
I think what's actually needed is a small patch to grubby to make it keep
track of the bounding block the current default is in and add the new
bou
On 06/19/2012 11:57 PM, Adam Williamson wrote:
On Tue, 2012-06-19 at 23:28 -0400, Ben Rosser wrote:
So far, the only actual arguments against this (specifically, the
above solution to the problem) I've heard is that it breaks being able
to configure /boot/grub2/grub.cfg by hand. But that's the
On 06/18/2012 11:54 AM, Jay Sulzberger wrote:
If I understand correctly, Fedora has now formally allowed
Microsoft to lock Fedora out of many coming ARM devices.
Well, no. At this point it's still just a proposal.
--
Peter
--
devel mailing list
devel@lists.fedoraproject.org
https://a
On 06/18/2012 11:14 AM, Jay Sulzberger wrote:
System76 have committed to providing hardware without pre-enabled secure boot.
Matthew, I am delighted to hear this.
Note that this contradicts the claim, made more than once in
this thread, that such an arrangement is, in practice, impossible.
On 06/18/2012 11:03 AM, Jay Sulzberger wrote:
Microsoft has not refused to grant Fedora a key for ARM.
This I do not understand. By reports in the admittedly
incompetent magazines dealing with home computers, Microsoft's
policy is to keep Fedora, and any other OSes, except for
Microsoft OSes,
On 06/18/2012 09:26 AM, Seth Johnson wrote:
On Mon, Jun 18, 2012 at 8:59 AM, Matthew Garrett wrote:
On Mon, Jun 18, 2012 at 08:45:07AM -0400, Seth Johnson wrote:
On Mon, Jun 18, 2012 at 7:43 AM, Matthew Garrett wrote:
The features you wanted in a free software UEFI are present in existing
UE
On 06/18/2012 01:17 AM, Seth Johnson wrote:
On Mon, Jun 18, 2012 at 1:15 AM, Matthew Garrett wrote:
On Mon, Jun 18, 2012 at 01:09:52AM -0400, Jay Sulzberger wrote:
The game is now just about over. What if one day, Microsoft
makes it even harder to install Fedora without a Microsoft
controlled
On 06/18/2012 12:53 AM, Matthew Garrett wrote:
On Sun, Jun 17, 2012 at 11:52:48PM -0400, Jay Sulzberger wrote:
So why does the "SecureBoot" private key require a so much higher
cost of administration?
Fedora's keys are currently only relevant on hardware where users have
voluntarialy installe
On 06/14/2012 07:57 PM, Kevin Kofler wrote:
Hi,
I've been pointed to a news item about a (apparently the first) x86 (Atom)
based smartphone:
http://www.engadget.com/2012/06/14/orange-san-diego-review/
So even smartphones are going x86 now.
It's probably best not to extrapolate the extent of a
On 06/14/2012 01:56 PM, Jay Sulzberger wrote:
If Fedora appears to accept that Microsoft should have the
Hardware Root Key, our side's arguments, in several arenas, are
weakened.
Okay, first off, quit hijacking fedora-devel-list for your unrelated DMCA
stuff. It's entirely the wrong place for
On 06/14/2012 10:42 AM, Kevin Fenzi wrote:
On Thu, 14 Jun 2012 07:40:50 -0500
Josh Bressers wrote:
Hello all,
I suspect this is going to be a weird problem to figure out.
Relevation password manager
https://admin.fedoraproject.org/pkgdb/applications/Revelation
Password Manager
Has been foun
On 06/12/2012 01:46 PM, Denis Arnaud wrote:
> Though most of you already certainly know about it, Linus Torvalds has
> expressed his point of view about that story:
> http://www.zdnet.com/blog/open-source/linus-torvalds-on-windows-8-uefi-and-fedora/11187
Yes, though he's wrong on some facts. Not
On 06/12/2012 11:33 AM, Gregory Maxwell wrote:
> On Tue, Jun 12, 2012 at 10:22 AM, Peter Jones wrote:
>> This seems like a pretty unlikely scenario. You have to disable secure boot
>> to perform most kernel-level debugging operations in Windows 8. It'd
>> alienate
>
On 06/12/2012 01:11 PM, Gregory Maxwell wrote:
> On Tue, Jun 12, 2012 at 12:25 PM, Adam Williamson wrote:
>> You are, and that was being very un-excellent, so please refrain from it
>> in future.
>
> I'm left wondering where your concern about being excellent to each
> other has been hiding throu
On 06/12/2012 01:48 PM, Gregory Maxwell wrote:
> On Tue, Jun 12, 2012 at 1:43 PM, Bill Nottingham wrote:
>> No offense, but you seem to have a very unusual idea about how much leverage
>> Fedora has anywhere. Why would hardware vendors listen to a community
>> distribution that they never preinsta
On 06/12/2012 09:00 AM, Steve Clark wrote:
This is MS classic ploy against free software embrace and extend. First it
will be it can be disabled then for windows 9 if you want to have approved
hardware MS will require, like ARM, x86 secure boot can not be disabled and
they will point to Fedora an
On 06/12/2012 08:10 AM, Orcan Ogetbil wrote:
Due to my respect to your request, I thought about it for nearly 72
hours. I still stand behind what I said: People who are incapable of
switching a BIOS setting, which might involve doing a simple web
search beforehand, should better not touch any el
On 06/02/2012 03:28 PM, Gregory Maxwell wrote:
On Sat, Jun 2, 2012 at 12:36 PM, Matthew Garrett wrote:
Per spec the machine simply falls back to attempting to execute the next
entry in the boot list. An implementation may provide some feedback that
that's the case, but there's no requirement fo
On 06/02/2012 05:47 PM, Gregory Maxwell wrote:
There is no additional security provided by the feature as so far
described—only security theater. So I can't modify the kernel or
bootloader, great—but the kernel wouldn't have let me do that in the
first place unless it had an exploit. So I just
On 06/02/2012 12:31 PM, Kevin Fenzi wrote:
What happens if you try and boot an unsigned image? I assume the error
you get is up to the BIOS folks? So, it could be misleading, confusing,
depressing or all three. It may be that people will see just "Failed to
secure boot" and think there's somethi
On 06/01/2012 07:56 PM, Kevin Kofler wrote:
Peter Jones wrote:
We don't know what all firmwares' UI's will look like, and it's possible -
even somewhat reasonable - that instead of "enable secure boot [X]" some
vendors would implement it, for example, as "
1 - 100 of 240 matches
Mail list logo
