Hi, Am 05.12.19 um 10:33 schrieb Lennart Poettering: >>> Also note that on Fedora Workstation we default to suspend-on-idle >>> these days. i.e. when you don't actually work on the laptop the laptop >>> is suspended and not reachable via SSH at all, hence adding >>> systemd-homed doesn't make anything worse in that regard... >> How do you wanne access data on your homeserver, when you are at >> work? > Fedora Workstation is — as the name suggests — a workstation OS. It > enforces policies by deault (such as suspend-on-idle) that are not > appropriate for a server. My "workstation" -> is <- my homeserver, or do you have a 19" data rack in your home, just to be able to suspend your "workingstation", when you go to your actual work? No, you don't :) And i don't speculate if you either have a Laptop with all your data on it or a big pc to work with, which is fast & has big storages and good GFX capabilities, because it will be something i did not imagine. So don't assume, you know how people use their stuff, make something universal. IMHO systemd and it's components are there to start a system, not to control it afterwards. That is out of systemds business. > Which has nothing to do with systemd-homed btw, it's the existing > Fedora Workstation behaving that way. Quite right, so why do you wanne take control of it? > Yeah, isn't it great that when you leave your laptop on your desk > unattended you know for sure it's securely locked after a while and > can only be unlocked from you again with your pw? As long as my running system software does not have any major flaws, I already sleep well, if it gets stolen. There are very cool components, most of the users have no knowledge about, that auto lock your system, when you leave the physical area around your laptop. It's already implemented in Fedora today. i.e. via detecting the absence of BT beacons (of any sort) in the near vicinity of the laptop. With FDE running and "Suspend-to-disk" selected in your screensafer settings, you get asked for your password on hw wakeup before your system gets back running. If someone wants to use such things, he already can. Where is the advantage of homed, considering, that only encrypting /home, is a major security flaw by itself. All your goals are already there and it's more useful and secure too :) I really have a problem understanding why you wanne implement a security flaw and call it "better". If you wanne improve security, please focus on userfriendlyneess for things like "disabling unused usb ports"/"whitelist for usb ids"/"insecure Highspeed USB network adapter detection" same for any plugable port you have in your hw. And last, but not least, "motherboard serial number validation on wakeup" to counter the switch of hw components. > I love you too, my friend. Cu :D Best regards, Marius _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
