On Wednesday, July 8, 2020 10:04:01 AM MST Richard Hughes wrote: > On Wed, 8 Jul 2020 at 16:48, John M. Harris Jr <johnmh@xxxxxxxxxxxxx> > wrote: > > needlessly disables a lot of kernel functionality > > > It disables functionality which can destroy platform security. It disables functionality that users need, such as inserting their kernel modules on their own system, or hibernating to disk. Let's be honest about what this does. This is not something that's beneficial here, it's only harming our users. > > You cannot load kernel modules you've built > > > If you can build and insert your own kernel module you can do almost > anything to the hardware, including disabling various firmware > protection technologies. > > tl;dr: if you care about platform security at all, enable secure boot. If you've got root, you can STILL do almost anything to the hardware, including disabling various "firmware protection technologies". This is needlessly kneecapping users. -- John M. Harris, Jr. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
