Re: F36 Change: DIGLIM (System-Wide Change proposal)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sunday, 26 December 2021 11:25:21 GMT Roberto Sassu via devel wrote:
> > From: Dan Čermák [mailto:dan.cermak@xxxxxxxxxxxxxxxxxxx]
> > Sent: Sunday, December 26, 2021 7:10 AM
> > Ben Cotton <bcotton@xxxxxxxxxx> writes:
> > 
> > *snip*
> > > == Upgrade/compatibility impact ==
> > > The user should ensure that software (not updated) from the old
> > > distribution is packaged and the package header is signed, or he
> > > should create and sign a custom digest list for the software he wishes
> > > to use after the upgrade.
> > 
> > 
> > Uhm, so locally/manually installed software (i.e. not signed by Fedora's
> > signkeys) will silently break when switching to F36? How about 3rd party
> > repositories?
> 
> 
> This is the main point of the feature. It aims to protect the user
> against untracked software spread in the disk, and to make him
> accept the software he wants to run.
> 
> Most likely, initially this process will be manual (there is a tool
> to generate a custom digest list). In the future, DIGLIM can
> be extended (in user space) to recognize the integrity information
> provided by the software developer.
> 
A concrete case:

I use Fedora, a third-party repository, and a private repository for my 
systems. The private repository is unsigned - it's just created via 
createrepo, and contains RPMs I've built with mock locally.

What do I need to do if this feature is accepted, in order to not see any 
impact? If I need to change any of the repositories I use and trust, can you 
point me to step-by-step instructions I need to follow?

-- 
Simon

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux