Re: F36 Change: DIGLIM (System-Wide Change proposal)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Dec 29, 2021 at 11:03 AM Stephen Snow <s40w5s@xxxxxxxxx> wrote:
>
> On Wed, 2021-12-29 at 06:38 -0500, Neal Gompa wrote:
> > With Windows 11, they're *mandatory*. Corporate policies now
> > effectively *require* TPM-based mechanisms *in addition* to classical
> > password or token-based multi-factor authentication.
> This certainly is not any reason to adopt this for Fedora. So far in my
> life with TPM, it has been an annoyance that I find refreshing not to
> have to even contemplate with my Fedora Linux installation.
> I see no benefit for the Fedora Community and the Fedora Project it
> supports to follow the lead of the proprietary driven objectives. The
> only obvious one that comes to mind is the recent announcements of it's
> inclusion on traditionally proprietary OS vendor supplied hardware.
> This wreaks of "for profit" motivation.
>
> Just my opinion on what I am reading here in the comments.

To be fully transparent, the reason I mentioned that stuff is that
having the capability to do these things in Fedora Linux is key for
growth and adoption in more circles. At no point do I want to have
these features implemented in such a way that the user doesn't have
the capability to control and self-authenticate their whole system. If
we ever want Fedora Linux to displace Windows or macOS, we *need* to
be able to satisfy people's security requirements, including so-called
"zero trust" architectures.

But none of that has much to do with this Change, since this is about
making it possible for a user to configure their system to enforce the
integrity of the system based on RPM database information. As users of
Fedora Linux systems, we *already* control the RPM database and the
RPM signature trust directly, so *if* you turn it on, all it does is
decrease the risk of external tampering.




-- 
真実はいつも一つ!/ Always, there's only one truth!
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux