On Tue, Dec 28, 2021 at 09:20:11AM -0600, Bruno Wolff III wrote: > On Tue, Dec 28, 2021 at 14:45:59 +0100, > Kevin Kofler via devel <devel@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > > > > But there is the inherent assumption there that the set of software released > > by Fedora is identical to the set of software the user trusts. In practice, > > those sets will, sure, be overlapping (non-disjoint), but still distinct > > (non-identical). And I think they will differ sufficiently for it to be an > > issue. > > I can tell you, I trust icecat a lot more than I trust firefox. But even > that isn't black and white. This proposal divides software into good and not > good categories. That really doesn't match how I use software. This seems to presume DIGLIM is the only mechanism available. Admins running large fleets likely have other mechanisms that complement this, e.g. selective sync of repos with unapproved software excluded, enforcing minimum versions of packages to exclude versions known to have security vulnerabilities, etc. If/when something like this gets shipped, I hope Fedora limits itself to shipping a policy that is the equivalent of SELinux's 'targeted' policy: protect the RPMs that Fedora ships from being tampered with, let users do whatever on top. With an option to turn it off completely or to enforce more strictly. Best regards, -- Michel Alexandre Salim profile: https://keyoxide.org/michel@xxxxxxxxxxxxxxx
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
