I would propose also ability keep DNSSEC validation passthru. If
infrastructure provides cryptographic records, they should be available
also on the installed host. Without extra modifications.
Ie. if delv @$NS is validated for all network DNS servers, then delv
should validate too. But that would rule out systemd-resolved in current
configuration. delv is a command from bind-utils.
Is that too much to ask?
On 04. 06. 22 1:35, Adam Williamson wrote:
Hi folks!
Some time ago I proposed some specific networking release criteria. I
revived the thread back in February, and meeting discussion suggested
we should be more intentional and specific about wifi requirements. So,
looking at it again, I suggest adding an additional footnote:
Footnote titled "Wireless networks": Common wireless network
configurations using supported hardware as defined above are covered by
this criterion. This includes access to home and enterprise wireless
networks using 802.11 series connection protocols and WPA2 and WPA3
personal and enterprise security protocols. Bugs that are specific to
particular hardware or configurations will be assessed according to
[[Blocker_Bug_FAQ|hardware-dependent-issues|the normal considerations
for such issues]].
Here is the full proposal again, with the new footnote included:
#####
=== Network requirements ===
Each of these requirements apply to both installer and installed system
environments. For any given installer environment, the 'default network
configuration tools' are considered to be those the installer documents
as supported ways to configure networking (e.g. for anaconda-based
environments, configuration via kernel command line options, a
kickstart, or interactively in anaconda itself are included).
==== Basic networking ====
It must be possible to establish both IPv4 and IPv6 network connections
using both typical router-provided addressing systems (e.g. DHCP on
IPv4 or SLAAC or IPv6) and static addressing. The default network
configuration tools for the console, for release-blocking desktops and
for installer environments must work well enough to allow typical
network connection configuration operations without major workarounds.
Standard network functions such as address resolution and connections
with common protocols such as ping, HTTP and ssh must work as expected.
Footnote titled "Supported hardware": Supported network hardware is
hardware for which the Fedora kernel includes drivers and, where
necessary, for which a firmware package is available. If support for a
commonly-used piece or type of network hardware that would usually be
present is omitted, that may constitute a violation of this criterion,
after consideration of the [[Blocker_Bug_FAQ|hardware-dependent-
issues|normal factors for hardware-dependent issues]]. Similarly,
violations of this criteria that are hardware or configuration
dependent are, as usual, subject to consideration of those factors when
determining whether they are release-blocking.
Footnote titled "Wireless networks": Common wireless network
configurations using supported hardware as defined above are covered by
this criterion. This includes access to home and enterprise wireless
networks using 802.11 series connection protocols and WPA2 and WPA3
personal and enterprise security protocols. Bugs that are specific to
particular hardware or configurations will be assessed according to
[[Blocker_Bug_FAQ|hardware-dependent-issues|the normal considerations
for such issues]].
==== VPN connections ====
Using the default network configuration tools for the console and for
release-blocking desktops, it must be possible to establish a working
connection to common OpenVPN, openconnect-supported and vpnc-supported
VPN servers with typical configurations.
Footnote titled "Supported servers and configurations": As there are
many different VPN server applications and configurations, blocker
reviewers must use their best judgment in determining whether
violations of this criterion are likely to be encountered commonly
enough to block a release, and if so, at which milestone. As a general
principle, the more people are likely to use affected servers and the
less complicated the configuration required to hit the bug, the more
likely it is to be a blocker.
#####
Any more thoughts, comments, adjustments etc? Thanks!
--
Petr Menšík
Software Engineer, RHEL
Red Hat, http://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure