On Fri, 25 Aug 2023 at 07:44, Richard Hughes <hughsient@xxxxxxxxx> wrote:
Hi all,
I was thinking of adding Passim as a default-installed and
default-enabled dep of fwupd in the Fedora 40 release. Before I create
lots of unnecessary drama, is there any early feedback on what's
described in https://github.com/hughsie/passim/blob/main/README.md
please.
The tl;dr: is I want to add a mDNS server that reshares the public
firmware update metadata from the LVFS on your LAN. The idea is that
rather than 25 users in an office downloading the same ~2MB file from
the CDN every day, the first downloads from the CDN and the other 24
download from the first machine. All machines still download the
[tiny] jcat file from the CDN still so we know the SHA256 to search
for and verify.
I am not sure how much this will actually help things. My understanding was that Microsoft found their own 'share updates' not working as much as expected and causing way too many security headaches even on 'nice friendly networks' either by network scans or just the fact that as soon as someone puts up a service like this.. it is profitable for the crooks to abuse it.
I am not against it, but I think the days of "Here we've assuming your local network (aka LAN) is a nice and friendly place, without evil people trying to overwhelm your system or feed you fake files." is dead and whatever tool applied needs to be designed with the fact that it only takes 0.01% of 'evil people' in the population to make things crap.
The backstory is that as the fwupd grows and grows (to ChromeOS,
FreeBSD, Windows and macOS) we need to scale things up a couple of
orders of magnitude. This isn't specific to firmware stuff, although I
think it makes a great testcase which we could add dnf or ostree
content to in the future. Comments and questions are most welcome.
Thanks,
Richard.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Stephen Smoogen, Red Hat Automotive
Let us be kind to one another, for most of us are fighting a hard battle. -- Ian MacClaren_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue