Richard Hughes wrote: > I was thinking of adding Passim as a default-installed and > default-enabled dep of fwupd in the Fedora 40 release. Before I create > lots of unnecessary drama, is there any early feedback on what's > described in https://github.com/hughsie/passim/blob/main/README.md > please. I finally read the README, and, oh geez, this thing is even documented as assuming a friendly network! And it's being proposed to be enabled by default, which means it will run on laptops that move around between cafés, hotels, airports and all the hostile environments anyone can imagine. The document doesn't say what design decisions were made based on the assumption of a friendly network. All of those design decisions need to be reconsidered with the assumption that there are attackers on the LAN who will abuse Passim any way they can, and that Passim must deal reasonably with any and all attacks. Björn Persson
Attachment:
pgpbKFyUg0F4D.pgp
Description: OpenPGP digital signatur
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
