On Tue, Jun 11, 2024 at 04:22:24PM +0200, Jiri Konecny wrote:
> On 11. 06. 24 11:53, Neal Gompa wrote:
> > On Tue, Jun 11, 2024 at 10:41 AM Jiri Konecny<jkonecny@xxxxxxxxxx> wrote:
> > > On 04. 06. 24 14:27, Neal Gompa wrote:
> > > > On Tue, Jun 4, 2024 at 8:23 AM Jiri Konecny<jkonecny@xxxxxxxxxx> wrote:
> > > > >
> > > > > On 03. 06. 24 21:57, Jason L Tibbitts III wrote:
> > > > > > > > > > > Aoife Moloney<amoloney@xxxxxxxxxx> writes:
> > > > > > > === VNC switch to RDP for remote GUI installations ===
> > > > > > I'm curious how my usual install workflow will be affected by this
> > > > > > change. I use the kickstart "vnc --connect" option extensively in my
> > > > > > workflow; I may have a bunch of installs running in parallel, and they
> > > > > > just connect and display when they are ready. I use vinagre as the vnc
> > > > > > client.
> > > > > >
> > > > > > It's not a huge thing; I could come up with another workflow but that's
> > > > > > the one I've used since before Fedora existed. The installs are fully
> > > > > > automated and the display connection is only used so that I can see the
> > > > > > progress and potentially interact with a machine if it encounters a
> > > > > > problem. I guess in the worst case I could just do the install blind
> > > > > > and ssh in if something takes too long.
> > > > > Hi, the only change should be that you will change "vnc --connect" with
> > > > > the new API we will provide and also use RDP as your client instead of VNC.
> > > > >
> > > > Given that gnome-remote-desktop supports both VNC and RDP, can't VNC
> > > > support still be wired up?
> > > >
> > > Hi, it is theoretically possible but we are not planning to do that
> > > until there will be a reason for that. AFAIK it's not that simple change
> > > to do that.
> > >
> > I think the reason is pretty obvious: there are many more high quality
> > VNC clients than there are RDP ones. And even ignoring that, the
> > existing Anaconda workflows for remote GUI expect VNC. There is no
> > technical limitation preventing us from having VNC support through
> > grd. In fact, one of the original reasons I wrote the Weston backend
> > for Anaconda was so that I could have VNC for Linux and web clients,
> > because the RDP clients are not very good in my experience.
> >
> In any case, I would see this more like a future improvement if we agree to
> go this way. I would like to simplify things for now, it's already a big
> change.
>
> Anyway, Jonas, could you please share your recommendation here as owner of
> grd? Do you think that VNC should be enabled in grd?
Currently in upstream grd VNC support is implemented using LibVNCServer,
and completely lacks any way of encryption. Other than that, there are
awkward limitations of password lengths that may be present, depending
on various factors. All in all, it's awful for security.
There are three things that would make me comfortable recommending making
VNC an option:
* Changing implementation to use neatvnc instead of LibVNCServer. The
impression I have is that this VNC implementation has a bit higher
code quality compared to LibVNCServer.
* Implement TLS key/cert based encryption and require that by default,
while dropping the anontls support we have downstream in Fedora.
* Remove the "prompt" authorization method from grd.
Other than that, a probably unenforcable thing would be to not allow it
being exposed to the wider Internet.
Jonas
>
> Best Regards,
> Jirka
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
