On Tue, Dec 28, 2021 at 09:20:11AM -0600, Bruno Wolff III wrote:
On Tue, Dec 28, 2021 at 14:45:59 +0100, Kevin Kofler via devel devel@lists.fedoraproject.org wrote:
But there is the inherent assumption there that the set of software released by Fedora is identical to the set of software the user trusts. In practice, those sets will, sure, be overlapping (non-disjoint), but still distinct (non-identical). And I think they will differ sufficiently for it to be an issue.
I can tell you, I trust icecat a lot more than I trust firefox. But even that isn't black and white. This proposal divides software into good and not good categories. That really doesn't match how I use software.
This seems to presume DIGLIM is the only mechanism available. Admins running large fleets likely have other mechanisms that complement this, e.g. selective sync of repos with unapproved software excluded, enforcing minimum versions of packages to exclude versions known to have security vulnerabilities, etc.
If/when something like this gets shipped, I hope Fedora limits itself to shipping a policy that is the equivalent of SELinux's 'targeted' policy: protect the RPMs that Fedora ships from being tampered with, let users do whatever on top. With an option to turn it off completely or to enforce more strictly.
Best regards,