On Fri, Apr 7, 2023 at 5:12 AM Simo Sorce simo@redhat.com wrote:
On Thu, 2023-04-06 at 12:56 -0400, Owen Taylor wrote:
On Thu, Apr 6, 2023 at 12:32 PM Simo Sorce simo@redhat.com wrote:
On Mon, 2023-04-03 at 16:18 -0500, Michael Catanzaro wrote:
On Mon, Apr 3 2023 at 01:41:48 PM -0700, Brian C. Lane <
bcl@redhat.com>
wrote:
This seems like exactly the kind of discussion that belongs on the devel list, not on a website that I have to remember to visit for
updates.
There is a notification bell in the right sidebar. Click it. ;)
Or we can simply ignore that discussion until it lands in devel with a change proposal.
Discussing on the forum was a suggestion from zbyszek and I think he proposed it in the same spirit that I agreed to the proposal - as an experiment in trying to align technical discussions more closely with the overall direction of the Fedora project for communication.
I think we can see both pros and cons in how it's gone - on the good
side,
people are involved that might not be involved otherwise, there's an
easily
accessible public record of the conversation that is more readable than even a good mailing list archive, and having richer markup available is genuinely useful.
On the downside, spam limits on new posters have gotten in the way in
some
cases, and people have had some trouble figuring out how to use the
quoting
features, resulting in disconnected responses.
Yes, there will eventually be change proposals, which will be discussed here (unless anything changes...) but I would strongly encourage people
to
get involved now in the discussion if they care about the topic - the
more
we can get things right early, the better.
Sorry Owen, discourse is too disruptive for me to spend time on.
I did try to skim the discussion and I think you have quite a few hints already that this is not an easy path. What I would recommend though, is to split this monster of a proposal in smaller progressive steps.
There already *are* a lot of smaller progressive steps that are proposed for Fedora, or underway upstream, or already completed. But without at least a fuzzy big-picture story of where we're trying to get to, it's really hard to see how they relate to each other, or know what steps are missing. That's where I'm trying to get to.
You do not need to get everything super-tight-secure on the first try (you won't be able to anyway), and building it in steps will allow you to also (hopefully) offer a more fine-grained choice/configuration later on.
There's at least a need to know what the *recommended* combinations of options are, or it will be impossible to know whether super-tight-secure (or medium-tight-secure) has been achieved.
- Owen