Announcement

Collapse
No announcement yet.

Fedora 37 Looks To Begin Signing RPM Contents For Greater Trust

Collapse
X
Collapse
 
  • Page of 3
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • #1

    Fedora 37 Looks To Begin Signing RPM Contents For Greater Trust

    Phoronix: Fedora 37 Looks To Begin Signing RPM Contents For Greater Trust

    With Fedora 36 working its way towards release later this month, more developer attention and planning is turning to Fedora 37 that will be released this autumn. One of the changes being talked about this week is for signing RPM contents for a means of trusting the files that are executed...

    Fedora 37 Looks To Begin Signing RPM Contents For Greater Trust - Phoronix
    https://www.phoronix.com/scan.php?page=news_item&px=Fedora-37-Signing-RPMs
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    I would like software such as Epiphany, Evince, Totem, VLC, Eye of GNOME, etc to be packaged with Flatpak and sandboxed. That would increase trust for me if I knew things were sandboxed so even if they were vulnerable, they were still sandboxed.

    I would also like an application firewall.
    • Likes 7

    Comment

    • #3
      Originally posted by uid313 View Post
      I would like software such as Epiphany, Evince, Totem, VLC, Eye of GNOME, etc to be packaged with Flatpak and sandboxed. That would increase trust for me if I knew things were sandboxed so even if they were vulnerable, they were still sandboxed.

      I would also like an application firewall.
      Linux definitely need more application sandbox that are easy to use and more dynamic.

      MacOS has builtin sandbox, that asks for permission before allowing application to access a directory, I wish we can have that in Linux.
      • Likes 4

      Comment

      • #4
        Originally posted by NobodyXu View Post

        Linux definitely need more application sandbox that are easy to use and more dynamic.

        MacOS has builtin sandbox, that asks for permission before allowing application to access a directory, I wish we can have that in Linux.
        Yeah, and on Android every app needs to ask permissions. On Windows there is a built-in application firewall.
        On Linux its just nothing out-of-the-box and people say, well go use a virtual machine, or go use firejaill, and you have to manually set it up.
        • Likes 7

        Comment

        • #5
          QubesOS
          and
          OpenSnitch
          come to mind.
          Last edited by elatllat; 05 April 2022, 08:42 AM.

          Comment

          • #6
            Originally posted by uid313 View Post
            I would like software such as Epiphany, Evince, Totem, VLC, Eye of GNOME, etc to be packaged with Flatpak and sandboxed. That would increase trust for me if I knew things were sandboxed so even if they were vulnerable, they were still sandboxed.

            I would also like an application firewall.
            I'm wondering the same thing. I don't know why they are wasting time with rpm signing when the already have Flatpak.
            It looks like they have a sort of internal faction. Please Fedora stop pushing new rpm's features and bet more on the excellent Flatpak instead.

            Comment

            • #7
              Originally posted by alem View Post

              I'm wondering the same thing. I don't know why they are wasting time with rpm signing when the already have Flatpak.
              It looks like they have a sort of internal faction. Please Fedora stop pushing new rpm's features and bet more on the excellent Flatpak instead.
              nothing wrong with doing both - and you will need both done if you want to do it right (gotta sign flatpak and podman binaries anyway)
              • Likes 6

              Comment

              • #8
                Originally posted by alem View Post

                I'm wondering the same thing. I don't know why they are wasting time with rpm signing when the already have Flatpak.
                It looks like they have a sort of internal faction. Please Fedora stop pushing new rpm's features and bet more on the excellent Flatpak instead.
                From https://fedoraproject.org/wiki/Chang...d_RPM_Contents

                "The intention here is not to ship a default policies for users but rather have sample policies that users can modify and use themselves. The Fedora IoT Edition intends to have sample policies and documentation for a number of IoT and Edge use cases."

                Flatpak doesn't work for this.
                • Likes 5

                Comment

                • #9
                  Originally posted by alem View Post

                  I'm wondering the same thing. I don't know why they are wasting time with rpm signing when the already have Flatpak.
                  It looks like they have a sort of internal faction. Please Fedora stop pushing new rpm's features and bet more on the excellent Flatpak instead.
                  Flatpak will not replace RPM, the base OS still needs RPM. Flatpak is only for apps. Even on Silverblue, the immutable OSTree root still uses RPM for that infrastructure.
                  • Likes 4

                  Comment

                  • #10
                    I hate flatpacks.
                    • Likes 2

                    Comment

                    Previous 1 2 3 template Next
                    Working...
                    X