Patrick マルタインアンドレアス Uiterwijk wrote:
> I'd like to point out that after many requests, I have updated the change
> page for this significantly, with more details as to the goals (and
> non-goals) of this feature, and answers to many other questions asked.
Sorry, but these clarifications only make it even clearer to me that I do
not want this.
The size measurements show that the RPMDB increases by 20%, which is a lot.
Also, the unit "bytes" in that sentence seems to be wrong, because the next
sentence speaks of a 5 MB increase.
And this "feature":
| Having all files signed with Fedora keys would enable integration with for
| example [https://keylime.dev/], which is a CNCF project that implements
| remote system attestation, based on which a system may or may not get
| access to secrets and other consequences.
claims that those signatures can be used by a remote system to enforce an
unmodified Fedora, which is a blatant violation of GPLv3 requirements.
Keylime cannot be used to enforce anything, it will only monitor and there are already many tools that already do the same thing (aide, rpm -v etc).
There are zero GPLv3 violations here. Any violation would need to be enacted outside of the project.
Kevin Kofler
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org