On Wed, Dec 29, 2021 at 11:03 AM Stephen Snow <s40...@gmail.com> wrote: > > On Wed, 2021-12-29 at 06:38 -0500, Neal Gompa wrote: > > With Windows 11, they're *mandatory*. Corporate policies now > > effectively *require* TPM-based mechanisms *in addition* to classical > > password or token-based multi-factor authentication. > This certainly is not any reason to adopt this for Fedora. So far in my > life with TPM, it has been an annoyance that I find refreshing not to > have to even contemplate with my Fedora Linux installation. > I see no benefit for the Fedora Community and the Fedora Project it > supports to follow the lead of the proprietary driven objectives. The > only obvious one that comes to mind is the recent announcements of it's > inclusion on traditionally proprietary OS vendor supplied hardware. > This wreaks of "for profit" motivation. > > Just my opinion on what I am reading here in the comments.
To be fully transparent, the reason I mentioned that stuff is that having the capability to do these things in Fedora Linux is key for growth and adoption in more circles. At no point do I want to have these features implemented in such a way that the user doesn't have the capability to control and self-authenticate their whole system. If we ever want Fedora Linux to displace Windows or macOS, we *need* to be able to satisfy people's security requirements, including so-called "zero trust" architectures. But none of that has much to do with this Change, since this is about making it possible for a user to configure their system to enforce the integrity of the system based on RPM database information. As users of Fedora Linux systems, we *already* control the RPM database and the RPM signature trust directly, so *if* you turn it on, all it does is decrease the risk of external tampering. -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
