Announcement

Collapse
No announcement yet.

The First Of The Features Being Proposed For Fedora 23

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by Luke_Wolf View Post
    FIPS certification might have marketing value but it's pretty clear that it serves little practical purpose if it let something as awful as openssl get certified. So unless you want to argue that openSUSE and Fedora are there to serve the corporate interests of RedHat and SUSE as opposed to being community projects, then FIPS is of no concern to them, just for the actual products of RedHat and SUSE: RHEL and SLES. You want to use other SSL libraries? Cool, but frankly openssl itself needs to be canned.
    Regardless of the merits, FIPS compliance is an essential requirement for some very large customers and unless libressl has the necessary support, it won't be considered for the major commercial distributions. That is just a fact. Now openbsd developers don't care about that and ripped off the feature which works for them but not the commercial distributions. Fedora and openSUSE are sponsored by Red Hat and SUSE so of course they aren't going to push for such a change. Volunteer developers haven't shown any interest whatsoever in pushing for such a change either. If anyone here actually wants to sign up to do the work, feel free to write up a feature proposal. Talk is cheap.


    Unless openssl has gone under the same refactoring and cleanup process that libressl has, then "more attention" means very little as libressl is wading waist deep in shit whereas openssl is wading up to their necks in shit, and so the effect is minimized.
    openssl is going through a major refactoring as part of the review process

    http://www.slate.com/blogs/future_te...evelopers.html

    The resultant security advisories are listed at

    https://www.openssl.org/news/

    Comment


    • #12
      Originally posted by balouba View Post
      as much as i like diversity im not sure its a good idea to switch away from firefox. its the most open and most compatible right now if you don't wanna choose chrome. Its ui is actually GTK.

      Now then again I would understand if its a GTK3/wayland block.....:

      https://bugzilla.mozilla.org/show_bug.cgi?id=635134
      https://bugzilla.mozilla.org/show_bug.cgi?id=627699
      at the moment Firefox is user Friendly an people can install Extensions etc. Epiphany cant install Extensions at the moment plus it lacks what Chromium has or Firefox has for that matter. Firefox IMO is becoming more an more bogged down with non-opensource stuff. somewhere in this mailing list that Guyy Michael an a few others talk about making i think Epiphany thr Default Browser https://lists.fedoraproject.org/pipermail/desktop/
      an im sure Firefox will remain in the Repo's even if at some stage Epiphany does become Default

      Comment


      • #13
        Not able to save browsing sessions, and some form of Ad blocker is no-go for me. If Epiphany can use extensions, then it is OK.

        Comment


        • #14
          Originally posted by Drago View Post
          Not able to save browsing sessions, and some form of Ad blocker is no-go for me. If Epiphany can use extensions, then it is OK.
          i think there Goal is to use the Extensions Google Chrome/Chromium uses

          problem with Epiphany it can only use a Single Process, not Multiple atm
          Last edited by Anvil; 29 April 2015, 05:04 AM.

          Comment


          • #15
            Originally posted by Drago View Post
            Not able to save browsing sessions, and some form of Ad blocker is no-go for me. If Epiphany can use extensions, then it is OK.
            Epiphany is just not stable enough for daily use from an eager Linux user point of view.

            Comment


            • #16
              Originally posted by Modu View Post
              Epiphany is just not stable enough for daily use from an eager Linux user point of view.
              its gonna take a fair bit of time till Epiphany is usable , there isnt a lot of Developers that Develop Epiphany currently but its slowly getting better, but i dont think there is any such Browser thats " stable " anyway

              Comment


              • #17
                Originally posted by RahulSundaram View Post
                Regardless of the merits, FIPS compliance is an essential requirement for some very large customers and unless libressl has the necessary support, it won't be considered for the major commercial distributions. That is just a fact.
                So some certification is more important than security. Good to know.
                Btw. LibreSSL is packaged by openSUSE. It is just not the default SSL implementation (i.e. the specfile says Conflictspenssl not Providespenssl).

                Originally posted by RahulSundaram View Post
                If anyone here actually wants to sign up to do the work, feel free to write up a feature proposal. Talk is cheap.
                Fedora's packaging tools are absolutely horrible. There is a reason I do all my Fedora packaging in OBS.
                With OBS and Kiwi it should be indeed relatively easy to create a LibreSSL-using distribution.

                Comment


                • #18
                  Originally posted by Awesomeness View Post
                  So some certification is more important than security. Good to know.
                  Not what I said. Both are important and you haven't shown that libressl offers any significant advantage for security. Also, FIPS isn't some random certification but an absolute requirement in several major industries including govt and finance.

                  Fedora's packaging tools are absolutely horrible. There is a reason I do all my Fedora packaging in OBS.
                  With OBS and Kiwi it should be indeed relatively easy to create a LibreSSL-using distribution.
                  Sure. Anyone can create a remix using copr and livecd-tools as well but that kinda misses the point. This isn't primarily a packaging problem. Introducing libressl as an option in a repository especially using copr is fairly easy. What is going to be non-trivial is making it default in the official repository and that requires new code development, security review and extensive testing after demonstrating that a switch is worth all this effort.

                  Comment


                  • #19
                    Those SSL changes should have been made in 22!

                    Comment


                    • #20
                      Originally posted by RahulSundaram View Post
                      There is no serious current proposal to switch away from Firefox and Fedora 22 Firefox already using GTK3. Using GTK 3 alone does not make Firefox use Wayland however. Firefox is built using a completely separate UI layer with only some parts using GTK.
                      While no formal proposal has been made, as such, michael cantanzaro has expressed the view (expectation?) that epiphany/web should replace firefox "when it's ready".
                      Firefox needs gtk3, which is not quite there yet (https://bugzilla.mozilla.org/show_bug.cgi?id=627699). The wayland readiness is yet further away (https://bugzilla.mozilla.org/show_bug.cgi?id=635134).
                      The problem, iirc, is that michael stransky is the only one working in this area regularly.

                      Comment

                      Working...
                      X