Why must the #UX of any kind of #cryptography related tooling on our systems suck so much?
Today's task - manage CA certificates on our clusters' base-systems using #Ansible.
The canonical way on #RHEL systems seems to be, to use #p11kit's "trust" CLI.
"--help" says to use "trust list" - that sounds easy. I'll just compare those certificate serials against my desired state and then import the delta into the trust store…
But: the unique identifier of "trust list"'s output is a PKCS11 URI!
Being free and #OpenSource makes AlmaLinux a good fit for MEGWARE's HPC clusters, which are used exclusively for research and education, as they offer a free alternative to #RHEL.
Das #BSI ist inzwischen auch aufgewacht und warnt vor dem #xz Backdoor. Das ist löblich, die Warnung selbst aber nicht ganz korrekt.
Die vielen Millionen Internet-Server laufen in den seltensten Fällen auf Bleeding-Edge-Systemen, sondern auf stabilen, wie etwa #DebianStable, #UbuntuServer, #SLES oder #RHEL. Keine der genannten Distributionen enthält den #xzbackdoor.
Ist das wieder nur schlafmütziger #Compliance Fick-Fuck einer deutschen Behörde, oder möchte man ...
This is a very cool and easy to follow story of one person's personal needs for their server.
They start with assuming they stability as high as RHEL with consistent versioning, but over time containers erases that concern so they are freed up to think about other nice things like having newer software.
If you've wondered why people use Fedora Server when CentOS and RHEL exist, this is one reason!
While everyone has been talking about #xz's backdoor I've been working on a patch for an AlmaLinux kernel vulnerability (CVE-2024-1086) that #rhel has yet to release a fix for (though #centos stream is patched). It's quite a nasty privilege escalation vulnerability so I suggest updating ASAP.
I'm back on RHEL for all my computers, I'm done messing around with weird inconsistencies and unexpected changes in updates. I love the innovation of upstream and all the wonderful madness of the bazaar, but I don't have time to drink from the fire hose these days.
I'm super grateful for all the exceptional and hard work the RHEL team at Red Hat does and the Fedora EPEL community. ❤️
@centos will be hosting an event at SCaLE called CentOS Classroom - a neat opportunity to learn more about the project from contributors. Happening Mar 14 from 2-5pm local time!
At the end there will be a packaging workshop for Fedora EPEL! Check it out if you've wanted to get into packaging but weren't sure how. @carlwgeorge's got your back. 👍