From: Alyssa Ross <hi@alyssa.is>
To: Demi Marie Obenour <demiobenour@gmail.com>, devel@spectrum-os.org
Subject: Re: Verified boot and filesystem choices
Date: Sun, 15 Jun 2025 11:13:58 +0200 [thread overview]
Message-ID: <87jz5ds6y1.fsf@alyssa.is> (raw)
In-Reply-To: <3216444f-4402-46fc-9a25-07f33cdef9c6@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1485 bytes --]
Demi Marie Obenour <demiobenour@gmail.com> writes:
> On 6/14/25 04:23, Alyssa Ross wrote:
>> Demi Marie Obenour <demiobenour@gmail.com> writes:
>>
>>> Bcachefs is not very stable right now,
>>
>> Neither is Spectrum! Given that changing filesystem later if it doesn't
>> work out will be a very easy change to make (up to a point), we can
>> afford to wait. It's an approach that has served us well so far —
>> sometimes focusing on other things means that by the time we have to
>> look at something, the problem has been solved by somebody else.
>>
>> Filesystems are always going to have bugs, so in my opinion the most
>> important thing is to make having good backups easy, so that recovery is
>> possible when something goes wrong, regardless of choice of filesystem.
>> I am very keen for Spectrum to have an integrated backup solution,
>> ideally as easy to use as Time Machine.
>
> To clarify, I'm not referring to bugs that cause data loss, but to bugs
> that allow kernel code execution when a maliciously crafted filesystem
> is mounted. Backups don't protect against this. This attack is mostly
> relevant for kiosks, mobile devices, and other cases where being able
> to restore trust after a device compromise is critical.
So are you saying that bcachefs's lack of stability means that it's
uniquely vulnerable to this sort of vulnerability? I'd be surprised,
given that as you say Kent is actually interested in preventing them.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]
next prev parent reply other threads:[~2025-06-15 9:14 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-14 1:24 Verified boot and filesystem choices Demi Marie Obenour
2025-06-14 8:23 ` Alyssa Ross
2025-06-14 21:32 ` Demi Marie Obenour
2025-06-15 9:13 ` Alyssa Ross [this message]
2025-06-15 16:00 ` Demi Marie Obenour
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87jz5ds6y1.fsf@alyssa.is \
--to=hi@alyssa.is \
--cc=demiobenour@gmail.com \
--cc=devel@spectrum-os.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://spectrum-os.org/git/crosvm
https://spectrum-os.org/git/doc
https://spectrum-os.org/git/mktuntap
https://spectrum-os.org/git/nixpkgs
https://spectrum-os.org/git/spectrum
https://spectrum-os.org/git/ucspi-vsock
https://spectrum-os.org/git/www
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).