From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id E118917DCC;
	Sun, 15 Jun 2025 09:14:10 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id D46A217E39; Sun, 15 Jun 2025 09:14:07 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS
	autolearn=unavailable autolearn_force=no version=4.0.1
Received: from fhigh-b6-smtp.messagingengine.com
 (fhigh-b6-smtp.messagingengine.com [202.12.124.157])
	by atuin.qyliss.net (Postfix) with ESMTPS id 75E1617E38
	for <devel@spectrum-os.org>; Sun, 15 Jun 2025 09:14:05 +0000 (UTC)
Received: from phl-compute-05.internal (phl-compute-05.phl.internal
 [10.202.2.45])
	by mailfhigh.stl.internal (Postfix) with ESMTP id 10AFF25400D8;
	Sun, 15 Jun 2025 05:14:03 -0400 (EDT)
Received: from phl-mailfrontend-01 ([10.202.2.162])
  by phl-compute-05.internal (MEProxy); Sun, 15 Jun 2025 05:14:03 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc
	:content-type:content-type:date:date:from:from:in-reply-to
	:in-reply-to:message-id:mime-version:references:reply-to:subject
	:subject:to:to; s=fm3; t=1749978842; x=1750065242; bh=CqRFSjZzXi
	b6uM5VMetgpL3+cRVrgdfq6vLRGGw2C+g=; b=TtwddnHCwoSvnBjkLyJGHnNRcE
	knIEpUR8S9N8T8ZMpssYamCvTmCTC+WPnjZXJ+pyJFzgJTt96kB30k6r3wP6/7jD
	jz4utrR/L0xktiniSWK0x7EZTbkXYd38a0oeB3O1QcZNmeZNR5aKc/gHUmNm5c/f
	niusJKVhVOkptqUIxo/U/lXTDtfgdDJMzoRl8YPvL2rt8ghgaSpJkj8gR6wu3vBZ
	8Z0CuilCgcxu51qRJZH7ANn1zUE2DeKn1T4RZU4UKyeosbcuJ1ppKOGWiWUhdC8/
	T6AVJLoKkrMXWFpsMW+gEOXzFVvH/xZ694FPsCNqvdOJtfh2/hf3pcCvIzPA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:subject:subject:to
	:to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=
	1749978842; x=1750065242; bh=CqRFSjZzXib6uM5VMetgpL3+cRVrgdfq6vL
	RGGw2C+g=; b=A5nq6UFkiVsXKave5TyFsyX4lTgFA/qR+4Rs44uJC88U828dFD5
	hZ2no1bzTZZpdbhFnoz0zWkb57cPW6r719K/uHGU2PSYXb8LiRG9IDboGcxx+IV0
	SPSGuBznsCUQiG2wbNs7FpTvJqZEyXrCFbiGSB2FxlnvgxXtXzmTgKNYngLSoWPd
	QHcCcHGFnazpJ5rnJcQUXnRfIy4PBdOQwwkDotU32iQsgAkWOk1nv7l49RGG0PW2
	ilEBHEI7IPFuFujHJQDEEo34NUhcroZcmR05CNPYve/Sdj5dCepGMiJ2k8YQkkZT
	ttP9rsjaT1bwMUj4G6Z7QMCEGdpdftqEadg==
X-ME-Sender: <xms:2o5OaFRGUE2wpDq4RQ0-4YTLZy9M1N6qMeKLIFZa2iF_QrMUlgWoDw>
    <xme:2o5OaOyFw_8__952Bgt_R42amzjcheZAnJb6FkT_y9oXmaGkSQ0sSio2p2gEN7l2x
    ul2_jw396e0B9gzcg>
X-ME-Received: 
 <xmr:2o5OaK1lgqUeCepNmyAcel_GkC6Hl8qkaH_MqwvIuzDTzj9jjs0JCp1dCp22-XpnAA>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeeffedrtddugddvfeefudcutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp
    uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivg
    hnthhsucdlqddutddtmdenucfjughrpefhvffujghffffkgggtsehgtderredttdejnecu
    hfhrohhmpeetlhihshhsrgcutfhoshhsuceohhhisegrlhihshhsrgdrihhsqeenucggtf
    frrghtthgvrhhnpeffudduffeuffegheeigeejtdekhfduheehfeduheelffettdekiedt
    geefgfelheenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhroh
    hmpehhihesrghlhihsshgrrdhishdpnhgspghrtghpthhtohepvddpmhhouggvpehsmhht
    phhouhhtpdhrtghpthhtohepuggvmhhiohgsvghnohhurhesghhmrghilhdrtghomhdprh
    gtphhtthhopeguvghvvghlsehsphgvtghtrhhumhdqohhsrdhorhhg
X-ME-Proxy: <xmx:2o5OaNAkPqbW4KWKVWyvMVdzjOdujY4ZnaLNeIA51cu7qxxWxKt5Fw>
    <xmx:2o5OaOhQjCnRAfWdFtdYZkmnqODS9yTdVZRSzo_nSbzyGeOWYI7Mrw>
    <xmx:2o5OaBp_NQjiRwwslQVrKMkmM8jr451IxyZrximrHiRJD5vgU1OL-g>
    <xmx:2o5OaJgLjrlDQY7YMnqWEm6SgV6p05kozNao19RMIM0tEixMaa_Bmg>
    <xmx:2o5OaF4msTdPpDDLxxAhdzZen2zL3QV8sNfWuzkr38V7DHNSd-4qqXJJ>
Feedback-ID: i12284293:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun,
 15 Jun 2025 05:14:02 -0400 (EDT)
Received: by mbp.qyliss.net (Postfix, from userid 1000)
	id 6F3BE77C6F2; Sun, 15 Jun 2025 11:14:00 +0200 (CEST)
From: Alyssa Ross <hi@alyssa.is>
To: Demi Marie Obenour <demiobenour@gmail.com>, devel@spectrum-os.org
Subject: Re: Verified boot and filesystem choices
In-Reply-To: <3216444f-4402-46fc-9a25-07f33cdef9c6@gmail.com>
References: <38bffd12-26ba-47cb-a425-1326e3400c8b@gmail.com>
 <8734c2d95m.fsf@alyssa.is>
 <3216444f-4402-46fc-9a25-07f33cdef9c6@gmail.com>
Date: Sun, 15 Jun 2025 11:13:58 +0200
Message-ID: <87jz5ds6y1.fsf@alyssa.is>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Message-ID-Hash: YISOPWZLIRJS3XTAJ2CD26KPFXYGMXVJ
X-Message-ID-Hash: YISOPWZLIRJS3XTAJ2CD26KPFXYGMXVJ
X-MailFrom: hi@alyssa.is
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3;
 header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/YISOPWZLIRJS3XTAJ2CD26KPFXYGMXVJ/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Demi Marie Obenour <demiobenour@gmail.com> writes:

> On 6/14/25 04:23, Alyssa Ross wrote:
>> Demi Marie Obenour <demiobenour@gmail.com> writes:
>>=20
>>> Bcachefs is not very stable right now,
>>=20
>> Neither is Spectrum!  Given that changing filesystem later if it doesn't
>> work out will be a very easy change to make (up to a point), we can
>> afford to wait.  It's an approach that has served us well so far =E2=80=
=94
>> sometimes focusing on other things means that by the time we have to
>> look at something, the problem has been solved by somebody else.
>>=20
>> Filesystems are always going to have bugs, so in my opinion the most
>> important thing is to make having good backups easy, so that recovery is
>> possible when something goes wrong, regardless of choice of filesystem.
>> I am very keen for Spectrum to have an integrated backup solution,
>> ideally as easy to use as Time Machine.
>
> To clarify, I'm not referring to bugs that cause data loss, but to bugs
> that allow kernel code execution when a maliciously crafted filesystem
> is mounted.  Backups don't protect against this.  This attack is mostly
> relevant for kiosks, mobile devices, and other cases where being able
> to restore trust after a device compromise is critical.

So are you saying that bcachefs's lack of stability means that it's
uniquely vulnerable to this sort of vulnerability?  I'd be surprised,
given that as you say Kent is actually interested in preventing them.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRV/neXydHjZma5XLJbRZGEIw/wogUCaE6O1gAKCRBbRZGEIw/w
ouYOAPsEt+zuCADSmUnT+812V0DTaxcpPC2QWL5e9OTZSwyXzwEA5WT0JO1vS17M
tz3V98azJq7r+cM6ehJmvoZwPyWjxA4=
=XRHH
-----END PGP SIGNATURE-----
--=-=-=--