If you’ve tagged a Fedora social media account with some thoughts or feedback, thank you for that! We appreciate you taking the time to let us know what your experience was with some aspect of the project. However, our social media channels are not the best way to pass that along as it’s only a few people who have access to and read the posts we’re tagged in. For a better impact, we’ve created this thread.
Welcome to the suggestion box! This discussion thread is to collect your feedback on Fedora Linux and any of our spins. By taking the time to give your thoughts here, people from all over the project will be able to see it, and therefore the chances of someone grabbing that as an action item goes up (though it is not guaranteed as many times a lot of thought and intention has gone into decisions).
A few other notes:
If you’re new to Fedora Discussion, please keep in mind that this forum and thread are all under the Fedora Code of Conduct. Please be respectful and constructive with your comments.
This is NOT a support thread. If you’re trying to troubleshoot, please visit our sister forum Ask Fedora where contributors can help solve your problem.
This is an experimental thread as we explore how we can collect feedback from the wider user community. It will run until the end of the quarter (end of March 2023) and then we’ll see if we continue this with another thread for next quarter or experiment with another solution entirely.
I would like to propose this : Add the argument needed to make (fido2xLuks) and (tpm2xluks) into the default initramfs (even if some change are needed).
because more than half of the user i do see use : rpm-ostree initramfs --enable --arg=“-a fido2” are for a “passwordless” unlocking of luks (mine is for fido2).
And since enabling initramfs actually reduce the secureboot protection why not integrate these args directly into the normal one ?
Since you do want to move on the “normal” fedora to a unified kernel (with initram into it too), it may be interesting to start by made this change to silverblue, because if it work on silverblue now, it will work on normal fedora when your team decide to add the unified kernel to it (and so reduce the pain on some user when people who do use this kind of method of luks unlock will see it continue to work with a very low amount of change on their end).
Since i just finished my move to silverblue and i have made the best effort to change as little as possible settings i take the time to suggest these 5 things (these recommandation are aimed for silverblue and kinoite).
1 : Move firefox from the base image to Fedora Flatpak (flatpak can do the trick if you change the flatpak’s config to allow all hardware (making U2F key work)).
2 : Retire NetworkManager-config-connectivity-fedora, and move this config into the settings like ubuntu do (so we can enable disable it by a click and not use cli / override remove to remove it).
3 : Add into the base image : pam-u2f and pamu2fcfg for yubikey protected login without having to layer them.
4 : Retire gnome-terminal and gnome-terminal-nautilus, like com.raggesilver.BlackBox on flathub show us using a terminal emulator is possible in flatpak version, and since many people like to change these terminal remove them from the basic image and move them to Fedora flatpak.
5 : Finally Yelp can also be moved to flatpak, not many will use it (and use a search engine instead) and docs can be into the image but yelp (the gui who call them) into flatpak.
I know i have asked 5 thing but it’s the five (6 if we count my first post), that cannot be fixed on user side unless by using alternatives that generate unnecessary layering … that can be fixed by you.
Only if they don’t forget to fix the gnome secret (who require password at login to unlock it).
For proton i think it must be proton work to do the software and after ask the DE (Gnome & KDE) to implement it in their stack.
These kind of integration must be done by the Software stack and not the OS stack.