And the issues are locked so if something nefarious happens, discussion will only occur somewhere else instead of the repo

people shouldn’t count on that anyways because the repo owner can delete issues, comments, also edit them

and the code must be a replicable build by F-Droid’s internal apk signature copying process

that’s not a requirement. or was it already being built reproducibly?

it means android api changes, google play restrictions and removals

its funny how the up and down votes are almost in sync for all comments.

let me clarify for everyone: email is not needed for a selfhosted setup, and shouldn’t be. I am in doubt that the majority of selfhosters run mail servers.

I think there’s some linux command to query the installed keys, but here I have only found the command for listing all the installed mok keys: https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot

I can boot into Windows through the BIOS using only the MS-signed bootloader instead of GRUB or any chain loader, and Windows itself considers Secure Boot to be enabled successfully.

I assume that’s because your motherboard still has the microsoft keys installed besides the MOK keys, and it verified the bootloader with that. thats why it accepts the ms signed bootloader. as I know not all motherboards allow removing it, and there are a few buggy ones that get hard bricked if you do that.

Microsoft provides SB shims for some linux distributions, so it wouldn’t mean locking out all linux players.

right, you can look at it that way too. but what the consumers see (and feel) is that the game tells what kind of software you can have, even when that is not related to the game. and that’s what’s not usual.

this is less obvious on windows, because it’s not that common to be modified by users in a way that matters here, as the checks are kind of loose, but on android it’s quite different, and windows is likely to get the same treatment, which is the reason why valve is pouring so much money into linux

these games only accept the secure boot setup where the root key is that of microsoft’s. that means that you either need windows with a pre-approved configuration in some regards (notable difference: any foss kernel drivers are nono because they won’t ever be signed) or a linux system for which microsoft gives a secureboot shim with whatever further restrictions.

the consequences are more obvious if you look at android as an example. It’s not called secure boot there, but android verified boot, and the turning off of it is called “bootloader unlocking”. very few phones support installing your own signing keys so you can’t take advantage of it with a bloatless android distribution. but even on phones that do, there are many apps that require a locked bootloader with the factory keys, including banking apps, nfc payment apps, government apps (including those that are required to access the online government account), entertainment apps with strict DRM, …

its like you are intentionally trying to misunderstand what they are saying, good work at it. Obviously, they didn’t deem SB and TPM unusual, but the types of software (entertainment industry products) demanding it while the software of the security industry does not.

but it’s not a pointless requirement or some grand conspiracy to make people buy new hardware.

consumers won’t benefit from this functionality, but many industries will in the foreseeable future

start going down the technical path with Linux to extend the life further.

linux won’t fix this kind of shit, because this is about an arbitrary limitation of wanting to lock the owner out of their own system. these malware companies won’t ever recognize a free linux setup as “verified”

TPM is enterprise functionality, useless for most consumers. useful for locking down control ower hardware against “unathorized personnel”

Secure Boot is not enough for these malware. They want SB rooted in MS keys. You using a Machine Owner Key? Too bad, go away! they say

all they want is get more control over your hardware, and less of it for you

who said they do?

the tpm does not add any security whatsoever for windows 11, and secure boot is being used to lock your control out of your own system. secure boot enabled with machine owner keys wouldn’t be enough either for these games

bad librewolf, shame on them for not paying the tax

Tailscale is wireguard with automatic configuration. OPs problem will remain: it needs an app

set up a tailscale client on their networks, and set up a reverse proxy on it for your services. then you can just point these tvs to the local proxy

well, to some people. but if you think about it this way: it’s an entertainment website with no useful content, then I can agree with it

you start with authenticated things, like forgejo and such, and always double check that anonymous visitors don’t see any data.

but generally it’s also not wise to just expose most services to the internet. jellyfin for example had lots of leaks because lots of API functionality was accessible without authentication. I don’t know if it’s been fully fixed.
expose a wireguard, it is safe, it is security software, and access everything else through it. you can keep using your domain for internal services.

with copyparty there’s an added risk. if police finds you hosted child porn, they won’t care if it wasn’t you who uploaded it. someone reports it to them, they steal all your computers, worst case you can even end up in jail.

all banks I know have a problem with it in my country. one of the didn’t, but recently decided to end their good tradition referring to some unclear legal obligations