A possible step toward integrity measurement for Fedora

> ... Fedora CoreOS, where much of the system is, in fact, meant to be immutable.

Hi, I work on Fedora CoreOS, and while I don't speak for the whole team, please see:
https://blog.verbum.org/2019/12/23/starting-from-open-and...
https://blog.verbum.org/2020/08/22/immutable-%E2%86%92-re...

As noted in one of the blog posts, e.g. replacing the kernel with a newer/different version to test something is a first class, fully supported operation. "immutable" is hence a misleading term.

I do want to make Linux systems that are much more resilient to accidental (and malicious) damage than many current traditional-package based systems, and I believe we have made numerous concrete changes in that direction, but there's still a lot more to do.

And particularly for Fedora CoreOS it's definitely a goal that e.g. you *don't* need to layer or override anything in the base OS and happily run your software as containers. A lot of people are at that point and we want to grow that set.

A strong IMA type policy (along with other things like trusted_for() https://lwn.net/Articles/832959/ and I also think IPE is interesting https://lwn.net/Articles/816952/ ) are something I want to push for supporting in Fedora-derived operating systems in general, and it can make particular sense for those "happy path" users that are entirely containerized.

But, again - it's your computer, not ours, and we offer first-class tooling for changing things when you need to, so immutable is not a great term. Thanks!