New Crowdin translations by GitHub Action

2025-11-11 02:47:52 +00:00 · 2024-08-05 03:33:33 +00:00
parent ff123e26d4
commit f8154aae88
87 changed files with 640 additions and 408 deletions
--- a/i18n/zh-Hant/assets/img/linux/screenshot_permission.png
+++ b/i18n/zh-Hant/assets/img/linux/screenshot_permission.png
--- a/i18n/zh-Hant/desktop.md
+++ b/i18n/zh-Hant/desktop.md
@@ -17,7 +17,7 @@ cover: desktop.webp

 ![Fedora logo](assets/img/linux-desktop/fedora.svg){ align=right }

-**Fedora Workstation** 是我們推薦給Linux新手的發行版。 Fedora generally adopts newer technologies before other distributions e.g., [Wayland](https://wayland.freedesktop.org) and [PipeWire](https://pipewire.org). 這些新技術通常會在安全性、隱私性和可用性方面有所改善。
+**Fedora Workstation** 是我們推薦給Linux新手的發行版。 Fedora generally adopts newer technologies (e.g., [Wayland](https://wayland.freedesktop.org) and [PipeWire](https://pipewire.org)) before other distributions. 這些新技術通常會在安全性、隱私性和可用性方面有所改善。

 [:octicons-home-16: Homepage](https://fedoraproject.org/workstation){ .md-button .md-button--primary }
 [:octicons-info-16:](https://docs.fedoraproject.org/en-US/docs){ .card-link title=Documentation}
@@ -91,11 +91,11 @@ Arch Linux有一個滾動發佈週期。 沒有固定的發布時間表，套件

 </div>

-[Fedora Atomic Desktops](https://fedoramagazine.org/introducing-fedora-atomic-desktops) come in a variety of flavors depending on the desktop environment you prefer, such as **Fedora Silverblue** (which comes with [GNOME](https://gnome.org)), **Fedora Kinoite** (which comes with [KDE](https://kde.org)), **Fedora Sway Atomic**, or **Fedora Budgie Atomic**. 但不推薦最後一個，因為 Budgie 桌面環境[仍需要 X11](https://buddiesofbudgie.org/blog/wayland)。
+[Fedora Atomic Desktops](https://fedoramagazine.org/introducing-fedora-atomic-desktops) come in a variety of flavors depending on the desktop environment you prefer. As with the recommendation to avoid X11 in our [criteria](#criteria) for Linux distributions, we recommend avoiding flavors that support only the legacy X11 window system.

 這些作業系統與 Fedora Workstation 不同，它們用更高級方式替換了[DNF](https://docs.fedoraproject.org/en-US/quick-docs/dnf) 套件 管理器，其叫作[`rpm-ostree`](https://docs.fedoraproject.org/en-US/fedora/latest/system-administrators-guide/package-management/rpm-ostree)。 `rpm-ostree` 套件管理器的工作原理是下載系統的基本映像，然後將套件覆蓋在類似 [git](https://en.wikipedia.org/wiki/Git)的提交樹中。 當系統更新時，會下載新的基本影像，並將疊加層應用於該新影像。

-更新完成後，您將重新啟動系統進入新的部署。 `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. 還可以根據需要固定更多部署。
+After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. 還可以根據需要固定更多部署。

 [Flatpak](https://flatpak.org) 是這些發行版本的主要套件安裝方式，而 `rpm-ostree` 只用在基礎映像上疊加那些無法留在容器的套件。

@@ -125,7 +125,7 @@ The Nix package manager uses a purely functional language—which is also called

 [Nixpkgs](https://github.com/nixos/nixpkgs) （套件的主要來源）包含在單一的 GitHub 儲存庫中。 您也可以用相同的語言定義自己的套件，然後輕鬆地將它們包含在您的配置中。

-Nix是一個基於源的套件管理器；如果二進位快取中沒有預先構建的可用性， Nix 只會使用其定義從源構建套件。 它在沙盒 *純* 環境中構建每個套件，盡可能獨立於主機系統，從而使二進制文件可重現。
+Nix是一個基於源的套件管理器；如果二進位快取中沒有預先構建的可用性， Nix 只會使用其定義從源構建套件。 It builds each package in a sandboxed *pure* environment, which is as independent of the host system as possible. Binaries built with this method are reproducible, which can be useful as a safeguard against [:material-package-variant-closed-remove: Supply Chain Attacks](basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}.

 ## 以匿名爲重點的發行版

@@ -232,8 +232,8 @@ While we [recommend against](os/linux-overview.md#release-cycle) "perpetually ou

 - 免費且開放原始碼。
 - 必須定期接收軟體和內核更新。
- [Avoids X11](os/linux-overview.md#wayland).
-    - 這裡值得注意的例外是 Qubes，但虛擬化可以避免 X11 常發生的隔離問題。 This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other.
+- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago.
+    - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other.
 - 安裝時必須支援全磁碟加密。
 - 不可將定期更新發佈凍結超過1年。
    - 我們 [不建議](os/linux-overview.md#release-cycle) 桌機使用“長期支援”或“穩定”發行版。
--- a/i18n/zh-Hant/os/linux-overview.md
+++ b/i18n/zh-Hant/os/linux-overview.md
@@ -103,14 +103,6 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett

 如果需要 suspend-to-disk （磁盤休眠）功能，則仍然需要使用傳統的swap 檔案或分區。 確保持久存儲設備上的任何交換空間予以[加密](https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption)，以減輕一些威脅。

-### Wayland
-
-建議使用支持 [Wayland](https://en.wikipedia.org/wiki/Wayland_(display_server_protocol)) 顯示協議的桌面環境，因為它的開發 [考慮到了安全](https://lwn.net/Articles/589147)。 其前身( [X11](https://en.wikipedia.org/wiki/X_Window_System))，不支持GUI 隔離，允許所有視窗[記錄畫面、日誌和注入其他視窗的輸入](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation.html)，使任何沙盒嘗試都是徒勞。
-
-幸好 [wayland 組成](https://en.wikipedia.org/wiki/Wayland_(protocol)#Wayland_compositors) 例如包括在[GNOME](https://gnome.org) 與[KDE Plasma](https://kde.org) 可以妥善支援 Wayland 與其它使用[wlroots](https://gitlab.freedesktop.org/wlroots/wlroots/-/wikis/Projects-which-use-wlroots)的組件 (例如 [Sway](https://swaywm.org)). 某些發佈版本如 Fedora 和 Tumbleweed 預設使用它，有些則可能在未來也會這樣作在 X11 成為 [硬性維護模式](https://phoronix.com/news/X.Org-Maintenance-Mode-Quickly)後。 If you’re using one of those environments, it is as easy as selecting the “Wayland” session at the desktop display manager ([GDM](https://en.wikipedia.org/wiki/GNOME_Display_Manager), [SDDM](https://en.wikipedia.org/wiki/Simple_Desktop_Display_Manager)).
-
-我們**反對**使用不支援 Wayland 的桌面環境或視窗管理器，如Cinnamon（Linux Mint）、Pantheon（Elementary OS）、MATE、Xfce 和 i3。
-
 ### 商用靭體(Microcode更新)

 Linux 發行版，如 [Linux-libre](https://en.wikipedia.org/wiki/Linux-libre) 或 DIY(Arch Linux)，不附帶商業專用的 [微碼](https://en.wikipedia.org/wiki/Microcode) 更新，這類更新通常會修補漏洞。 這些漏洞的一些著名例子如: [Spectre](https://en.wikipedia.org/wiki/Spectre_(security_vulnerability))、[ Meltdown ](https://en.wikipedia.org /wiki/Meltdown_(security_vulnerability))、[SSB](https://en.wikipedia.org/wiki/Speculative_Store_Bypass)、[Foreshadow](https:/ / en.wikipedia.org/wiki/Foreshadow)、[MDS](https://en.wikipedia.org/wiki/Microarchitectural_Data_Sampling)、[SWAPGS](https: //en.wikipedia.org/wiki/SWAPGS_(security_vulnerability))，以及其他[硬體漏洞](https://kernel.org/doc/html/latest/admin-guide/hw- vuln /index.html)。
@@ -125,6 +117,19 @@ Linux 發行版，如 [Linux-libre](https://en.wikipedia.org/wiki/Linux-libre)

 此外，一些發行版不會自動下載靭體更新。 為此需要安裝l [`fwupd`](https://wiki.archlinux.org/title/Fwupd)。

+### Permission Controls
+
+Desktop environments (DEs) that support the [Wayland](https://wayland.freedesktop.org) display protocol are [more secure](https://lwn.net/Articles/589147) than those that only support X11. However, not all DEs take full advantage of Wayland's architectural security improvements.
+
+For example, GNOME has a notable edge in security compared to other DEs by implementing permission controls for third-party software that tries to [capture your screen](https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3943). That is, when a third-party application attempts to capture your screen, you are prompted for your permission to share your screen with the app.
+
+<figure markdown>
+  ![Screenshot permissions](../assets/img/linux/screenshot_permission.png){ width="450" }
+  <figcaption>GNOME's screenshot permission dialog</figcaption>
+</figure>
+
+Many alternatives don't provide these same permission controls yet,[^1] while some are waiting for Wayland to implement these controls upstream.[^2]
+
 ## 隱私微調

 ### MAC 地址隨機化
@@ -154,3 +159,6 @@ Fedora 專案使用[`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better
 這個 [選項](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) ，目前預設為關閉。 我們建議將 `countme=false` 添加到 `/etc/dnf/dnf.conf` ，以備將來啟用。 使用 `rpm-ostree` 的系統，如 Silverblue，通過遮蔽 [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) 計時器來禁用 countme 選項。

 openSUSE 還使用[唯一的 ID](https://en.opensuse.org/openSUSE:Statistics) 來計算系統，可以通過清空`/var/lib/zypp/AnonymousUniqueId` 此檔案來禁用。
+
+[^1]: KDE currently has an open proposal to add controls for screen captures: <https://invent.kde.org/plasma/xdg-desktop-portal-kde/-/issues/7>
+[^2]: Sway is waiting to add specific security controls until they "know how security as a whole is going to play out" in Wayland: <https://github.com/swaywm/sway/issues/5118#issuecomment-600054496>