4 Jul
2022
4 Jul
'22
5:48 p.m.
On Mon, Jul 4 2022 at 09:55:20 AM +0200, Lennart Poettering mzerqung@0pointer.de wrote:
Signing and authenticating the code is a good thing to protect systems – it's a good thing if we can do so for the boot code too as we boot.
Tangent:
After installing or upgrading your Fedora or RHEL system, you have to accept a "do you trust this official Fedora project key" prompt or you cannot install packages from the official repos. So all our users have been trained to ignore warnings about untrusted packages because it's mandatory to do so. If few users think twice about accepting a key as long as it purports to be from "Fedora" or "Red Hat"... well, the whole system is subverted. This needs a rethink.
Michael