Proposed F19 Feature: Package Signature Checking During Installation
Till Maas
opensource at till.name
Tue Jan 8 21:38:16 UTC 2013
On Tue, Jan 08, 2013 at 03:20:41PM -0500, Peter Jones wrote:
> On Tue, Jan 08, 2013 at 08:28:03PM +0100, Björn Persson wrote:
>
> > I'll agree that most users probably don't verify their DVD images as it
> > takes some manual work to do it properly, so that's another weak link,
> > but the possibility does exist for those of us who care enough about
> > our security.
>
> It's like Ronald Reagan said: trust, but verify. In this scenario,
> there's no way for anaconda to verify it. As such, I'm not planning to
> work on it for this feature.
I do not see the difference from anaconda's perspective. With secure
boot enabled, UEFI(?) verified the boot medium/the environment anaconda
runs in and with the manual process a human did. How does it help
anaconda if the environment has been verified by UEFI?
Nevertheless, once anaconda is capable of installing only proper
packages from a verified environment, a patch do also do this if the
environment has been verified by a human should be trivial.
Regards
Till
More information about the devel
mailing list