Proposed F19 Feature: Package Signature Checking During Installation
Toshio Kuratomi
a.badger at gmail.com
Thu Jan 10 16:27:42 UTC 2013
On Tue, Jan 8, 2013 at 10:15 AM, Peter Jones <pjones at redhat.com> wrote:
> On Tue, Jan 08, 2013 at 11:04:30AM -0500, Steve Clark wrote:
> >
> > What about repins? I want to add my own custom package that is not
> signed and create a new CD with a custom ks.cfg.
> > How would that work?
>
> You'd generate your own key, and people using your packages, who have
> presumably decided they trust that you're really you through some other
> method, would enrol your key in the MoK list on the machine.
What is the MoK list?
Alternately
> you can pay $99 (one time only) and get your keys signed by something the
> machine already trusts. I'll write more thorough documentation on each of
> the processes to do these as this moves forward.
>
> Cool. The What-if-I-want-to-create-a-remix question on this page
https://fedoraproject.org/wiki/Secureboot#Questions_and_Answers is one
place that will need updating. Also, the Secure Boot documentation that
Eric Christensen started working on based on information from that page
(and he also needs help to finish the documentation on using your own keys
in an F18 setting as well.)
-Toshio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130110/c45836a1/attachment.html>
More information about the devel
mailing list