2012/3/9 Alan Cox <alan@xxxxxxxxxxxxxxxxxxx>: > > So you can stop a third party tampering with the modules on your system, > while keeping the ability to do so yourself. It's all about who owns the > keys. If you own the keys it becomes a useful security feature to some > users. > > Alan Put in other words: You cannot do anything with the distro-realeased modules because they should be signed. If the distro key is "publicly" available then any third party can use it and sign his modules. So I have to recompile the whole kernel (all modules inclusive) and resign them with my own key so that only I can temper with them. In both cases I need to recomplie the kernel once again... just for nothing. Honestly I think this is an extra burden for the developers/people who modifiy often their kernels. --joshua -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
