On Thu, Feb 07, 2013 at 04:14:27PM +0100, Christophe Fergeau wrote: > On Thu, Feb 07, 2013 at 04:49:43PM +0200, Zeeshan Ali (Khattak) wrote: > > Moreover, even as security measure, its doubtful that MS thought of an > > application being invovled in the process. The common use case > > involves only the user and MS' software (mainly the installer). Its a > > very usual thing to not trust users to know exactly what they are > > doing. They can get malicious drivers from anywhere and try to install > > them. In case of libosinfo, there is going to be an app involved, > > making the decision for the user. > > But once the system is installed, the user will be in control of the OS, > and signature checking will still be disabled! And this patch is disabling > this even when no unsigned drivers are involved at all. NB: If you make sure unsigned drivers cannot be installed after the automatic installation is done (either using some postinstall scripting magic, or either because I'm mistaken and these changes are only valid during the installation process but are thrown away at the end of the install), then I'm all fine with always disabling signature checking as long as it only happens during installation, and the installed OS checks driver signatures. Christophe
Attachment:
pgpLA12GLI_V2.pgp
Description: PGP signature
_______________________________________________ Libosinfo mailing list Libosinfo@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libosinfo
