> One long-standing problem in Fedora is that we don't check package signatures > during installation. [...] > Following the implementation of Features/SecureBoot, we can extend the Secure > Boot keys as a root of trust provided by the hardware against which we can > verify a signature on our key files, thus guaranteeing that they're from the > same source as the boot media. It's great that someone is finally trying to do something about bug 998, but what's the plan for computers without Secure Boot? Will Anaconda disable all signature checking if Secure Boot is disabled or unavailable, or will it check as much as it can? In my opinion, if Anaconda finds that it was booted without Secure Boot, then it should assume that the user has verified the checksum on the installation image and that the keys therein are therefore trusted, and use those keys to verify any packages it downloads. It's enough to verify downloaded packages in that case. Packages included on the boot medium don't need to be checked if the boot medium is trusted, but of course it doesn't hurt to verify those too if it's easier to program that way. Björn Persson
Attachment:
signature.asc
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
