On Tue, Jan 08, 2013 at 03:20:41PM -0500, Peter Jones wrote: > On Tue, Jan 08, 2013 at 08:28:03PM +0100, Björn Persson wrote: > > > I'll agree that most users probably don't verify their DVD images as it > > takes some manual work to do it properly, so that's another weak link, > > but the possibility does exist for those of us who care enough about > > our security. > > It's like Ronald Reagan said: trust, but verify. In this scenario, > there's no way for anaconda to verify it. As such, I'm not planning to > work on it for this feature. I do not see the difference from anaconda's perspective. With secure boot enabled, UEFI(?) verified the boot medium/the environment anaconda runs in and with the manual process a human did. How does it help anaconda if the environment has been verified by UEFI? Nevertheless, once anaconda is capable of installing only proper packages from a verified environment, a patch do also do this if the environment has been verified by a human should be trivial. Regards Till -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
