Re: Proposed F19 Feature: Package Signature Checking During Installation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jan 09, 2013 at 03:08:51PM +0100, Florian Weimer wrote:

> I start with the F18 TC3 image, which boots on Secure Boot systems,
> replace the boot artwork (which is not cryptographically protected),
> the F18 kernel, and use most of the F19 installation environment.
> The F18 boot loader and kernel know nothing about image verification
> or Authenticode-style executable verification, so it will start any
> init I supply.  This means that I can start a fake anaconda which
> looks just like F19, but does not verify RPM signatures (as before).
> At this point, I can put whatever RPMs I want on the installation
> media, and they will be installed.

Yes, if you boot an installer that doesn't verify signatures, you won't 
verify signatures.

-- 
Matthew Garrett | mjg59@xxxxxxxxxxxxx
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux