On Wed, Jan 09, 2013 at 10:09:21AM -0500, Peter Jones wrote: > As it stands you still need to verify that your netinst.iso (or > whatever) boot image is what you mean to be using. There are ways we > can address that, but it's not the problem I'm trying to solve with this > particular feature. > > I'm not claiming to solve every integrity or authenticity problem we've > got. I'm just making it so that anaconda can verify packages are okay > to install. I'm not solving the greater problem of trusting anaconda. > I've found that it's often useful to work on one engineering problem at > a time. But why should anaconda not verify packages if secure boot is disabled? You need to implement package verification anyhow in anaconda to get your complete feature to work and this does not have to do anything with ensuring that anaconda uses the correct key to verify packages. But then it also does not matter whether you use secure boot to verify the key (from anacondas perspective) or trust the user to have verified the key. Especially since it is required for a user to verify the boot image even with your feature to be secure, also checking for secure boot does not seem to provide any benefit. Regards Till -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
