Adam Jackson wrote: > On Thu, 2013-01-10 at 17:56 +0100, Till Maas wrote: > > But why should anaconda not verify packages if secure boot is disabled? > > For the same reason Firefox doesn't automatically accept self-signed SSL > certs, and the same reason that ssh doesn't automatically accept new > host keys: it'd be creating trust from thin air. If Firefox encounters an SSL certificate that it can't verify, then it stops and refuses to load the web page. It won't proceed unless you tell it that you have checked the certificate manually and found it to be genuine. If OpenSSH encounters a host key that it hasn't seen before, then (in the default configuration) it stops and refuses to log in to the server. It won't proceed unless you tell it that you have checked the host key manually and found it to be genuine. If Anaconda can't verify the package signing key, does it stop and refuse to install the packages? No, it goes ahead and downloads some random junk from somewhere on the Web and installs it. Random junk? Yes. It doesn't verify the packages, so it has no reason to believe that they aren't random junk. Anaconda shouldn't proceed unless you tell it that you have checked the boot image manually and found it to be genuine. This could be done with a button that you have to clik on, labeled "Yes I checked the boot image." Or the fact that you booted the boot image could be taken to mean that you trust the boot image. Björn Persson
Attachment:
signature.asc
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
