Stephen John Smoogen wrote: > In every test I have seen on what people do.. it is a click through. > People click on it without checking the certificate. That is what > makes it theatre or CYA covering.. What the developer is saying is > that he doesn't want to pursue security theatre himself on this. If > someone else wants to and add in the pop-up etc then go ahead.. but he > isn't going to do that. There are two problems here. When this is discussed people on both sides want to roll the argument into one problem, and that is where the arguments stagnate and have rotted for years. Problem 1: Root trust Currently this process is manually performed by checking a mental checkbox when a user downloads a Fedora image from fp.o. Having SecureBoot perform this process automatically is a +1, but not a requirement. If we cannot trust our end users then how can we trust ourselves. Problem 2: GPG checking It's just a flip of a switch. No technical requirements must be met to enable it. Opponents of enabling checking say problem 1 *must* be fixed for problem 2 to be addressed and consider it a single issue instead of two. It would make sense to go ahead and enable GPG checking with the known caveat that your installer may be malicious. It is *not* security theatre to know you downloaded a checksum-verified ISO file. It is *safer* to have it enabled now that anaconda is allowed network access. ... but since everyone is hard-headed about this I doubt this thread will change anyone's mind. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
