On 10 January 2013 15:43, Björn Persson <bjorn@xxxxxxxxxxxxxxxxxxxx> wrote: > Stephen John Smoogen wrote: >> On 10 January 2013 14:17, Björn Persson <bjorn@xxxxxxxxxxxxxxxxxxxx> wrote: >> > Adam Jackson wrote: >> >> On Thu, 2013-01-10 at 17:56 +0100, Till Maas wrote: >> >> > But why should anaconda not verify packages if secure boot is disabled? >> >> >> >> For the same reason Firefox doesn't automatically accept self-signed SSL >> >> certs, and the same reason that ssh doesn't automatically accept new >> >> host keys: it'd be creating trust from thin air. >> > >> > If Firefox encounters an SSL certificate that it can't verify, then it >> > stops and refuses to load the web page. It won't proceed unless you >> > tell it that you have checked the certificate manually and found it to >> > be genuine. >> >> In every test I have seen on what people do.. it is a click through. >> People click on it without checking the certificate. That is what >> makes it theatre or CYA covering.. What the developer is saying is >> that he doesn't want to pursue security theatre himself on this. If >> someone else wants to and add in the pop-up etc then go ahead.. but he >> isn't going to do that. > > And since people don't check the certificate anyway it would be better > if Firefox would silently switch to plain HTTP when it can't verify the > certificate? Not just use the unverified certificate but skip all the > cryptography altogether without even telling the user about it? Would > that improve anything? Because that's the equivalent of what Anaconda > does. > > Yes the human is usually a weak link, we all know that. It's good to > replace a weak link with a stronger one when we can. Sometimes we can't > do that, and the best we can do then is to make the rest of the chain > strong enough that the human link is the weakest one. Right now the > presence of one weak link is being used as an excuse for leaving a > gaping hole in another part of the chain. Then write the patch. That is all that this is going to take... even if it doesn't get incorporated it will be there for some probably large group that does want it (I would use it myself.) Because the current approach of trying to "shame" the developer into writing it for you is NOT working. -- Stephen J Smoogen. "Don't derail a useful feature for the 99% because you're not in it." Linus Torvalds "Years ago my mother used to say to me,... Elwood, you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant. You may quote me." —James Stewart as Elwood P. Dowd -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
