On Wed, Jan 06, 2021 at 01:27:40AM +0100, Kevin Kofler via devel wrote: > Ben Cotton wrote: > > == Summary == > > We want to add signatures to individual files that are part of shipped > > RPMs. These signatures will use the Linux IMA (Integrity Measurement > > Architecture) scheme, which means they can be used to enforce runtime > > policies to ensure execution of only trusted files. In more mundane words: a signature will be shipped in the rpm for each file separately? And what will be done with this signature on the destination machine: will it be kept in the rpms database or something more? What is the overhead on packed rpm size, rpm database, on-disk installation? Can we description be made clearer in what is changed in rpms and how IMA is consuming those changes on the installation machine? > > == Owner == > > * Name: [[User:Puiterwijk| Patrick Uiterwijk]] > > * Email: puiterwijk@xxxxxxxxxx > > * Name: [[User:Pbrobinson| Peter Robinson]] > > * Email: pbrobinson@xxxxxxxxx > > I am opposed to this Change, because it increases the file size of all RPMs > and the size of the RPM database (and hence, of all installed systems, > including, but not limited to, the live images) to implement what basically > amounts to "Treacherous Computing" > [ https://www.gnu.org/philosophy/can-you-trust.en.html ]. > > Neither do I consider it acceptable to ban execution of non-centrally-signed > binaries, I don't think we should forbid opt-in verification, no matter if centrally managed or not. It's not 1995 and people have fleets of machines that are centrally managed... > nor do I consider it acceptable to bloat all our packages with > per-file signatures that are ultimately redundant with the package > signatures that already guarantee the integrity of all files in the package. ... but that is a good question. The "Benefit to Fedora" to Fedora doesn't actually explain why those signatures are better than the ones we already have. Zbyszek _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
