On Tue, Dec 14, 2021 at 09:18:20PM +0000, Zbigniew Jędrzejewski-Szmek wrote: > My understanding it the following: fs-verity originated in the Android > world where you can have an unprivileged process downloading a file, > e.g. a jar. This unprivileged process manages the download, but the > file is only trusted and executed when it has a matching signature > from some central authority. The file contains the whole app, > including all resources, so there is no question of other unverified > files being used by the app. And the file can be large enough that > it's practical to do chunked verification, since checksumming the whole > file on first use would be slow. This does seem rather reminiscent of our LiveCD squashfs situation.... -- Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> Fedora Project Leader _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
