On Wed, Jun 19, 2024 at 02:30:20PM +0200, Vitaly Zaitsev via devel wrote: > On 19/06/2024 13:10, Daniel P. Berrangé wrote: > > Should this be a system-wide change, rather than self-contained > > change ? While the implementation is in gnome-software, since this > > is semi-automating enrollment of a new SecureBoot MOK, with the > > private key strored locally, it has security impact on the distro > > as a whole. > > It's just a GUI for the kmodgenca tool: > https://src.fedoraproject.org/rpms/akmods/raw/rawhide/f/README.secureboot Yes, but there's a difference between a package just happening to exist in the distro requiring the users to seek it out, vs the default software installation tool promoting this is a recommended solution to users. The latter is blessing this is a preferred feature of the distro. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue