Matthew Garrett <mjg59@xxxxxxxxxxxxx> writes: > On Thu, Nov 01, 2012 at 09:58:17PM +0000, Alan Cox wrote: >> On Thu, 1 Nov 2012 21:34:52 +0000 >> Matthew Garrett <mjg59@xxxxxxxxxxxxx> wrote: >> > I think you've misunderstood. Blacklist updates are append only. >> >> I think you've misunderstood - thats a technical detail that merely >> alters the cost to the people who did something improper. > > Winning a case is cold comfort if your software has been uninstallable > for the years it took to get through the courts. If others want to take > that risk, fine. When the goal is to secure Linux I don't see how any of this helps. Windows 8 compromises are already available so if we turn most of these arguments around I am certain clever attackers can go through windows to run compromised kernel on a linux system, at least as easily as the reverse. Short of instructing UEFI to stop trusting the Microsoft signing key I don't see any of the secureboot dance gaining any security of computers running linux or security from keys being revoked for non-sense reasons. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html