On Tue, Oct 18, 2016 at 7:36 PM, Ian Jackson wrote: > I'm afraid I can't make sense of this. You have posted it to > debian-devel, but without any kind of sensible explanation of the > context.
It was posted to bug #820036, which is tracking Debian support for secure boot. Peter was advocating quite correctly that as well as having our copy of shim (the first-stage bootloader on secure boot systems) signed by Microsoft, we should also have a copy signed by a Debian signing authority, so that users can theoretically choose to distrust the Microsoft key. IIRC, unfortunately in practice that is unlikely to be possible since various firmware blobs are only Microsoft-signed. -- bye, pabs https://wiki.debian.org/PaulWise