Ben Cotton wrote: > == Summary == > We want to add signatures to individual files that are part of shipped > RPMs. These signatures will use the Linux IMA (Integrity Measurement > Architecture) scheme, which means they can be used to enforce runtime > policies to ensure execution of only trusted files. > > == Owner == > * Name: [[User:Puiterwijk| Patrick Uiterwijk]] > * Email: puiterw...@redhat.com > * Name: [[User:Pbrobinson| Peter Robinson]] > * Email: pbrobin...@gmail.com
I am opposed to this Change, because it increases the file size of all RPMs and the size of the RPM database (and hence, of all installed systems, including, but not limited to, the live images) to implement what basically amounts to "Treacherous Computing" [ https://www.gnu.org/philosophy/can-you-trust.en.html ]. Neither do I consider it acceptable to ban execution of non-centrally-signed binaries, nor do I consider it acceptable to bloat all our packages with per-file signatures that are ultimately redundant with the package signatures that already guarantee the integrity of all files in the package. Kevin Kofler _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
