-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 C. Scott Ananian wrote: | On Fri, Mar 7, 2008 at 9:37 AM, Benjamin M. Schwartz | <[EMAIL PROTECTED]> wrote: |> It is difficult to comment on this without more detail on "USB |> customization keys". My understanding was that such customization would |> be done once at the level of whole countries, that it would be restricted |> to /home, and that the "key" in question was a cryptographic signing key, |> so that customizers (at the ministry of education) could create trusted |> images that the firmware or journal would install automatically. Thus, I |> am not sure what a USB customization key is. | | http://wiki.laptop.org/go/Customization_key | | It is specifically design to allow countries (or schools) to create | customied builds *without* requiring OLPC to sign or approve their | changes.
Right. I thought the solution was that each country was to be given its own customization signing key that allowed them to construct modified images and sign them without OLPC approval. Only signed customizations would be installed automatically. This would solve the problem of privilege escalation. I guess I misinterpreted the word "key". | In exchange, we require the modifications to be restricted | to /home so that we've got some hope of successfully diagnosing or | updating their builds. I will refuse to sign any build with this | patch in it, and I don't feel that Michael has made any case for why | it is necessary. | --scott | -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH0V+nUJT6e6HFtqQRAmd1AJ0bTWKkqdkpe2eHJYWrbmd/ukb8uQCfRf/v mC7ZoOrZ/VMGyRtG/65z51k= =pdHe -----END PGP SIGNATURE----- _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
