On Thu, Oct 2, 2008 at 9:45 AM, Erik Garrison <[EMAIL PROTECTED]> wrote: > On Thu, Oct 02, 2008 at 12:07:51AM -0400, Bobby Powers wrote: >> With that said, I would probably lean towards preferring unsecured >> machines (with pretty boot enabled, of course). >> > > Such small hassles, when repeated across hundreds of thousands of > people, tend to eat up a lot of time. We should be trying to save users > this time.
As I said in June, afaic G1G1 machines should all be sent out with developer keys. http://lists.laptop.org/pipermail/security/2008-June/000426.html Kim made two related points: > 1 - Assuming we get to the point where upgrading is an easy click > from the G1G1 machine, then we want to be sure that people don't > mistakenly load non-signed images. If you are not a developer; > doesn't this add a level of protection that we want for 90% of G1G1 > recipients? I don't think this is the sort of security people need -- again, those 90% aren't going to be trying updates in the first place. If we want to add a required --security=off flag to the olpc-update command to indicate that you recognize you are installing an unsecured build, that's fine. > 2 - I believe our support issues will go up significantly as people > who have little or no experience are encouraged to download all > sorts of untested builds with no easy way to get back to a > working system. > To feel better about the support issues, I would like the one-button > push that restores a laptop to factory default. I don't know about the former; the latter is a great idea. These feel to me like useful things to address for 8.2.1, though not for the initial g1g1 images. SJ > We'll save everyone who wants to install non-standard builds the time > required to learn about and obtain developer keys. We'll save the > support costs required to process and answer all the queries about > developer keys. And we'll reduce the infrastructural costs of managing > the generation of the keys. > > Erik > _______________________________________________ > Devel mailing list > Devel@lists.laptop.org > http://lists.laptop.org/listinfo/devel > _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel