Bug#1040901: linux modules must not be signed with CA key, bump ABI every upload
On Wed, Jul 12, 2023 at 10:05:03AM +0200, Julian Andres Klode wrote:
> Source: linux
> Version: 6.3.0-7.7
> Severity: grave
> Tags: security
> X-Debbugs-Cc: jak@debian.org
>
> I know there's some work in progress but it appears we don't have a bug
> for it yet. I raised this yesterday in our weekly upstream shim/grub
> cabal meetings and Debian's current approach to sign modules with the
> same key and not bump ABI on every upload should be considered a bug.
FWIW, I'm adding this formally as a requirement to the shim-review
process in
https://github.com/rhboot/shim-review/pull/337
So that we do not accidentally accept submissions with this bug
anymore.
--
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer i speak de, en
Reply to: