On Sun, 2019-02-10 at 21:52 -0800, Steve Langasek wrote: > On Mon, Feb 11, 2019 at 01:06:58AM +0000, Steve McIntyre wrote: > > On Sat, Feb 09, 2019 at 09:43:57PM -0800, Steve Langasek wrote: > > > Hi Steve, > > > On Fri, Feb 08, 2019 at 03:37:39PM +0000, Steve McIntyre wrote: > > > > vorlon - we agreed on "ASAP" as a target for the update a > > > > couple of > > > > weeks back. Have you managed to make any progress please? > > > > We're getting *really* short on time to make things work for > > > > the > > > > Buster release now... > > > shim 15+1533136590.3beb971-1 is now in unstable. Please let me > > > know if > > > anything is missing for Buster. > > Hi Steve, > > Awesome, thanks! I can see there's been quite a lot of changes to > > deal > > with. Thanks very much for your efforts! > > Just one tiny thing missing that I was hoping for: add i386 to the > > arch list. We're wanting to get shim signed for all of amd64, arm64 > > and i386 for Buster. > > Ok, -2 uploaded with i386 enabled. Cheers! Hello Steve, Thank you very much for your work! One question: last year Philipp did some work to have the shim source package build the templates required to make it work with our new signing infrastructure: https://salsa.debian.org/pmhahn/shim Instead of using the ephemeral, build-time generated key to sign FB and MoK, that allows to sign them using our CA. Among other things, this allows the build to be reproducible - which is an important aspect in my opinion, especially for a security-critical component like shim. What are your (and other folks on the list's) thoughts on this? -- Kind regards, Luca Boccassi
Attachment:
signature.asc
Description: This is a digitally signed message part