[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#991478: [shim-signed] RFE: do not brick users' systems in the stable distribution

Package: shim-signed
Severity: grave

Starting from 1.34~1+deb10u1 and its corresponding "***WARNING***", now the
arm64 shim "is no longer signed".

As a result, after a mundane package upgrade and a reboot, all of my remote
arm64 machines do not boot anymore. I was not aware that the cloud provider
actually uses this "secure boot", else I'd pay more attention to that

In any case, relying on the user reading upgrade notes, and then to scramble
rolling back the upgrade and holding the affected package ASAP, else the
system is bricked, is not a responsible package policy.

I would humbly suggest that you kept the latest signed version frozen at least
in "buster" with no further updates, until the signing issue is resolved. Or
as of now, release another update with the signed version in place.

P.S. just noticed 1.36~1+deb10u2 tried to do something about the boot breakage
- evidently that did not help.

With respect,

Reply to: