Re: [Reproducible-builds] Reproducibility vs signatures

To: reproducible-builds@lists.alioth.debian.org, Debian kernel maintainers <debian-kernel@lists.debian.org>
Subject: Re: [Reproducible-builds] Reproducibility vs signatures
From: Holger Levsen <holger@layer-acht.org>
Date: Mon, 3 Aug 2015 13:24:54 +0200
Message-id: <[🔎] 201508031325.02965.holger@layer-acht.org>
In-reply-to: <[🔎] 1438599739.3225.101.camel@decadent.org.uk>
References: <[🔎] 1438566574.3225.83.camel@decadent.org.uk> <[🔎] 201508031246.37226.holger@layer-acht.org> <[🔎] 1438599739.3225.101.camel@decadent.org.uk>

Hi,

On Montag, 3. August 2015, Ben Hutchings wrote:
> Only the FTP team will be able to get shim signed by the Microsoft CA.
> Only the FTP team will be able to sign GRUB and the kernel using the
> private key for which the public part is embedded in shim.
> 
> Users can add further trusted keys at boot time through the BIOS setup
> program or shim; then they can use their own signed kernels.

Thanks for clarifying.

About your original question, I dont have a good answer right now. I think it 
would be a good topic to discuss at DebConf...! Thanks for bringing this up to 
us already!

cheers,
	Holger

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

References:
- Reproducibility vs signatures
  - From: Ben Hutchings <ben@decadent.org.uk>
- Re: [Reproducible-builds] Reproducibility vs signatures
  - From: Holger Levsen <holger@layer-acht.org>
- Re: [Reproducible-builds] Reproducibility vs signatures
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Processed: raise severity of GCC 5 issues
Next by Date: Processed: Re: Bug#794468: general: no watchdog support in installer kernel
Previous by thread: Re: [Reproducible-builds] Reproducibility vs signatures
Next by thread: Re: [Reproducible-builds] Reproducibility vs signatures
Index(es):
- Date
- Thread