On Tue, 2016-04-05 at 09:34 +0200, Florian Weimer wrote: > * Ben Hutchings: > > > > > To ensure the integrity of the kernel, we should support a securelevel > > where all modules must be signed by a trusted key and all APIs > > allowing arbitrary memory writes are disabled. > What is a trusted key? I'm not convinced we can align this with > Debian's principles. The built-in trusted key will be created by the Debian FTP team - just like the keys they use to sign releases.. (For initial testing, I'm using my own key pair so we can work in parallel.) [...] > Maybe we should discuss this on debian-project? [...] This has been discussed many times over the past years. A short summary of what was agreed at DebConf 13: https://lists.debian.org/<1376427261.11676.35.camel@deadeye.wl.decadent.org.uk> Ben. -- Ben Hutchings No political challenge can be met by shopping. - George Monbiot
Attachment:
signature.asc
Description: This is a digitally signed message part