[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: UEFI Revocation List being distributed by Debian

* Paul Wise:

> This sort of data is liable to be out of date if included in the
> source code of fwupd, I think this should be separate to fwupd in the
> same way that tzdata is separate to glibc and DNSSEC root keys are
> separate to DNS servers and the web PKI CAs should be separate to web
> browsers. I suggest that fwupd download it directly from the UEFI
> website and update the copy within the boot firmware that way.

It also has to be optional and disabled by default because a future
dbx update may be specifically designed to stop Debian systems from
booting.  No Debian user will want to install such an update.

Reply to: