Installing RPMS via Customization Key
Benjamin M. Schwartz
bmschwar at fas.harvard.edu
Fri Mar 7 10:30:47 EST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
C. Scott Ananian wrote:
| On Fri, Mar 7, 2008 at 9:37 AM, Benjamin M. Schwartz
| <bmschwar at fas.harvard.edu> wrote:
|> It is difficult to comment on this without more detail on "USB
|> customization keys". My understanding was that such customization would
|> be done once at the level of whole countries, that it would be restricted
|> to /home, and that the "key" in question was a cryptographic signing key,
|> so that customizers (at the ministry of education) could create trusted
|> images that the firmware or journal would install automatically. Thus, I
|> am not sure what a USB customization key is.
|
| http://wiki.laptop.org/go/Customization_key
|
| It is specifically design to allow countries (or schools) to create
| customied builds *without* requiring OLPC to sign or approve their
| changes.
Right. I thought the solution was that each country was to be given its
own customization signing key that allowed them to construct modified
images and sign them without OLPC approval. Only signed customizations
would be installed automatically. This would solve the problem of
privilege escalation. I guess I misinterpreted the word "key".
| In exchange, we require the modifications to be restricted
| to /home so that we've got some hope of successfully diagnosing or
| updating their builds. I will refuse to sign any build with this
| patch in it, and I don't feel that Michael has made any case for why
| it is necessary.
| --scott
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFH0V+nUJT6e6HFtqQRAmd1AJ0bTWKkqdkpe2eHJYWrbmd/ukb8uQCfRf/v
mC7ZoOrZ/VMGyRtG/65z51k=
=pdHe
-----END PGP SIGNATURE-----
More information about the Devel
mailing list