"Walter Bender": Re: devkeys, prettyboot, and G1G1

Samuel Klein sj at laptop.org
Thu Oct 2 20:05:32 EDT 2008 

On Thu, Oct 2, 2008 at 9:45 AM, Erik Garrison <erik at laptop.org> wrote:
> On Thu, Oct 02, 2008 at 12:07:51AM -0400, Bobby Powers wrote:
>> With that said, I would probably lean towards preferring unsecured
>> machines (with pretty boot enabled, of course).
>>
>
> Such small hassles, when repeated across hundreds of thousands of
> people, tend to eat up a lot of time.  We should be trying to save users
> this time.

As I said in June, afaic G1G1 machines should all be sent out with
developer keys.

http://lists.laptop.org/pipermail/security/2008-June/000426.html

Kim made two related points:

> 1 - Assuming we get to the point where upgrading is an easy click
> from the G1G1 machine, then we want to be sure that people don't
> mistakenly load non-signed images. If you are not a developer;
> doesn't this add a level of protection that we want for 90% of G1G1
> recipients?

I don't think this is the sort of security people need -- again, those
90% aren't going to be trying updates in the first place. If we want
to add a required --security=off flag to the olpc-update command to
indicate that you recognize you are installing an unsecured build,
that's fine.


> 2 - I believe our support issues will go up significantly as people
> who have little or no experience are encouraged to download all
> sorts of untested builds with no easy way to get back to a
> working system.
> To feel better about the support issues, I would like the one-button
> push that restores a laptop to factory default.

I don't know about the former; the latter is a great idea.

These feel to me like useful things to address for 8.2.1, though not
for the initial g1g1 images.

SJ


> We'll save everyone who wants to install non-standard builds the time
> required to learn about and obtain developer keys.  We'll save the
> support costs required to process and answer all the queries about
> developer keys.  And we'll reduce the infrastructural costs of managing
> the generation of the keys.
>
> Erik
> _______________________________________________
> Devel mailing list
> Devel at lists.laptop.org
> http://lists.laptop.org/listinfo/devel
>

More information about the Devel mailing list