greg at kroah.com
Sun Sep 8 09:08:24 PDT 2013
On Sun, Sep 08, 2013 at 02:57:29PM +0200, Eugen Leitl wrote:
> On Sat, Sep 07, 2013 at 09:14:31PM -0700, Greg KH wrote:
> > But what else needs to be worked on? What gaps do people feel we have
> > that are cauing problems that we can solve with technological measures,
> > not just legal ones?
> Real physical security and a process to keep signing secrets
> secure in community based Linux and *BSD distributions.
What are the problems in the existing processes that you feel are week?
For example, what is wrong with openSUSE's signing process that you feel
> Review of anything crypto based. Completely different process
> for anything crypto based than for everything else. No more
> undetected regression meltdowns a la Debian.
What type of review? What type of process would catch stuff like that?
More information about the linux-elitists