Announcement

Collapse
No announcement yet.

Fedora 34 Looks To Sign Individual Files Within RPMs

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Fedora 34 Looks To Sign Individual Files Within RPMs

    Phoronix: Fedora 34 Looks To Sign Individual Files Within RPMs

    Yet another big change being eyed for Fedora 34 is to sign individual files within shipped RPM packages. The signatures will use the Linux Integrity Measurement Architecture (IMA) and in turn can be used to enforce run-time policies around only allowing the execution of trusted files...

    http://www.phoronix.com/scan.php?pag...n-Files-In-RPM

  • #2
    With this + compressed firmware + read-only-after-initialization LSM hooks, F34 is looking sick.

    Comment


    • #3
      Seems to me like the project is focused on making Fedora 34 the basis for CentOS / RHEL 9.

      Comment


      • #4
        Originally posted by BingoNightly View Post
        Seems to me like the project is focused on making Fedora 34 the basis for CentOS / RHEL 9.

        Comment


        • #5
          Hm, this is bad from the point of view of locking down the system and not allowing people to run what they want. But I get that it's optional to lock down the system, and this feature is useful for sysadmins/IT departments as well as individual users who are OK with only running the software from the official repos.

          Comment


          • #6
            It's not a system-wide policy sandy, unless you specify it that way
            Hi

            Comment


            • #7
              Originally posted by sandy8925 View Post
              .... and this feature is useful for sysadmins/IT departments
              In some enterprises, not having the ability (even if ultimately not used) to lock down a workstation/kiosk to a fixed number of approved/signed applications immediately disqualifies the platform from further consideration. If one wants to see Linux on the desktop usage expand one has to be able to demonstrate those capabilities exist, and IMA is part of that.

              Comment


              • #8
                This is incredible! Oh my God, F35 system updates through btrfs snapshots with read-only root partition???

                Comment


                • #9
                  Originally posted by BingoNightly View Post
                  Seems to me like the project is focused on making Fedora 34 the basis for CentOS / RHEL 9.
                  lol, fedora was always rhel's upstream. like debian is ubuntu's upstream. and now it seems like debian is focused on making itself basis for ubuntu?

                  Comment

                  Working...
                  X