Announcement

Collapse
No announcement yet.

Fedora 34 Looks To Sign Individual Files Within RPMs

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Fedora 34 Looks To Sign Individual Files Within RPMs

    Phoronix: Fedora 34 Looks To Sign Individual Files Within RPMs

    Yet another big change being eyed for Fedora 34 is to sign individual files within shipped RPM packages. The signatures will use the Linux Integrity Measurement Architecture (IMA) and in turn can be used to enforce run-time policies around only allowing the execution of trusted files...

    Fedora 34 Looks To Sign Individual Files Within RPMs - Phoronix
    http://www.phoronix.com/scan.php?page=news_item&px=Fedora-34-IMA-Sign-Files-In-RPM
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    With this + compressed firmware + read-only-after-initialization LSM hooks, F34 is looking sick.
    • Likes 1

    Comment

    • #3
      Seems to me like the project is focused on making Fedora 34 the basis for CentOS / RHEL 9.
      Don't expect much and seldom disappointed.
      • Likes 1

      Comment

      • #4
        Originally posted by BingoNightly View Post
        Seems to me like the project is focused on making Fedora 34 the basis for CentOS / RHEL 9.

        • Likes 13

        Comment

        • #5
          Hm, this is bad from the point of view of locking down the system and not allowing people to run what they want. But I get that it's optional to lock down the system, and this feature is useful for sysadmins/IT departments as well as individual users who are OK with only running the software from the official repos.

          Comment

          • #6
            It's not a system-wide policy sandy, unless you specify it that way
            Hi

            Comment

            • #7
              Originally posted by sandy8925 View Post
              .... and this feature is useful for sysadmins/IT departments
              In some enterprises, not having the ability (even if ultimately not used) to lock down a workstation/kiosk to a fixed number of approved/signed applications immediately disqualifies the platform from further consideration. If one wants to see Linux on the desktop usage expand one has to be able to demonstrate those capabilities exist, and IMA is part of that.
              • Likes 3

              Comment

              • #8
                This is incredible! Oh my God, F35 system updates through btrfs snapshots with read-only root partition???

                Comment

                • #9
                  Originally posted by BingoNightly View Post
                  Seems to me like the project is focused on making Fedora 34 the basis for CentOS / RHEL 9.
                  lol, fedora was always rhel's upstream. like debian is ubuntu's upstream. and now it seems like debian is focused on making itself basis for ubuntu?

                  Comment

                  Previous template Next
                  Working...
                  X