> > > > Has any work taken place in the Linux community toward building a > > > "trusted loader" into Linux. If so, what is the status? If not, why > > > not? > > > > This would be against the very idea of Free Software, i.e. the right to > > freely > > modify your software and use such modified versions. > > See e.g.: http://www.gnu.org/philosophy/can-you-trust.html > > That depends on who has the keys. If the system admins can use their own > keys, then it isn't a problem. > There are times I don't care about "philosophy" as much as being able to deliver a stable somewhat-trusted box to a customer. I have customers for whom configuration managed baselines are very important. Once the baseline is established, they want it locked down, and want to be able to detect when the baseline changes...better yet, ensure the baseline can't change without authorization. Once a server is in production, "philosophy" takes a back seat. Of course the ability for the end-user to modify open source or create custom apps and be able to sign them has go to be part of the solution. Dave McGuffey Principal Information System Security Engineer // NSA-IEM, NSA-IAM SAIC, IISBU, Columbia, MD -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines