> Dear Security Team and Kernel Team, > > As the subject states, we are reaching out concerning the linux live-patching > project, a.k.a ITP bug #1070494 (https://bugs.debian.org/1070494).
This is a great initiative, it would be fantastic to have live-patching support in Debian, thank you for working on this! > * Secure boot support (at a second stage) It makes total sense to focus on the base deliverables first, and leave further refinements for later. However, I would highly recommend to keep signing in the back of your minds at all times when designing the solution, especially the build system, as the signing system on Debian has very particular requirements. Without signed modules that are trusted by the default Debian system, which essentially means the Debian CA embedded in Shim, it would in practice mean that in the large majority of use cases it would not be possible to load these patches.
