On Tue, Dec 14, 2021 at 09:18:20PM +0000, Zbigniew Jędrzejewski-Szmek wrote: > My understanding it the following: fs-verity originated in the Android > world where you can have an unprivileged process downloading a file, > e.g. a jar. This unprivileged process manages the download, but the > file is only trusted and executed when it has a matching signature > from some central authority. The file contains the whole app, > including all resources, so there is no question of other unverified > files being used by the app. And the file can be large enough that > it's practical to do chunked verification, since checksumming the whole > file on first use would be slow.
This does seem rather reminiscent of our LiveCD squashfs situation.... -- Matthew Miller <mat...@fedoraproject.org> Fedora Project Leader _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
