https://sourceware.org/bugzilla/show_bug.cgi?id=28204
--- Comment #18 from Frank Ch. Eigler <fche at redhat dot com> --- > Doesn't that give a false sense of "security"? > It still rejects some stuff, but doesn't really protect against "falsifying" > files, all a server has to do is not provide an IMA Yes, but trusted servers won't just do that. > If it is just to see what would happen if enabling ima file checking, then > it probably shouldn't reject anything. In that case it should warn for both > missing and invalid signatures, but still accept them. The difference between missing and invalid is that the latter is KNOWN bad. An invalid signature is evidence that the file has a problem. -- You are receiving this mail because: You are on the CC list for the bug.
