https://sourceware.org/bugzilla/show_bug.cgi?id=28204
--- Comment #20 from Mark Wielaard <mark at klomp dot org> --- (In reply to Frank Ch. Eigler from comment #18) > > Doesn't that give a false sense of "security"? > > It still rejects some stuff, but doesn't really protect against "falsifying" > > files, all a server has to do is not provide an IMA > > Yes, but trusted servers won't just do that. But isn't the idea of checking the IMA signatures that you don't have to trust the server providing the debuginfo files as the distro intended them? > > If it is just to see what would happen if enabling ima file checking, then > > it probably shouldn't reject anything. In that case it should warn for both > > missing and invalid signatures, but still accept them. > > The difference between missing and invalid is that the latter is KNOWN bad. > An invalid signature is evidence that the file has a problem. And a missing signature is UNKNOWN bad? So both are bad in some way. Which imho means that if we support some kind of permissive mode, then it should explicitly warn for both kind of baddness. -- You are receiving this mail because: You are on the CC list for the bug.
