https://sourceware.org/bugzilla/show_bug.cgi?id=28204
--- Comment #21 from Ryan Goldberg ---
(In reply to Mark Wielaard from comment #20)
> But isn't the idea of checking the IMA signatures that you don't have to
> trust the server providing the debuginfo files as the distro intended them?
But th
https://sourceware.org/bugzilla/show_bug.cgi?id=28204
--- Comment #20 from Mark Wielaard ---
(In reply to Frank Ch. Eigler from comment #18)
> > Doesn't that give a false sense of "security"?
> > It still rejects some stuff, but doesn't really protect against "falsifying"
> > files, all a server
