[Bug debuginfod/28204] extend webapi / verification with forthcoming signed-contents archives
mark at klomp dot org
sourceware-bugzilla@sourceware.org
Sun Jul 23 21:57:42 GMT 2023
https://sourceware.org/bugzilla/show_bug.cgi?id=28204
--- Comment #14 from Mark Wielaard <mark at klomp dot org> ---
I think it is the user/distro packager who should decide which ima-certs to
ship. I don't think elfutils should come with ima-certs itself.
Why is there a "permissive" policy? What is the use case for this?
Should the policy be per debuginfod url? So you can point to an official distro
debuginfod which must be in enforcing mode, but can add a local one with an
"ignore" policy.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the Elfutils-devel
mailing list