On Fri, Feb 03, 2012 at 12:14:58PM +0100, Bastian Blank wrote: > On Fri, Feb 03, 2012 at 02:09:44AM -0800, Josh Triplett wrote: > > In addition, having ipxe available from grub by default could break a > > system's security policy, > > No, it can't. With the next update, the entry will only be allowed for > grub superusers.
Good to know that you've thought of that issue, thanks. > However the same applies to the various entries grub themself adds. Do you mean that the entries grub adds will require a superuser, or that the entries grub adds could allow breaking a system's security policy? If the former, that seems somewhat odd. If the latter, they shouldn't normally; why would they? > > Having ipxe available from grub definitely seems useful; it just > > shouldn't occur by default just from having the ipxe package installed, > > especially when that usually occurs as the result of a dependency. > > Thats a problem of the dependency that will be fixed eventually. If you mean that qemu-kvm's dependencies will change in some way to either not pull in ipxe by default or pull in some package without the grub entry (such as an ipxe-core or similar), that sounds fine. Or do you mean something else? - Josh Triplett -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
