On Tue, May 10, 2011 at 3:29 PM, Chris Ball <[email protected]> wrote: > I think it's still more complicated than that.
Agreed. I would say two things - Currently rpm-based installations are prone to problems with powerloss (stay tuned for btrfs, and cjb's work on it...). If you go this way, and you have a large number of laptops, probabilities turn into number of real laptops affected. If you accept that, then... - A secure laptop should only execute or install stuff signed by its admin team - rpms listed in a manifest signed with its OATS keys for example. (If you are going to go that route -- signed scripts and lists of rpms, Puppet is you friend - yes, even for the XOs themselves.) cheers, m -- [email protected] [email protected] -- Software Architect - OLPC - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff _______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
