On Wed, 2007-08-01 at 22:13 -0700, Jan Setje-Eilers wrote: > (I'm have some interest in FEM, a cron job would just make > things worse), I'm open to that.
At best, FEM-driven update of the boot archive could shrink the window of vulnerability to perhaps a few minutes. While this is a significant improvement over current behavior, it's still unacceptably large. It's clear to me that there are simpler approaches which completely eliminate the window of vulnerability I'm concerned about.
