I would like to see the link for requesting a developer key made much
more prominent in the library.
I'd like to see the pathname to downloading the key itself much more
prominent (and displayed in a larger point size) on the webpage
returned after the request is granted. For those of us with
The two issues that I am concerned about regarding the write protect
flag with regards to G1G1:
1 - I thought requiring signed images was part of our bitfrost
security. Doesn't it provide some protection from malicious images?
Assuming we get to the point where upgrading is an easy click from the
Kim Quirk [EMAIL PROTECTED] writes:
[...] Finally, I agree with Scott, that the easiest thing we can do
in the short term is to make the 'get a developer key' more
prominent for those who want to find it. [...]
Taking away the 24 hour delay between key request and response could
help solve
On Thu, 5 Jun 2008, Kim Quirk wrote:
1 - I thought requiring signed images was part of our bitfrost
security. Doesn't it provide some protection from malicious images?
Assuming we get to the point where upgrading is an easy click from the
G1G1 machine, then we want to be sure that people
SJ wrote:
I continue to be uncomfortable that we are sending out restricted /
locked-down machines without a clear need. The arguments made so far for
this are
1. Getting G1G1 people to test security steps
2. Protecting G1G1 donors from installing anything but signed builds
3.
On Tue, 3 Jun 2008, C. Scott Ananian wrote:
. . .
The original reason is that it allowed our G1G1 users to more fully
exercise/test our secure boot paths, which are used in our deployment
countries. This helps G1G1 users be more representative testers, and
. . .
I'm a G2G2. Among my
On Wed, Jun 4, 2008 at 12:15 AM, Paul Fox [EMAIL PROTECTED] wrote:
SJ wrote:
I continue to be uncomfortable that we are sending out restricted /
locked-down machines without a clear need. The arguments made so far for
this are
1. Getting G1G1 people to test security steps
2.
On Wed, Jun 4, 2008 at 9:20 PM, reynt0 [EMAIL PROTECTED] wrote:
I also want to be able to examine the XO as thoroughly as
possible from my own (USA, educated, experienced, and so
on) perspective. In that regard, FWIW I found the various
infos I later could find from olpc a bit unclear or even
On Tue, Jun 3, 2008 at 12:07 PM, ffm [EMAIL PROTECTED] wrote:
Why were G1G1 machines shipped with firmware, kernel, and reflash locks
enabled? (see http://wiki.laptop.org/go/Developer_keys )
Theft is not a good reason, as they do not require activation leases.
It only seems to be a bother
On Tue, Jun 3, 2008 at 12:43 PM, Bert Freudenberg [EMAIL PROTECTED] wrote:
On 03.06.2008, at 18:33, ffm wrote:
On Tue, Jun 3, 2008 at 12:29 PM, C. Scott Ananian
[EMAIL PROTECTED] wrote:
Machines sent out via our developer program are always shipped out
unsecured.
Yet I've just recived two
On Tue, Jun 3, 2008 at 12:29 PM, C. Scott Ananian [EMAIL PROTECTED] wrote:
Machines sent out via our developer program are always shipped out
unsecured.
Yet I've just recived two laptops via said program that had security
enabled.
-FFM
___
Devel
Developer program laptops are shipped out as US/International
keyboards, English language, AK flag set, which means they do NOT need
activation. They are permanently activated in the manufacturing data.
The only thing they need to be a developer unit is a developer key.
One more reason to add to
I continue to be uncomfortable that we are sending out restricted /
locked-down machines without a clear need. The arguments made so far for
this are
1. Getting G1G1 people to test security steps
2. Protecting G1G1 donors from installing anything but signed builds
3. Showing a pretty boot
Shipping G1G1 machines with NAND reflash locks enabled makes little
sense to me. What good is protection against malicious reflash when any
attacker who can perform a reflash has physical access to the device and
has password-free root access in default configurations?
Instead, the justification
14 matches
Mail list logo
