|
|
|
|
|
|
by skywhopper
1099 days ago
|
|
|
In re 1, the system operator could configure the kernel to trust their signing key, and build the extensions themselves, which is still highly complex but would minimize the risk of a general compromise. That said, I agree in general that this approach is mostly going backwards and fails to address the core risks. It’s also important to push back on the Rust-as-security-panacea meme. Rust prevents a certain class of bugs, but it doesn’t ensure reliable operation. |
|
|