On Wed, Jul 12, 2023 at 10:05:03AM +0200, Julian Andres Klode wrote: > Source: linux > Version: 6.3.0-7.7 > Severity: grave > Tags: security > X-Debbugs-Cc: j...@debian.org > > I know there's some work in progress but it appears we don't have a bug > for it yet. I raised this yesterday in our weekly upstream shim/grub > cabal meetings and Debian's current approach to sign modules with the > same key and not bump ABI on every upload should be considered a bug.
FWIW, I'm adding this formally as a requirement to the shim-review process in https://github.com/rhboot/shim-review/pull/337 So that we do not accidentally accept submissions with this bug anymore. -- debian developer - deb.li/jak | jak-linux.org - free software dev ubuntu core developer i speak de, en
