http://bugzilla.opensuse.org/show_bug.cgi?id=1183884 http://bugzilla.opensuse.org/show_bug.cgi?id=1183884#c22 --- Comment #22 from Michael Chang <mchang@suse.com> --- (In reply to Michael Chang from comment #21)
(In reply to Projeto Linux Kamarada from comment #20)
(In reply to Michael Chang from comment #15)
Frankly this design sounds a bit silly, the file you can select doesn't link to anything you can trust, merely you want it to do the work for you. If that can work then why there are phishing email and website in the first place. To prevent running malicious software the integrity and authenticity has to be verified by a trusted authority (CA) and is by no means your own decision.
Sorry this is a bit misleading. Certainly you can decide to trust "your own" bootloader and follow that process may work (although it is still insecure because it can be replaced if you don't put enough attention). But in this case bootloader is provided by third party like opensuse, it is not you to decide trust or not because you may be using, for eg, tempered image downloading from fake website. -- You are receiving this mail because: You are on the CC list for the bug.