Comment # 19 on bug 1173682 from 
(In reply to Wolfgang Bauer from comment #14)
> Sorry to step in again, but if it would be possible in Packman e.g., why
> shouldn't that be possible in the existing NVidia repo too?

I can't answer that, because I have zero knowledge about how that repo is
maintained.

In the past I worked for a company that shipped (other) proprietary drivers in
KMP format, properly signed with the company's own key. So I guess if NVidia
was willing to do this and spend the necessary effort, they could. NVidia would
be powerful enough to even push their key to the major vendors' BIOS. 

Let's get this straight:

 - After years of fighting and hassle, NVidia still ships the proprieary driver
and AFAIK has no intention to cease doing that.
 - SB is becoming more and more ubiquitous, and SB + unsigned modules is a
general problem, not only on openSUSE but on every Linux distro.
 - SUSE and the openSUSE community have done a great deal of work to make
packaging and installing the drivers hassle-free for users. That's work that
NVidia should have done but chose rather not to.
 - Now with secure boot and CONFIG_MODULE_SIG=y, the problem gets a new
dimension that the community can't easily solve. It's a catch-22. 
 - Eventually it's NVidia's problem and only NVidia can solve it "for good",
either by open-sourcing the driver or by packaging and shipping properly signed
driver modules.

> Well, breaking user systems like this is not what I do understand about "closing the leap gap", sorry.

Again, "breaking systems" is not the intention. The intention is to minimize
differences, and that includes of course important basic kernel security
settings like that. By doing this, we bring Leap to a similar security level as
SLE.

You are receiving this mail because: