At some point we're hopefully going to support Secure Boot on amd64. That means there will be a signed kernel image (separate from the current linux-image packages) and a signed GRUB image. The kernel modules in the linux-image packages will also be signed, probably with an ephemeral key. All these signatures will all be embedded within binaries and will of course not be reproducible. The locations of differences will however be predictable. How should we deal with this limited variability? Could source packages or buildinfo describe the expected variations somehow? Ben. -- Ben Hutchings Unix is many things to many people, but it's never been everything to anybody.
Attachment:
signature.asc
Description: This is a digitally signed message part