Asklemmy

48904 readers

840 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

Open-ended question
Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
Not ad nauseam inducing: please make sure it is a question that would be new to most members
An actual topic of discussion

Looking for support?

Looking for a community?

Lemmyverse: community search
sub.rehab: maps old subreddits to fediverse options, marks official as such
!lemmy411@lemmy.ca: a community for finding communities

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 6 years ago

MODERATORS

What's your favorite Linux distro? (lemmy.world)

submitted 2 years ago by Librechad@lemmy.world to c/asklemmy@lemmy.ml

113 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] lily33@lemm.ee 1 points 2 years ago (1 children)

There are ways to secure the update process. For example, you can enable secure boot and store your secure boot keys encrypted (or on a smart card). Then (if a full chain of trust is implemented) to update your system, you'd need to enter the private key password (or insert the smart card), and a root-access executable couldn't to that automatically.

[–] baduhai@sopuli.xyz 1 points 2 years ago (1 children)

Yeah, but do other distros do this though? Not that I'm aware.

And surely the same could be done to NixOS, no?

[–] lily33@lemm.ee 1 points 2 years ago* (last edited 2 years ago)

I think it can in theory, but there will be some problems. But most likely Silverblue or something else would have its own problems trying to implement something like that - I don't have any experience with them and don't know how they'd compare.