Closed julian-klode closed 2 months ago
I guess to note:
There's a question if we should also bump that latest to grub,4
now and drop the grub,debian
entry. It's been what, 3 months now? We should do it before we get another round of CVEs and need to bump grub again, otherwise grub
is going to be at grub,3
in previous and grub,5
in latest which would be messy.
I think latest should be "grub,4".
I think ideally latest should have been "grub,4" at the time of the 15.8, it would make sense that the actually secure revocations at the time of a specific shim release are always available as an opt in. In this case it made sense for people not affected by the NTFS CVE but still.
This looks good to me, as would updating to grub,4
and removing grub.debian
in a different PR.
Add the previous latest level to the switch for automatic.