Re: Secrecy and user trust

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Kevin Fenzi wrote:
> On Wed, 03 Sep 2008 10:30:39 -0400
> davidsen@xxxxxxx (Bill Davidsen) wrote:
[...]
>> and then hardest of all find a secure way to provide the public part
>> of the signing key. Obviously you don't risk letting someone slip in
>> a bogus NEW fake key and go around on this again.
> 
> Indeed. 
> 
> The proposed plan (that has since had a few modifications): 
> http://lists.fedoraproject.org/pipermail/rel-eng/2008-August/001627.html

Since rpm/yum don't have any method to handle a key revocation, this
process is harder than it might otherwise be.  As I understand the
plan currently, the new key will be included in an updated
fedora-release package that will be signed by the old key.  This will
make the change as transparent as possible for most users and since it
is not believed that the old key is compromised at this time, it is
reasonably secure. (Insert various caveats regarding the meaning of
"reasonably secure" and "not believed ... compromised ..." as needed.)

I presume that the new key's fingerprint and other details will be
added to https://fedoraproject.org/keys sometime soon and that can be
used by those who want a bit more verification of the new key before
trusting it.

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sanity is the trademark of a weak mind.
    -- Mark Harrold

Attachment: pgpeWcDCF7ykq.pgp
Description: PGP signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux