Re: Secrecy and user trust

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



jdow wrote:

Suppose Fedora generates a new key. They can get it out there by putting
it on their website, in an update RPM, and in plain textual format in
the primary download sites. Then I as a user either trust that or find
I have to take a trip to somebody's office I know is authoritative for
Fedora and get the key on some portable media.

Now, I can also check the key if it is uploaded to all the mirrors the
same way. If I download from a large collection of sites and they all
are bit copies of each other then either the web of deceit is so large
we're all lost anyway or I have a good key.

Judy, you make too much sense. This thread has long outlived any
useful function, I think. What you just suggested is the automatic,
normal, natural thing anyone would have, and probably nearly everyone
here already has, think of. I'd also publish MD5 and/or SHA1 hashes
of the files, but that' a minor tweak.


So the focus of the discussion is silly. Trust is established once, in
some way. Use the same way again that satisfied you in the first place
and get on with life.

{^_^}    <- betting the real problem is "infrastructure."

The only point I saw to the discussion was the first question
posed, which was:

	Since Fedora got compromised, we'd like to know
	what they run on their servers, and whether we
	might ourselves be vulnerable to the same kind of
	attack which compromised Fedora in the first place.
	If so, we'd like to know what the attack was,
	how it succeeded, and how to protect against it.

Recovery seems to me to be obvious and simple. I never saw
(perhaps I missed) an answer to the first question.

Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux