Re: Verifying Fedora-34

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jonathan Ryshpan wrote:
> On Fri, 2021-06-25 at 22:25 -0400, Todd Zullinger wrote:
>> There's nothing wrong with that output.  The warning is
>> simply telling you that the Fedora key isn't signed by a key
>> you've marked as trusted.
...
> 
> Just as I thought.   So...
> 
> How do I mark a key as trusted?

One way is to add a local signature to the Fedora keys,
assuming you have a gpg key yourself.  However, I would
simply take the warning for what it is and not sign the
Fedora keys.

> What precautions are needed to be sure that the key should
> actually be trusted?

From https://getfedora.org/en/security/, you can view the
fingerprints of the currently active keys Fedora uses for
signing the CHECKSUM files.  To check the fingerprint for
the Fedora 34 key, for example:

    $ gpg --list-key --with-fingerprint 45719A39
    pub   rsa4096 2020-08-06 [SCE]
	  8C5B A699 0BDB 26E1 9F2A  1A80 1161 AE69 4571 9A39
    uid           [ unknown] Fedora (34) <fedora-34-primary@xxxxxxxxxxxxxxxxx>

It's worth noting that you're effectively trusting the TLS
certificate of getfedora.org in this process.  And if you're
doing that to get the signatures, you can just as well trust
it when you download the fedora.gpg file.  It's not bad to
check the fingerprints, it's just good to be aware of how
much (or how little) additional security it gets you.

-- 
Todd

Attachment: signature.asc
Description: PGP signature

_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux