On Wed, 2007-08-22 at 13:55 -0400, Colin Walters wrote: > > The obvious default policy to me is: > > * Fedora trusts the GPG keys it ships > * All other keys are denied I'd say: * PackageKit trusts the GPG keys that are in /etc/pki. * All other keys are denied. Yum, on the other hand, does ask and show a fingerprint, but it also shows the path to the key (IIRC), so the smart user can see if it's a trusted key from /etc/pki or if it's an unknown key that she needs to check. > The scenario where this does break down is installing software from > other sites like livna. If we have some sort of hoop there in the > process that's probably fine. Maybe you have to "sudo rpm -ivh > http://livna.org/gpg.asc";, or click some dialog. Firefox makes users > installing extensions wait 3 seconds. Yup. Which is basically what we have today. You do rpm -ivh http://www.3dparty.org/3rdpart-release.rpm That puts the key in /etc/pki, which means you've agreed to trust it. As long as 3dparty.org is a good repo and you're net being MITM:d, it's fine. And it's a manual step that requires doing stuff in a root shell or responing with the root password when you click on the rpm link in the browser. There's room for improvement here though, perhaps if some legally and technically sane way of helping the use figure out who to trust can be found. /abo -- Fedora-desktop-list mailing list Fedora-desktop-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-desktop-list
