On Fri, 2009-02-06 at 14:43 +0100, Christoph Höger wrote: > ONe question arrises when thinking about it: > > What does that single person really sign for? I mean: When I upload an > update to a package I maintain, does the signing by that "super secret" > key have any other meaning than: "Yes it came from choeger who has a valid FAS account"? > > Really, why do we need that key to have a password? > Shouldn't it be suffice to have all FAS keys signed properly and use them to sign packages when they're handed in? > > Maybe Jesse himself could clarify that a bit. The signing shows that the package came from the Fedora Buildsystem, and is destined for the proper repo. The end user only has to trust one, maybe two keys to allow the installation of anything from the base, updates, and maybe updates-testing repo. rpm does not understand the web of trust, so there is no way to trust one key, and implicitly trust any other keys that one key has signed. And since rpm will happily install anything with a trusted key, regardless of what repo it came from, keeping the key secret and private is critical for our end user's security. I'm currently training Josh Boyer from the releng team on how to do package signing and updates pushing. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
