Re: Why are updates processed so slowly?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



2009/2/6 Jesse Keating <jkeating@xxxxxxxxxx>:
> On Fri, 2009-02-06 at 14:43 +0100, Christoph Höger wrote:
>> ONe question arrises when thinking about it:
>>
>> What does that single person really sign for? I mean: When I upload an
>> update to a package I maintain, does the signing by that "super secret"
>> key have any other meaning than: "Yes it came from choeger who has a valid FAS account"?
>>
>> Really, why do we need that key to have a password?
>> Shouldn't it be suffice to have all FAS keys signed properly and use them to sign packages when they're handed in?
>>
>> Maybe Jesse himself could clarify that a bit.
>
> The signing shows that the package came from the Fedora Buildsystem, and
> is destined for the proper repo.  The end user only has to trust one,
> maybe two keys to allow the installation of anything from the base,
> updates, and maybe updates-testing repo.
>
> rpm does not understand the web of trust, so there is no way to trust
> one key, and implicitly trust any other keys that one key has signed.
> And since rpm will happily install anything with a trusted key,
> regardless of what repo it came from, keeping the key secret and private
> is critical for our end user's security.
>
> I'm currently training Josh Boyer from the releng team on how to do
> package signing and updates pushing.
>
> --
> Jesse Keating
> Fedora -- Freedom² is a feature!
> identi.ca: http://identi.ca/jkeating
>
> --
> fedora-devel-list mailing list
> fedora-devel-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-devel-list
>

What about the signing server? How should it replace the human factor?
Why is it so complicated to be implemented?

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux