2009/2/6 Jesse Keating <jkeating@xxxxxxxxxx>: > On Fri, 2009-02-06 at 14:43 +0100, Christoph Höger wrote: >> ONe question arrises when thinking about it: >> >> What does that single person really sign for? I mean: When I upload an >> update to a package I maintain, does the signing by that "super secret" >> key have any other meaning than: "Yes it came from choeger who has a valid FAS account"? >> >> Really, why do we need that key to have a password? >> Shouldn't it be suffice to have all FAS keys signed properly and use them to sign packages when they're handed in? >> >> Maybe Jesse himself could clarify that a bit. > > The signing shows that the package came from the Fedora Buildsystem, and > is destined for the proper repo. The end user only has to trust one, > maybe two keys to allow the installation of anything from the base, > updates, and maybe updates-testing repo. > > rpm does not understand the web of trust, so there is no way to trust > one key, and implicitly trust any other keys that one key has signed. > And since rpm will happily install anything with a trusted key, > regardless of what repo it came from, keeping the key secret and private > is critical for our end user's security. > > I'm currently training Josh Boyer from the releng team on how to do > package signing and updates pushing. > > -- > Jesse Keating > Fedora -- Freedom² is a feature! > identi.ca: http://identi.ca/jkeating > > -- > fedora-devel-list mailing list > fedora-devel-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-devel-list > What about the signing server? How should it replace the human factor? Why is it so complicated to be implemented? -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
