On Mon, 2009-04-20 at 17:15 -0700, Toshio Kuratomi wrote: > > Would it make sense from a security and release standpoint to still have > two keys but to divide their use differently? > > Key 1 is for beta/preview/release. > Key 2 is for updates-testing/updates. > > It seems like this would prevent most of the churn surrounding resigning > since the resigning happens between packages from (beta => preview => > release) and (updates-testing => updates) rather than (release => updates). > > It would also mean that we could create a revocation certificate for Key > 1 and then delete the private key after beta/preview/release. That > would limit the time a malicious party could compromise the key used to > sign rpms on media and in the release tree which seems like it would > give us a better chance of having a known good base should we ever be > faced with distrusting packages that made it into our repository. > > Security is hard, though, so maybe someone can point out an error in my > thinking :-) RPM et al doesn't yet understand revocation certs, so that isn't going to help you much there. Other than that, since we'll be using new keys each release, I'm not even sure how much added value there would be in using two different keys. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
