Adam Williamson wrote: > On Tue, 2012-12-18 at 02:05 +0100, Björn Persson wrote: > > Adam Williamson wrote: > > > anyhow, the tricky thing here lies in somehow making it safe for > > > fedup to *automatically* import the correct key for the next > > > release. This is a subtlish problem. > > > > There's another thing that also needs to be fixed. If I've > > understood > > what I've read correctly, then Fedup downloads a kernel and a > > ramdisk > > which make up that isolated environment that Adam mentioned. Those > > files aren't RPM packages and aren't signed like the packages are. > > Those who have the secret keys need to start signing the > > kernel/ramdisk pair, and Fedup needs to verify that signature. > > Naturally the signature must be verified before the kernel/ramdisk > > pair is booted. > > That, we already have a bug for and it is being worked on, I believe. The bug report that Rahul linked to seems to cover both issues. At least both issues have been discussed there. I hope that both issues are also being worked on, but I also hoped that those same issues would get addressed for Preupgrade, and it never happened. Björn Persson -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
