On 2013-01-08, Jaroslav Reznik <jreznik@xxxxxxxxxx> wrote: > >= Features/PackageSignatureCheckingDuringInstall = > https://fedoraproject.org/wiki/Features/PackageSignatureCheckingDuringInstall > > * Detailed description: > One long-standing problem in Fedora is that we don't check package signatures > during installation. This has been a persistent issue since the very beginning > of Fedora (and even in Red Hat Linux before it.) The reason for this has > always been that there's no way to form any root of trust for the signatures > in the repositories, and thus no reason they wouldn't have been modified along > with whatever package would need to be re-signed after tampering. > Reading till here makes me pondering how's possible rpm does not check package signature. > Following the implementation of Features/SecureBoot, we can extend the Secure > Boot keys as a root of trust provided by the hardware against which we can > verify a signature on our key files, thus guaranteeing that they're from the > same source as the boot media. > Now it's clear it's about insttalling distribution. Not about installing a package with rpm in general. Could reponsible person change title and abstract to be clear it's about _distribution_ installation? -- Petr -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
