On Tue, Jan 08, 2013 at 03:52:02PM +0000, Petr Pisar wrote: > On 2013-01-08, Jaroslav Reznik <jreznik@xxxxxxxxxx> wrote: > > > >= Features/PackageSignatureCheckingDuringInstall = > > https://fedoraproject.org/wiki/Features/PackageSignatureCheckingDuringInstall > > > > * Detailed description: > > One long-standing problem in Fedora is that we don't check package signatures > > during installation. This has been a persistent issue since the very beginning > > of Fedora (and even in Red Hat Linux before it.) The reason for this has > > always been that there's no way to form any root of trust for the signatures > > in the repositories, and thus no reason they wouldn't have been modified along > > with whatever package would need to be re-signed after tampering. > > > Reading till here makes me pondering how's possible rpm does not check > package signature. > > > Following the implementation of Features/SecureBoot, we can extend the Secure > > Boot keys as a root of trust provided by the hardware against which we can > > verify a signature on our key files, thus guaranteeing that they're from the > > same source as the boot media. > > > Now it's clear it's about insttalling distribution. Not about installing > a package with rpm in general. > > Could reponsible person change title and abstract to be clear it's about > _distribution_ installation? Sure thing. It's now at https://fedoraproject.org/wiki/Features/PackageSignatureCheckingDuringOSInstall , and the title and description have been changed to match that. -- Peter -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
