Re: More prominent link to verification hashes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thursday, February 25, 2016 08:05:59 PM Ralf Senderek wrote:
> On Thu, 25 Feb 2016, Dennis Gilmore wrote:
> >  No one has access to the private key. It lives on a server that has no
> >  services running that listen for connections. There is a service that
> >  runs
> >  on
> >  it that talks to the signing bridge. That brokers all requests. Users
> >  with
> >  access do not know the password to unlock the key. The signing server
> >  manages
> >  access. There is exactly two copies of the private key, one embeded in
> >  encrypted storage on the signing server and a backup of the encrypted
> >  storage
> >  on the backup server. It has been designed to allow the granting and
> >  revocation of access without the need for having a copy of the private
> >  key.
> >  
> >  https://fedorahosted.org/sigul/ is the software we use
> >  
> >  Dennis
> 
> Thank you for providing this valuable information about the handling
> of the private key that enables Fedora ISO signing. This information
> should be shared and highlighted as it is helping to create trust in
> the use of this key.
> As a personal request, would you be so kind as to confirm the fingerprint
> here (and maybe somewhere else), please. Thank you very much.

Which fingerprint? There is a number of keys

Dennis

Attachment: signature.asc
Description: This is a digitally signed message part.

--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux