On Fri, Dec 6, 2019 at 3:02 AM Lennart Poettering <mzerqung@xxxxxxxxxxx> wrote: > Humm, so you turn off gpg verification of RPMs you install? Nah, you > don't, because you put trust in Fedora that the RPMs they build are > somewhat safe to use. That's what vendor trust means. Since regular > users (and even very technical ones) cannot personally validate the > trustworthiness of compiled code we outsource that to distributions, > and trust the vendor's benevolence and understanding of things. And > that's the correct way to build integrity for OS resources. We also have the source code, for Fedora, which we can compile and compare, which has its own trust issues. Vendor trust should not be automatic nor absolute. GPG keys for RPM are also validation keys, and provide robust, procedurally integrated checksum. for content that is often transferred unencrypted and thus is vulnerable to transmission or local transcription errors. Since most yum configurations publish a pointer to an offsite public GPG key, they're not that useful for individually maintained 3rd party repos that people may choose to use. It's rather different when vendor keys are used to encrypt a user's *own* data. That's the core issue of Trusted Computing. Even if you generate your own keys, the vendor normally holds a copy in escrow, and the vendor has the root keys tied to your personal hardware and work their way down the keychain. It's part of hte lost key data recovery system, if systemd is going to enter the game of encrypting local filesystems robustly. I'd suggest taking a look at the lessons learned from Trusted Computing. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
