* Patrick マルタインアンドレアス Uiterwijk: >> https://fedoraproject.org/wiki/Changes/Signed_RPM_Contents >> > > I'd like to point out that after many requests, I have updated the > change page for this significantly, with more details as to the goals > (and non-goals) of this feature, and answers to many other questions > asked. > > Please have another look if you are interested in this. I still have questions. Is it possible to enrol more than one signing key? Do the signatures cover path and package names. If they do, how do they work with hard links? How does the system ensure that no unwanted package has been installed? How does this system handle revocation? Can we mark individual builds as untrusted, or do we have to perform a key rollover and resign the release? Apart from the free software issue, my main concern is that the trust model is so unclear. Just because something has been signed by Fedora (because it went into some compose) doesn't been it will result in a secure system if it's installed as /bin/bash. The trust model appears to assume that. Is there a documentation of the trust model? Thanks, Florian -- Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx