Hi, as a bind-utils maintainer, I have to ask. Why is dig -t TYPE61 used, when all stable Fedora supports dig -t OPENPGPKEY just fine. Type61 might be used as fallback for older releases On 2/12/21 8:22 PM, Miroslav Suchý wrote: > All Fedora's GPG key - starting with Fedora 27 - are now stored in > fedoraproject.org DNS record and can be verified using DNSSEC. > > Why? How it can be used? That is long story and you can read about it in > my blog entry: > > http://miroslav.suchy.cz/blog/archives/2021/02/11/verify_package_gpg_signature_using_dnssec/index.html > > > Few last minutes notes here: > - there are still some gotchas which should be fixed. But enough code > is already in production - you can play with it now. Relevant issues are > linked in the blog post. > - the DNF team is migrating their code to libdnf, I do not have any > guarantee when this piece of code will be migrating - so we are far from > enabling this by default. > > Comments are welcomed. -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemensik@xxxxxxxxxx PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
