On Friday, 12 February 2021 at 20:22, Miroslav Suchý wrote: > All Fedora's GPG key - starting with Fedora 27 - are now stored in > fedoraproject.org DNS record and can be verified using DNSSEC. > > Why? How it can be used? That is long story and you can read about it in my blog entry: > http://miroslav.suchy.cz/blog/archives/2021/02/11/verify_package_gpg_signature_using_dnssec/index.html > > Few last minutes notes here: > - there are still some gotchas which should be fixed. But enough code is > already in production - you can play with it now. Relevant issues are linked > in the blog post. > - the DNF team is migrating their code to libdnf, I do not have any > guarantee when this piece of code will be migrating - so we are far from > enabling this by default. > > Comments are welcomed. systemd-resolved breaks this in F33: https://bugzilla.redhat.com/show_bug.cgi?id=1823480 Regards, Dominik -- Fedora https://getfedora.org | RPM Fusion http://rpmfusion.org There should be a science of discontent. People need hard times and oppression to develop psychic muscles. -- from "Collected Sayings of Muad'Dib" by the Princess Irulan _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
