Re: F42 Change Proposal: DNF5 Expired Keys (System-Wide)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Clemens,

Thank you as well for supporting the proposal!

Does this mean that after switching to a more strict crypto-policy, the next run would remove (or propose to remove) keys that are no longer considered secure under that crypto-policy?

Although this wasn’t the main intent of the proposal, it was suggested by the RPM team to also consider this aspect when checking for expired PGP keys. The idea is to leverage the existing RPM method pgpPubKeyLint, which evaluates whether a given key is usable for verification. While this check is performed during key import, scenarios could arise where a key becomes broken or deemed weak after it has already been imported.

This behavior would depend on the policy configured on the system (see rpm-sequoia for reference). Incorporating this check is more of a suggested enhancement for the proposed plugin implementation and has not yet been fully specified.

Jan

On Wed, Dec 4, 2024 at 3:12 PM Clemens Lang <cllang@xxxxxxxxxx> wrote:
Hi Jan,


I support this proposal, it’s a good idea and it will certainly improve the user experience in this area.
I have one question:

> On 3. Dec 2024, at 18:18, Aoife Moloney via devel-announce <devel-announce@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
> We aim to address customer issues when installing RPM packages from
> repositories while outdated repository keys are present on the system.
> These issues include expired keys, obsolete signing algorithms (e.g.,
> SHA1), or other problems that could be easily detected by tools like
> an RPM PGP linter. Currently, PGP checks fail, and users must manually
> remove expired keys using commands like `rpmkeys --delete`.
>
> The proposed solution is a new LIBDNF5 plugin. This plugin will act as
> a hook, checking for invalid repository PGP keys on the system before
> executing a DNF transaction.

Does this mean that after switching to a more strict crypto-policy, the next run would remove (or propose to remove) keys that are no longer considered secure under that crypto-policy?


Thanks,
Clemens

--
Clemens Lang
RHEL Crypto Team
Red Hat

-- 
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux