Re: F42 Change Proposal: DNF5 Expired Keys (System-Wide)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Jan,

> On 5. Dec 2024, at 09:15, Jan Kolarik <jkolarik@xxxxxxxxxx> wrote:
> 
> Although this wasn’t the main intent of the proposal, it was suggested by the RPM team to also consider this aspect when checking for expired PGP keys. The idea is to leverage the existing RPM method pgpPubKeyLint, which evaluates whether a given key is usable for verification. While this check is performed during key import, scenarios could arise where a key becomes broken or deemed weak after it has already been imported.
> 
> This behavior would depend on the policy configured on the system (see rpm-sequoia for reference). Incorporating this check is more of a suggested enhancement for the proposed plugin implementation and has not yet been fully specified.

OK, thanks for the answer. I think this is a good feature, but I understand that you don’t want to make it part of the change proposal right now.


-- 
Clemens Lang
RHEL Crypto Team
Red Hat

-- 
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux