Bruno Wolff III <bruno <at> wolff.to> writes: > I don't think you are really going to gain much from doing that. This depends on a particular point of view, of course. If it so happened that Fedora (and/or RHEL) signing key was compromised during the most recent intrusion, it would have been game over for users. Not so if packages had to be signed by multiple keys before being accepted by yum. > and adds a dependence on third parties I see that as a feature, actually. It eliminates single point of failure. > And it doesn't completely prevent people from getting bad code signed. I don't think it is possible to design a system that does that completely. But, at least you have more folks looking over the packages (from multiple sources) before signing them - more chance of spotting inconsistencies. -- Bojan -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
