On Mon, 2004-10-25 at 13:42, Matias F�ciano wrote: [snip] > By not signing their rpm in rawhide, Red Hat "force" me to take risk > (fake rpm, ...) for _nothing_. I don't want to take these risks. With this statement, along with Ian Pilcher's last post to this thread, perhaps I should shut up about it, since, in essence, I'm in violent agreement with both of you ;-). But, I tend to agree with what someone posted about packages signed with keys that are not password protected being only marginally better than packages not signed at all. I think it was actually in Bruce Schneier's Cryptogram that I read the statement, paraphrased, that if it's worth protecting at all, then it's worth having a password that must be typed (in reference to web server certificates, but the principle is the same). So, since I haven't seen any proposals, yet, for how to make sure packages are signed, without using password-less keys, how about this idea: Have more than one signing key for *develpment packages only*, named RPM-GPG-KEY-fedora-test-arjanv, RPM-GPG-KEY-fedora-test-alan, RPM-GPG-KEY-test-davej, etc, etc. Give it enough spread across Red Hat to give better odds that at least one of the signers will always be available. Shot in the dark: maybe five signers? Rotate signing responsibility on a weekly basis, maybe? This maybe a good prep for allowing more community participation as well, giving a few outsiders signing rights with a public key in /usr/share/rhn. That's the hope, anyhow, since I suspect it may be a problem for Red Hat to give internal Red Hat folks *more* responsibility in regards to Fedora Core. Anyhow, I figured I just throw that out there as idea just off the top of my head. Thoughts? -- -Paul Iadonisi Senior System Administrator Red Hat Certified Engineer / Local Linux Lobbyist Ever see a penguin fly? -- Try Linux. GPL all the way: Sell services, don't lease secrets