Re: Should Fedora rpms be signed?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 26 Oct 2004, Douglas Furlong wrote:

> On Tue, 2004-10-26 at 15:13 +0200, nodata wrote:
> > 
> > Then perhaps rawhide should be signed with a separate key that signs the
> > packages without a live body.

+1

> If this is done then it severely reduces the relevance of having them
> signed in the first place.

no it doesn't (see note below)

> My understanding is that, when a package is "signed" by redhat, a human
> steps up to the plate, does certain verifications, then puts in the pass
> phrase, and hey presto you have a signed package.
> 
> Your suggestion automates the whole process, and drastically reduces the
> security model.

It will be much better than the current model of no signatures.

And 'rawhide-gpg-key' could mean 'rpm built on redhat-beehieve' - and
nothing more.  It shouldn't have to mean beehieve not hacked &
'rawhide-gpg-key' is not stolen.

Also, I'm not sure how the human intervention guarantees that the
key/passphrases arn't stolen. The only way I can think of is
hardware-encryption (aka palladium?) where keys can never be
copied/stolen (in which case passphrases are not necessary)

And as a user - I should be able to query rpm db with:

list all packages currently installed that are signed with the key
'rawhide-gpg-key'

Satish


[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]