Re: Should Fedora rpms be signed?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: fedora-test-list@xxxxxxxxxx
Subject: Re: Should Fedora rpms be signed?
From: "William Hooper" <whooperhsd3@xxxxxxxxxxxxx>
Date: Fri, 29 Oct 2004 09:18:19 -0400 (EDT)
Importance: Normal
In-reply-to: <41823E17.5@gats-inc.com>
List-archive: </archives/fedora-test-list>
List-help: <mailto:fedora-test-list-request@redhat.com?subject=help>
List-id: For testers of Fedora Core development releases <fedora-test-list.redhat.com>
List-post: <mailto:fedora-test-list@redhat.com>
List-subscribe: <http://www.redhat.com/mailman/listinfo/fedora-test-list>, <mailto:fedora-test-list-request@redhat.com?subject=subscribe>
List-unsubscribe: <http://www.redhat.com/mailman/listinfo/fedora-test-list>, <mailto:fedora-test-list-request@redhat.com?subject=unsubscribe>
References: <49796.195.34.133.68.1098782874.squirrel@195.34.133.68> <2983.12.29.16.103.1098793539.squirrel@whooper.org> <1098794047.11444.1.camel@localhost.localdomain> <2073.12.29.16.103.1098966545.squirrel@whooper.org> <26048.213.164.3.90.1098966862.squirrel@213.164.3.90> <1098981281.6109.28.camel@localhost.localdomain> <1099047474.4019.10.camel@gibraltar.stuttgart.redhat.com> <41823E17.5@gats-inc.com>
Reply-to: For testers of Fedora Core development releases <fedora-test-list@xxxxxxxxxx>
User-agent: SquirrelMail/1.5.1 [CVS]

John Burton said:
[snip]
> As far as signing packages vs. signing meta-data... Digital signatures
> are like real signatures, you want to make sure they are actually attached
> to what you are signing.
[snip]

IIRC the discussion was that signed meta-data would have the signatures
attached to the MD5sums of the packages.  The MD5sums of the download
could then be checked against the meta-data, verifying that the package is
the same as the package used to create the meta-data.

-- 
William Hooper

Follow-Ups:
- Re: Should Fedora rpms be signed?
  - From: Nils Philippsen
- Re: Should Fedora rpms be signed?
  - From: John Burton

References:
- Should Fedora rpms be signed?
  - From: nodata
- Re: Should Fedora rpms be signed?
  - From: William Hooper
- Re: Should Fedora rpms be signed?
  - From: Matias Féliciano
- Re: Should Fedora rpms be signed?
  - From: William Hooper
- Re: Should Fedora rpms be signed?
  - From: nodata
- Re: Should Fedora rpms be signed?
  - From: Peter Jones
- Re: Should Fedora rpms be signed?
  - From: Nils Philippsen
- Re: Should Fedora rpms be signed?
  - From: John Burton

Prev by Date: Re: Should Fedora rpms be signed?
Next by Date: NTFS filesystem...
Previous by thread: Re: Should Fedora rpms be signed?
Next by thread: Re: Should Fedora rpms be signed?
Index(es):
- Date
- Thread

[Index of Archives] [Fedora Desktop] [Fedora SELinux] [Photo Sharing] [Yosemite Forum] [KDE Users]