[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Time to resurrect multi-key signatures in RPM?

On Tue, 2008-08-26 at 11:56 +1000, Bojan Smojver wrote:
> In the light of recent RPM signing intrusions, maybe we should resurrect
> the RPM feature where multiple signatures are allowed (i.e. --addsign is
> different to --resign)? With this we could then require N good
> signatures (and no bad ones) on each package before yum would trust the
> content.

> Signatories could also use alternative build systems with no public
> access (e.g. their own, Matt's at Dell etc.) to verify package checksums
> before signing, in order to avoid trusting a compromised Fedora build
> system.

I think the checksums would be the hardest part.   Build times, hosts
and other details are very often embedded into a build. 

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]