On Tue, 2008-08-26 at 11:56 +1000, Bojan Smojver wrote: > In the light of recent RPM signing intrusions, maybe we should resurrect > the RPM feature where multiple signatures are allowed (i.e. --addsign is > different to --resign)? With this we could then require N good > signatures (and no bad ones) on each package before yum would trust the > content. > Signatories could also use alternative build systems with no public > access (e.g. their own, Matt's at Dell etc.) to verify package checksums > before signing, in order to avoid trusting a compromised Fedora build > system. I think the checksums would be the hardest part. Build times, hosts and other details are very often embedded into a build. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
Description: This is a digitally signed message part