[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Time to resurrect multi-key signatures in RPM?



On Tue, Aug 26, 2008 at 03:27:43 +0000,
  Bojan Smojver <bojan rexursive com> wrote:
> 
> I guess from Red Hat's point of view, the only difference would be that Fedora
> packages would not be valid unless signed and uploaded back to updates by
> (required number of) other signatories.

I don't think you are really going to gain much from doing that. And there
is certainly going to be a lot of pain associated with that. It creates
extra work, adds delays, and adds a dependence on third parties. And it
doesn't completely prevent people from getting bad code signed.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]