[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Time to resurrect multi-key signatures in RPM?



Bruno Wolff III <bruno <at> wolff.to> writes:

> And adds another. If one of those third parties goes belly up, then Fedora
> is going to have to take extraordinary measures to get packages signed in
> a way that will be axxepted again.

Not true. As I mentioned before, the criteria would be that package is signed
with N good keys. So, resigning with someone else's key would be sufficient to
overcome this.

BTW, third parties do not have to be companies. They can be trusted Fedora
contributors, for instance.

--
Bojan





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]