[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Time to resurrect multi-key signatures in RPM?



On Tue, 2008-08-26 at 05:22 +0000, Bojan Smojver wrote:
> Seth Vidal <skvidal <at> fedoraproject.org> writes:
> 
> > why do you want that?
> > 
> > rpm -qp --dump pkg.rpm
> 
> Because I didn't read rpm manual page? ;-)
> 
> Yeah, that's really useful - thanks for that hint. Makes it really simple for
> people to compare content of packages.
> 
> You reckon this multi-key signing thing could be done in any practical fashion
> in Fedora?
> 

I think it will complicate things a lot for users to verify and it's not
obvious how much we'll gain in terms of security.

-sv



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]