[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Time to resurrect multi-key signatures in RPM?



Bojan Smojver <bojan <at> rexursive.com> writes:

> Say there are 10 signatories in the pool. Yum would check that:
> 
> - the package is signed with the Fedora key
> - the package is signed by at least N (say 2) other keys from the pool
> - failing the above, it would not accept the package

Just for completeness, yum could alternatively accept say 5 keys from the pool
(but no Fedora key), so that any compromise of the central key does not cause
the current "change the Fedora key" hoopla. Simply resign by others and continue.

--
Bojan





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]