Secrecy and user trust
Todd Denniston
Todd.Denniston at ssa.crane.navy.mil
Thu Sep 4 21:59:10 UTC 2008
Jeff Spaleta wrote, On 09/04/2008 05:05 PM:
> On Thu, Sep 4, 2008 at 12:57 PM, Bruno Wolff III <bruno at wolff.to> wrote:
>> Is that what my problem was yesterday? I filed a bugzilla about a key I
>> was trying to import (mostly about the error message not being very helpful)
>> and got feedback that the key was importable by the rawhide rpm. (Which I hope
>> to test late tonight or tomorrow.)
>
> Was it? I not completely up to speed on rpm's capabilities. But I
> think it was a problem at one point.... but i may not be remembering
> correctly. You shouldn't trust me.
>
> I think it would be wisest for the people who are suggesting that
> signed keys be used... go ahead and test that rpm can import them on
> F8 and F9 systems. If it doesn't work.. its a non-starter from a
> technical perspective and we need to move on.
>
> -jef
>
Although rpm may not have the ability to use keys with signatures in them,
this does NOT make it a non-starter.
PGP|GPG can generate DETACHED signatures[1], which can be used with the public
key file out side of rpm's band to verify the new key.
[1] gpg --help 2>&1 |grep "detached signature"
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
More information about the fedora-list
mailing list