Should Fedora rpms be signed?
seth vidal
skvidal at phy.duke.edu
Fri Nov 5 07:52:01 UTC 2004
On Fri, 2004-11-05 at 01:28 -0600, Satish Balay wrote:
>
> On Fri, 5 Nov 2004, seth vidal wrote:
>
> > This is just based on keys in your rpmdb.
> >
> > The idea is this:
> >
> > if you have 3 repos available to yum.
> >
> > They are signed with 3 separate gpg keys. So you've imported all the
> > keys into your rpmdb. The whole point of the feature I described before
> > is so you can say:
> >
> > the only packages I want from this repository are signed with _this_
> > key. If you get a package from this repository that is signed with any
> > other key, even if I have that key in my rpmdb, don't trust it.
>
> Ok - here you are saying EACH package is signed. And this pacakge
> signature is the one thats compared.
>
> The inferences I get from the above are:
>
> - all packages from all repos should be signed (ideally)
> - if an unsigned package is part of the dep-resolve list - then yum
> just aborts the transaction
> - (Obviously - the main feature) if the 'key' doesn't match the one
> seecified for this repo in yum.conf - the transaction is aborted.
>
> I do like this new feature. A couple of questions remain.
>
> - Where does sigining 'metadata' fit in here?
>
> - And this scheme would require rawhide pacakges also to be signed
> with some key. (or am I misreading this?)
>
let's be clear. I'm not proposing anything. I'm just describing an RFE
I've gotten before and that I've written some of the code for. It in no
way reflects what I think policy should be or is.
it has nothing to do with metadata signing.
I was just muddying the discussion somewhat.
-sv
More information about the fedora-test-list
mailing list