Should Fedora rpms be signed?

seth vidal skvidal at phy.duke.edu
Fri Nov 5 07:52:01 UTC 2004


On Fri, 2004-11-05 at 01:28 -0600, Satish Balay wrote:
> 
> On Fri, 5 Nov 2004, seth vidal wrote:
> 
> > This is just based on keys in your rpmdb.
> > 
> > The idea is this:
> > 
> > if you have 3 repos available to yum.
> > 
> > They are signed with 3 separate gpg keys. So you've imported all the
> > keys into your rpmdb. The whole point of the feature I described before
> > is so you can say:
> > 
> > the only packages I want from this repository are signed with _this_
> > key. If you get a package from this repository that is signed with any
> > other key, even if I have that key in my rpmdb, don't trust it.
> 
> Ok - here you are saying EACH package is signed. And this pacakge
> signature is the one thats compared. 
> 
> The inferences I get from the above are:
> 
> - all packages from all repos should be signed (ideally)
> - if an unsigned package is part of the dep-resolve list - then yum
>   just aborts the transaction
> - (Obviously - the main feature) if the 'key' doesn't match the one
>   seecified for this repo in yum.conf - the transaction is aborted.
> 
> I do like this new feature. A couple of questions remain.
> 
> - Where does sigining 'metadata' fit in here?
> 
> - And this scheme would require rawhide pacakges also to be signed
>   with some key. (or am I misreading this?)
> 

let's be clear. I'm not proposing anything. I'm just describing an RFE
I've gotten before and that I've written some of the code for. It in no
way reflects what I think policy should be or is.

it has nothing to do with metadata signing.

I was just muddying the discussion somewhat.

-sv





More information about the fedora-test-list mailing list