Time to resurrect multi-key signatures in RPM?
Seth Vidal
skvidal at fedoraproject.org
Tue Aug 26 11:38:01 UTC 2008
On Tue, 2008-08-26 at 05:22 +0000, Bojan Smojver wrote:
> Seth Vidal <skvidal <at> fedoraproject.org> writes:
>
> > why do you want that?
> >
> > rpm -qp --dump pkg.rpm
>
> Because I didn't read rpm manual page? ;-)
>
> Yeah, that's really useful - thanks for that hint. Makes it really simple for
> people to compare content of packages.
>
> You reckon this multi-key signing thing could be done in any practical fashion
> in Fedora?
>
I think it will complicate things a lot for users to verify and it's not
obvious how much we'll gain in terms of security.
-sv
More information about the fedora-devel-list
mailing list