mock: enable gpgcheck for f8 config file
seth vidal
skvidal at fedoraproject.org
Thu Jan 3 21:34:59 UTC 2008
On Thu, 2008-01-03 at 15:31 -0600, Michael E Brown wrote:
> So lets see if we can work this out.
>
> It looks to me like the goal of adding gpg key support is to add some
> stricter security guarantees around mock builds. It would be nice if you
> could codify exactly what you think the security guarantee should look
> like, and what are the possible attack vectors against this. This should
> guide us in resolving this.
>
> Yum uses urllib underneath to download stuff. I assume it would support
> https, but I dont know anything about how it verifies certificates.
>
it uses urlgrabber which uses urllib[2] underneath. ssl connections
specific ca to focus on.
but what does this have to do with gpg certs? gpg certs aren't ssl
certs.
-sv
More information about the Fedora-buildsys-list
mailing list