Time to resurrect multi-key signatures in RPM?
Andrew Bartlett
abartlet at samba.org
Tue Aug 26 02:22:47 UTC 2008
On Tue, 2008-08-26 at 11:56 +1000, Bojan Smojver wrote:
> In the light of recent RPM signing intrusions, maybe we should resurrect
> the RPM feature where multiple signatures are allowed (i.e. --addsign is
> different to --resign)? With this we could then require N good
> signatures (and no bad ones) on each package before yum would trust the
> content.
> Signatories could also use alternative build systems with no public
> access (e.g. their own, Matt's at Dell etc.) to verify package checksums
> before signing, in order to avoid trusting a compromised Fedora build
> system.
I think the checksums would be the hardest part. Build times, hosts
and other details are very often embedded into a build.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080826/965eaddc/attachment.sig>
More information about the fedora-devel-list
mailing list