Time to resurrect multi-key signatures in RPM?

[Bojan Smojver]

Bill Crawford <billcrawford1970 <at> gmail.com> writes:

> What might be good, is only signing packages with one or two keys, but
> only allowing those keys' public parts to be updated in rpm database
> (or wherever) if signed by a much larger number of keys, which would
> be owned by some trusted people from the fedora project. Then
> automated rollover could be done by simply providing a new "keyring"
> in updates.

Exactly. Imagine if yum trusted fedora-release package signed by 5 keys of
signatories from the pool. This could have been delivered immediately upon
(potential) compromise, which would mean:

- seamless transition to new Fedora key without ever trusting the old key
- automatic delivery of revocation certificate for the old key
- instant suitability of all packages to be resigned by the new key

So, not only would attackers be unable to subvert the packages by stealing
Fedora key (because they'd need other signatories to agree to sign bad
packages), but any (potential) compromise would be quickly dealt with.

--
Bojan