Proposal: Single GPG key per Fedora release (starting with 11)
Jesse Keating
jkeating at redhat.com
Tue Apr 21 01:18:06 UTC 2009
On Mon, 2009-04-20 at 17:15 -0700, Toshio Kuratomi wrote:
>
> Would it make sense from a security and release standpoint to still have
> two keys but to divide their use differently?
>
> Key 1 is for beta/preview/release.
> Key 2 is for updates-testing/updates.
>
> It seems like this would prevent most of the churn surrounding resigning
> since the resigning happens between packages from (beta => preview =>
> release) and (updates-testing => updates) rather than (release => updates).
>
> It would also mean that we could create a revocation certificate for Key
> 1 and then delete the private key after beta/preview/release. That
> would limit the time a malicious party could compromise the key used to
> sign rpms on media and in the release tree which seems like it would
> give us a better chance of having a known good base should we ever be
> faced with distrusting packages that made it into our repository.
>
> Security is hard, though, so maybe someone can point out an error in my
> thinking :-)
RPM et al doesn't yet understand revocation certs, so that isn't going
to help you much there. Other than that, since we'll be using new keys
each release, I'm not even sure how much added value there would be in
using two different keys.
--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090420/63d92ad3/attachment.sig>
More information about the fedora-devel-list
mailing list