Why different keys for -testing and non-testing?
Jesse Keating
jkeating at redhat.com
Sat Jan 17 16:59:09 UTC 2009
On Sat, 2009-01-17 at 10:31 -0500, Steve Grubb wrote:
>
> I have a machine that has been migrated for a long time. It has 9
> gpg-pubkey packages installed. Which ones are valid? Why don't they get
> retired by obsoletes or something?
We explored these options after the incident. Last I heard the only
current way this is going to work is if an updated rpm package is
released that has a hardcoded distrust of the keys that might have been
compromised. However I do believe it's on their roadmap to revamp how
keys are used so that we could revoke or expire keys, regardless of
where they come from.
> Could someone use my ancient gpg-pubkeys
> as a basis for an attack on repo metadata
> (http://www.cs.arizona.edu/people/justin/packagemanagersecurity/attacks-on-package-managers.html)
> and provide an older package with known security holes?
>
> Old keys should be retired. We should also make import of keys an auditable
> event.
Are not all rpm actions audited? Importing a key essentially installs
it into the rpm database.
--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090117/39b76851/attachment.sig>
More information about the fedora-devel-list
mailing list