Should Fedora rpms be signed?

Nils Philippsen nphilipp at redhat.com
Thu Nov 4 10:33:00 UTC 2004 

On Mon, 2004-11-01 at 18:50 -0500, Peter Jones wrote:
> On Mon, 2004-11-01 at 17:34 -0600, Satish Balay wrote:
> > Ok - you & Seth seem to have a solution to the problem.
> > 
> > Still no good explanation why ALL keys should be treated the same.
> 
> Because there's nothing about a key that tells you how to treat it.

Exactly. There's where "common sense" comes into play, i.e. I shouldn't
enable Rawhide repositories if a broken system makes me cry.

> > To me 'rehdat-key' is different from 'linva-key' etc. And I think
> > rawhide can do the same.
> > 
> > The analogy I keep thinking is 'my signature' is differnet than
> > 'RedHat's CEO's signature' treating both to mean the same is nuts..
> 
> But the signature isn't different in kind.  You just "know" which
> documents one is good on and which one isn't.  But we don't have that
> kind of knowledge for all keys.  We don't know which repositories each
> key is good for what on, and making the infrastructure to tell that
> about keys is a lot of work.  Making the infrastructure for a key to
> sign something which tells us is significantly easier, I think.

Just to overstretch analogies a bit, the "signature" of Fisher-Price on
a kid's toy isn't different from the "signature" of Heckler&Koch on a
submachine gun either. Despite that they convey very different messages
("when you push the button, the doll cries" vs. "... a whole family
cries").

Let's face it, currently a signed package only means "someone/-thing has
signed off on it" on a technical level, anything else is just what we
humans put into it and nothing tools can guess by themselves. I.e. we
can only differentiate between "keys we trust" on a certain system by
either putting them into yum.conf/sources or not. Everything beyond that
would need infrastructure that currently doesn't exist.

Nils
-- 
     Nils Philippsen    /    Red Hat    /    nphilipp at redhat.com
"They that can give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety."     -- B. Franklin, 1759
 PGP fingerprint:  C4A8 9474 5C4C ADE3 2B8F  656D 47D8 9B65 6951 3011

More information about the fedora-test-list mailing list