Should Fedora rpms be signed?
Nils Philippsen
nphilipp at redhat.com
Thu Nov 4 10:33:00 UTC 2004
On Mon, 2004-11-01 at 18:50 -0500, Peter Jones wrote:
> On Mon, 2004-11-01 at 17:34 -0600, Satish Balay wrote:
> > Ok - you & Seth seem to have a solution to the problem.
> >
> > Still no good explanation why ALL keys should be treated the same.
>
> Because there's nothing about a key that tells you how to treat it.
Exactly. There's where "common sense" comes into play, i.e. I shouldn't
enable Rawhide repositories if a broken system makes me cry.
> > To me 'rehdat-key' is different from 'linva-key' etc. And I think
> > rawhide can do the same.
> >
> > The analogy I keep thinking is 'my signature' is differnet than
> > 'RedHat's CEO's signature' treating both to mean the same is nuts..
>
> But the signature isn't different in kind. You just "know" which
> documents one is good on and which one isn't. But we don't have that
> kind of knowledge for all keys. We don't know which repositories each
> key is good for what on, and making the infrastructure to tell that
> about keys is a lot of work. Making the infrastructure for a key to
> sign something which tells us is significantly easier, I think.
Just to overstretch analogies a bit, the "signature" of Fisher-Price on
a kid's toy isn't different from the "signature" of Heckler&Koch on a
submachine gun either. Despite that they convey very different messages
("when you push the button, the doll cries" vs. "... a whole family
cries").
Let's face it, currently a signed package only means "someone/-thing has
signed off on it" on a technical level, anything else is just what we
humans put into it and nothing tools can guess by themselves. I.e. we
can only differentiate between "keys we trust" on a certain system by
either putting them into yum.conf/sources or not. Everything beyond that
would need infrastructure that currently doesn't exist.
Nils
--
Nils Philippsen / Red Hat / nphilipp at redhat.com
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." -- B. Franklin, 1759
PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011
More information about the fedora-test-list
mailing list