Should Fedora rpms be signed?
Satish Balay
balay at fastmail.fm
Tue Oct 26 14:46:04 UTC 2004
On Tue, 26 Oct 2004, Douglas Furlong wrote:
> On Tue, 2004-10-26 at 15:13 +0200, nodata wrote:
> >
> > Then perhaps rawhide should be signed with a separate key that signs the
> > packages without a live body.
+1
> If this is done then it severely reduces the relevance of having them
> signed in the first place.
no it doesn't (see note below)
> My understanding is that, when a package is "signed" by redhat, a human
> steps up to the plate, does certain verifications, then puts in the pass
> phrase, and hey presto you have a signed package.
>
> Your suggestion automates the whole process, and drastically reduces the
> security model.
It will be much better than the current model of no signatures.
And 'rawhide-gpg-key' could mean 'rpm built on redhat-beehieve' - and
nothing more. It shouldn't have to mean beehieve not hacked &
'rawhide-gpg-key' is not stolen.
Also, I'm not sure how the human intervention guarantees that the
key/passphrases arn't stolen. The only way I can think of is
hardware-encryption (aka palladium?) where keys can never be
copied/stolen (in which case passphrases are not necessary)
And as a user - I should be able to query rpm db with:
list all packages currently installed that are signed with the key
'rawhide-gpg-key'
Satish
More information about the fedora-test-list
mailing list