Should Fedora rpms be signed?
Satish Balay
balay at fastmail.fm
Tue Nov 2 00:13:15 UTC 2004
On Mon, 1 Nov 2004, Peter Jones wrote:
> On Mon, 2004-11-01 at 17:34 -0600, Satish Balay wrote:
> > Ok - you & Seth seem to have a solution to the problem.
> >
> > Still no good explanation why ALL keys should be treated the same.
>
> Because there's nothing about a key that tells you how to treat it.
Thats because the 'user' decides how to use the key - and had a choice
to differenciate.
> > To me 'rehdat-key' is different from 'linva-key' etc. And I think
> > rawhide can do the same.
> >
> > The analogy I keep thinking is 'my signature' is differnet than
> > 'RedHat's CEO's signature' treating both to mean the same is nuts..
>
> But the signature isn't different in kind. You just "know" which
> documents one is good on and which one isn't. But we don't have that
> kind of knowledge for all keys. We don't know which repositories each
> key is good for what on, and making the infrastructure to tell that
> about keys is a lot of work. Making the infrastructure for a key to
> sign something which tells us is significantly easier, I think.
Ok - here you want the key to carry additional pay-load - and the
infracture tools automatically use/manage this info.
But I'm thinking the user manages keys - and assigns meaning to it.
For eg: I'd like to be able to say:
- if updates signed with 'fedora.us-key' give me a big fat warning.
- if update signed with 'fedora.us-key' && foo-bar-key - go ahead and
install. (where foo-bar user contributed that package to fedora.us)
I guess both modes should be possible.
Satish
More information about the test
mailing list