> == How To Test ==
> You can verify that a signature has been put in place by looking at
> the extended attribute by running: `getfattr -d -m security.ima
> /usr/bin/bash` (change `/usr/bin/bash` with the file to check).
Can one easily query the RPM archive for the signature blob for any
given file it contains?
> The signatures can be tested “in vitro” by running `evmctl ima_verify
> --key publiccert.der -v myfile.txt`.
> [...]
> The full system could be tested by enrolling the Fedora IMA key [...]
How will this key be distributed on the distro filesystem or on the web?
The pub keys will be both, I've added a paragraph to the detailed description.
> Will it be signed by an already trusted CA?
>
>
> - FChE
> _______________________________________________
> devel mailing list -- devel(a)lists.fedoraproject.org
> To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure