Re: Fedora's GPG key in DNS(SEC)

Saturday, 13 February 2021

Dne 12. 02. 21 v 20:22 Miroslav Suchý napsal(a):
...
 All Fedora's GPG key - starting with Fedora 27 - are now stored
in fedoraproject.org DNS record and can be verified 
 using DNSSEC.

 Why? How it can be used? That is long story and you can read about it in my blog entry:

http://miroslav.suchy.cz/blog/archives/2021/02/11/verify_package_gpg_sign...

 Few last minutes notes here:
   - there are still some gotchas which should be fixed. But enough code is already in
production - you can play with it 
 now. Relevant issues are linked in the blog post.
   - the DNF team is migrating their code to libdnf, I do not have any guarantee when this
piece of code will be 
 migrating - so we are far from enabling this by default.

 Comments are welcomed. 
Does somebody knows where is the source for:
   https://getfedora.org/security/
? I want to submit PR with information that these keys are in DNS as well, but I have no
idea where to go.

-- 
Miroslav Suchy, RHCA
Red Hat, Associate Manager, Community Packaging Tools, #brno, #fedora-buildsys

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Re: Fedora's GPG key in DNS(SEC)