On Mon, 2004-11-01 at 18:50 -0500, Peter Jones wrote:
On Mon, 2004-11-01 at 17:34 -0600, Satish Balay wrote:
> Ok - you & Seth seem to have a solution to the problem.
>
> Still no good explanation why ALL keys should be treated the same.
Because there's nothing about a key that tells you how to treat it.
Exactly. There's where "common sense" comes into play, i.e. I shouldn't
enable Rawhide repositories if a broken system makes me cry.
> To me 'rehdat-key' is different from 'linva-key'
etc. And I think
> rawhide can do the same.
>
> The analogy I keep thinking is 'my signature' is differnet than
> 'RedHat's CEO's signature' treating both to mean the same is nuts..
But the signature isn't different in kind. You just "know" which
documents one is good on and which one isn't. But we don't have that
kind of knowledge for all keys. We don't know which repositories each
key is good for what on, and making the infrastructure to tell that
about keys is a lot of work. Making the infrastructure for a key to
sign something which tells us is significantly easier, I think.
Just to overstretch analogies a bit, the "signature" of Fisher-Price on
a kid's toy isn't different from the "signature" of Heckler&Koch on
a
submachine gun either. Despite that they convey very different messages
("when you push the button, the doll cries" vs. "... a whole family
cries").
Let's face it, currently a signed package only means "someone/-thing has
signed off on it" on a technical level, anything else is just what we
humans put into it and nothing tools can guess by themselves. I.e. we
can only differentiate between "keys we trust" on a certain system by
either putting them into yum.conf/sources or not. Everything beyond that
would need infrastructure that currently doesn't exist.
Nils
--
Nils Philippsen / Red Hat / nphilipp(a)redhat.com
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." -- B. Franklin, 1759
PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011