On Tue, 26 Oct 2004, Douglas Furlong wrote:
On Tue, 2004-10-26 at 15:13 +0200, nodata wrote:
>
> Then perhaps rawhide should be signed with a separate key that signs the
> packages without a live body.
+1
If this is done then it severely reduces the relevance of having
them
signed in the first place.
no it doesn't (see note below)
My understanding is that, when a package is "signed" by
redhat, a human
steps up to the plate, does certain verifications, then puts in the pass
phrase, and hey presto you have a signed package.
Your suggestion automates the whole process, and drastically reduces the
security model.
It will be much better than the current model of no signatures.
And 'rawhide-gpg-key' could mean 'rpm built on redhat-beehieve' - and
nothing more. It shouldn't have to mean beehieve not hacked &
'rawhide-gpg-key' is not stolen.
Also, I'm not sure how the human intervention guarantees that the
key/passphrases arn't stolen. The only way I can think of is
hardware-encryption (aka palladium?) where keys can never be
copied/stolen (in which case passphrases are not necessary)
And as a user - I should be able to query rpm db with:
list all packages currently installed that are signed with the key
'rawhide-gpg-key'
Satish