Proposed F19 Feature: Package Signature Checking During Installation
jreznik at redhat.com
Tue Jan 8 15:25:30 UTC 2013
As decided by FESCo on 2012-12-05 meeting, all proposed Features are required
to pass through the community review by announcing them on devel-announce list.
FESCo votes on new features no sooner than a week from the announcement.
= Features/PackageSignatureCheckingDuringInstall =
* Detailed description:
One long-standing problem in Fedora is that we don't check package signatures
during installation. This has been a persistent issue since the very beginning
of Fedora (and even in Red Hat Linux before it.) The reason for this has
always been that there's no way to form any root of trust for the signatures
in the repositories, and thus no reason they wouldn't have been modified along
with whatever package would need to be re-signed after tampering.
Following the implementation of Features/SecureBoot, we can extend the Secure
Boot keys as a root of trust provided by the hardware against which we can
verify a signature on our key files, thus guaranteeing that they're from the
same source as the boot media.
More information about the devel-announce