Proposed F19 Feature: Package Signature Checking During Installation

Peter Jones pjones at redhat.com
Tue Jan 8 18:15:17 UTC 2013


On Tue, Jan 08, 2013 at 11:04:30AM -0500, Steve Clark wrote:
>
> What about repins? I want to add my own custom package that is not signed and create a new CD with a custom ks.cfg.
> How would that work?

You'd generate your own key, and people using your packages, who have
presumably decided they trust that you're really you through some other
method, would enrol your key in the MoK list on the machine.  Alternately
you can pay $99 (one time only) and get your keys signed by something the
machine already trusts.  I'll write more thorough documentation on each of
the processes to do these as this moves forward.

-- 
        Peter


More information about the devel mailing list