half baked idea for further baking: "fedora-ugly" repo

Matthew Miller mattdm at fedoraproject.org
Thu Feb 13 19:35:33 UTC 2014

On Thu, Feb 13, 2014 at 08:23:51PM +0100, Miroslav Suchy wrote:
> > It's not trivial, but it doesn't require either of those things. I think a
> > signing server with less security than Sigul would be adequate, or else a
> > Sigul instance with more relaxed policies.
> -1
> Rather no signing at all than less secure signing.

Let me elaborate, then. The current signing setup requires human
intervention, but we are using it in a way that provides no actual benefit
from a human being in the chain, and in fact introduces the possibility of
human error. So by less secure, I don't necessarily mean "less actual
security", but "less potential security, which is wasted anyway".

Matthew Miller    --   Fedora Project    --    <mattdm at fedoraproject.org>

More information about the env-and-stacks mailing list