Should Fedora rpms be signed?

Satish Balay balay at fastmail.fm
Fri Nov 5 06:34:32 UTC 2004



On Thu, 4 Nov 2004, Peter Jones wrote:

> My model is that the signature is more than just a gpg signature.
> Conceptually, it's a signature on a certificate with data that specifies
> exactly which ways the package may be trusted.  One could actually
> implement it that way, which I think we should, but it's some
> significant effort.

Yeah - but we don't have that right now. The thing we are debating is
- why signing 'rawhide' with gpg key is wrong.

> 
> The specific proposal here was that when you *don't* mean the things
> that people infer from a signed package, don't sign the package. 

You mean Axel, Dag should't sign the packages they
distribute. (because that would imply its equally trustworthy as
redhat-certified)

And according to your model - If I were to distribure signed/unsigned
packages - the expection for unsigned is different(can eat data) - but
signed is different (extremely stable)

The question is: How does your user know that the pacakge I
distribured is signed with a gpg-key?

Satish




More information about the test mailing list