Web of Trust (a revolution)
Mikkel L. Ellertson
mikkel at infinity-ltd.com
Fri Mar 27 22:21:00 UTC 2009
Stanisław T. Findeisen wrote:
> Friends,
>
> Inspired by the recent problems with checksums for various installation
> files of Fedora 10, may I be allowed to say, that I think that broader
> adoption of OpenPGP standard (gpg) among Fedora (and Free Software)
> developers and users could be a desirable and advertising-worth goal.
> It could be a Strategy.
>
Let me see - The Gnupg package is included with Fedora. RPMs are
signed with a GPG key - each version has its own key. The extra
repositories have their own keys. When their was a possibility that
the keys had been compromised, new keys were issued. It is not like
Fedora isn't already using gpg...
About the only change I can see would be signing the files needed to
do a network install...
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20090327/d8bfb25c/attachment-0001.bin
More information about the users
mailing list