Re: Secrecy and user trust



Tim wrote:
Bill Davidsen:
Suggestion: since the livna key is still secure (AFAIK) let them distribute the new Fedora key and sign the RPM.

Kevin Fenzi:
That was suggested before, but it's not a great solution for several
reasons: Not everyone has livna enabled. Having one repo publish keys
for another seems wrong, especially when they are not officially
connected.

I'm not sure whether *also* having the keys on other sites is so bad.

I give up, politics as usual. If a proposed solution isn't perfect it isn't good enough, so trust us.

If you take it like the GPG model - countersigning and cross-checking
through other sources that you also trust. If Livna, ATRPMs, and a few
other usual repos had the same Fedora public key, you'd be more
confident that the key you got from what you think is a real Fedora
mirror, is the right one.

Well said. Common sense. The political answer is "wait until new improved RPM comes out."

--
Bill Davidsen <davidsen@xxxxxxx>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines



Relevant Pages

  • Elm ME+ 2.5 PLalpha34 RPM announcement
    ... Experimental RPM spec file for Elm ME+ 2.5 PLalpha34 ... Compiled on Fedora release 19 ... changes Configure and fixes compilation on ... Now Configure founds crypt() on Ubuntu 11.10 ...
    (comp.mail.elm)
  • ever migrate from Fedora to Scientific Linux or CentOS?
    ... We have lots of Fedora systems and it is turning out to be too much ... RPM and don't like DEB as much ... newer gcc and update tcl/tk in order to put in the software we wanted. ... the upgrade of gcc required me to rebuild the whole ...
    (Fedora)
  • Re: Fedora 17 in a CHROOT on Ubuntu - and the wrong dependency on rpmlib(X-CheckUnifiedSyste
    ... I am working in Ubuntu and compiling RPMs for Fedora. ... to the wrong "rpmlib" dependency. ... How can I either fake this dependency or prevent RPM from requiring ... Install Fedora 16 i686 in a chroot: ...
    (Fedora)
  • Customised Fedora DVD using new Kernel
    ... dvd (based on Fedora) using the latest kernel. ... We can successfully build and install the kernel rpm using the tar ball ... umount /mnt/ ...
    (Fedora)
  • Re: gMFSK and rpm packaging
    ... and with the help of many on this list I ./configure -- xxx --xxxx and when that went clean I used "make" and that errored out because I was missing a stupid thing I yummed from Fedora. ... And be sure that F7 is Linux first and Fedora for applications and such second. ... In the future you or any fedora user would be able to: ... I made a rpm about 5 years ago and I did print out Maximum RPM. ...
    (Fedora)