Ed Greshko wrote:
What's the point of having the key at all if you implicitly trust the
delivery mechanism of the RPM packages?
Good approach, answer a question with another question.
If you can't say why you need the key in the first place, there isn't
much hope of seeing why you need a different reason to trust the key
than the content it verifies.
Bzzzzttt... Wong! You are attacking the current system and it is
incumbent on you to prove your points.
I'm not sure there is a 'current system', but if you mean the plan to
use the old key validation for the installation of a package containing
the new one and the new repo locations, I don't have a better suggestion.
I can't help but to see the irony in that those clamoring for "explicit
details" from the Fedora folks as to the nature, methods, damage
inflicted on the Fedora infrastructure are so devoid of details on how
their attack vector would work. Their scenario amounts to...generate a
fake key pair, fool people in accepting it, sign compromised packages,
fool people into downloading and installing them...take over their systems.
I'm sure there are people capable of that - but in the planned scenario
the same person has to also possess the old signing key.
--
Les Mikesell
lesmikesell@xxxxxxxxx
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
