Rahul Sundaram <sundaram <at> fedoraproject.org> writes:
> Since Fedora has changed its key now, new pushes requires packages to be
> (re)signed with the new key. Release engineering is still working out
> the details with Fedora Engineering Steering Committee.
IMHO it would be much safer to push them out with the old key (I sure hope the
private key was kept around somewhere - it's also needed to generate
revocations!) in the meantime than not to push any updates at all. Some of
those updates are security updates, not pushing them effectively means the
intruder was successful at DoSing our flow of security updates and rendering
target systems vulnerable. I consider the threat of not applying security
updates to be much higher than the threat of a potentially compromised (*)
signature: many people install completely unsigned packages, e.g. "I just
fetched build $nevr from Koji", Rawhide packages, third-party packages with no
signature (even from servers where it isn't clear whether they can be trusted);
people also import signing keys from many third-party repositories whose
security practices (or even whose own trustworthiness) are not controlled by
the Fedora Project.
(*) (even not taking into account the fact that the signing key probably wasn't
actually compromised in the first place according to the announcement)
Kevin Kofler
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
