On Wed, 2008-09-03 at 23:42 -0400, Bill Davidsen wrote: > Patrick O'Callaghan wrote: > > On Wed, 2008-09-03 at 10:30 -0400, Bill Davidsen wrote: > >> hardest of all find a secure way to provide the public part of the > >> signing key > > > > The whole point about asymmetric encryption is that you don't need a > > secure distribution channel. The worst that can happen is that some fake > > public key gets distributed, which won't match the private key and hence > > will be instantly detectable. > > > NAK - if a fake public key were distributed then packages signed with > the fake key would be matched, allowing full access to install crap in > your machine. True. > And packages signed with any valid redhat key would be > rejected. Which is what I said. Thus it would be noticed immediately. > The public key really must be distributed in a secure manner. The standard way is to use certificates, but the update process isn't set up for this AFAIK, and in any case certificates have to be signed ... I'm sure suggestions are welcome as to how to accomplish this. poc -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines