Re: Secrecy and user trust

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "Community assistance, encouragement, and advice for using Fedora." <fedora-list@xxxxxxxxxx>
Subject: Re: Secrecy and user trust
From: Bill Davidsen <davidsen@xxxxxxx>
Date: Thu, 04 Sep 2008 16:38:54 -0400
In-reply-to: <1220533909.3286.31.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
References: <48BD6B95.9030401@xxxxxxx> <544eb990809020927i313cba2bnf449e6737e67728e@xxxxxxxxxxxxxx> <48BD6CE5.3060303@xxxxxxxxx> <544eb990809020951o5270a862n461d2fb4f5c78f27@xxxxxxxxxxxxxx> <48BD7C8E.9050505@xxxxxxx> <20080902135544.4sgel1t94c0sco84-zeznkk@xxxxxxxxxxxxxxxxxxx> <48BDA778.3020002@xxxxxxxxx> <20080902210444.GE3924@xxxxxxxxxxxxxxxxxxxxx> <g9m66m$mae$1@xxxxxxxxxxxxx> <20080903094222.63bf70db@xxxxxxxxxxxxx> <1220533909.3286.31.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: "Community assistance, encouragement, and advice for using Fedora." <fedora-list@xxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.8) Gecko/20061105 SeaMonkey/1.0.6

Tim wrote:

Bill Davidsen:

Suggestion: since the livna key is still secure (AFAIK) let themdistribute the new Fedora key and sign the RPM.


Kevin Fenzi:

That was suggested before, but it's not a great solution for several
reasons: Not everyone has livna enabled. Having one repo publish keys
for another seems wrong, especially when they are not officially

connected.


I'm not sure whether *also* having the keys on other sites is so bad.

I give up, politics as usual. If a proposed solution isn't perfect itisn't good enough, so trust us.

If you take it like the GPG model - countersigning and cross-checking
through other sources that you also trust.  If Livna, ATRPMs, and a few
other usual repos had the same Fedora public key, you'd be more
confident that the key you got from what you think is a real Fedora
mirror, is the right one.

Well said. Common sense. The political answer is "wait until newimproved RPM comes out."


--
Bill Davidsen <davidsen@xxxxxxx>
  "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

References:
- Secrecy and user trust
  - From: Bill Davidsen
- Re: Secrecy and user trust
  - From: Bill Crawford
- Re: Secrecy and user trust
  - From: Les Mikesell
- Re: Secrecy and user trust
  - From: Bill Crawford
- Re: Secrecy and user trust
  - From: Bill Davidsen
- Re: Secrecy and user trust
  - From: John Aldrich
- Re: Secrecy and user trust
  - From: Travis Arnold
- Re: Secrecy and user trust
  - From: Anders Karlsson
- Re: Secrecy and user trust
  - From: Bill Davidsen
- Re: Secrecy and user trust
  - From: Kevin Fenzi
- Re: Secrecy and user trust
  - From: Tim

Prev by Date: Re: Decent scanning app
Next by Date: Re: Can't switch to KDE
Previous by thread: Re: Secrecy and user trust
Next by thread: Re: Secrecy and user trust
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]

Powered by Linux