Bug 144982
Summary: | RPM-GPG-KEYs for third party RPMs | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Kasper Dupont <bugzilla> |
Component: | fedora-release | Assignee: | Elliot Lee <sopwith> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 2 | CC: | wtogami |
Target Milestone: | --- | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-01-19 23:26:54 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Kasper Dupont
2005-01-13 13:10:08 UTC
The way you suggested doing it isn't that bad of an idea. However, it seems better to let each repo distribute its own keys (to deal with keys expiring, and give them more control to add packages signed with new keys). As for authentication, typically, downloading keys is not a big security problem - if it does become one, I'm sure someone will think of a better solution than including the keys in the OS. There's also the concern that including the keys of would be sanctioning the repos, many of which include packages of questionable legality or bad fit with Fedora Core's licensing goals. |