Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 144982 - RPM-GPG-KEYs for third party RPMs
RPM-GPG-KEYs for third party RPMs
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: fedora-release (Show other bugs)
2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Elliot Lee
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-01-13 08:10 EST by Kasper Dupont
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-01-19 18:26:54 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Kasper Dupont 2005-01-13 08:10:08 EST 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3)
Gecko/20040922

Description of problem:
The /usr/share/doc/fedora-release-2 directory contains only six public
keys. It would be nice if the public keys of well known providers of
RPM packages for Fedora Core were included as well (for example fedora
legacy, fresh rpms and others). Probably they should be in a seperate
directory along with an explanation that you provide no guarantee
whatsoever about the quality of rpm packages from these sources.
Having the public keys installed by Fedora Core means users don't have
to download them from an unauthenticated channel.

Version-Release number of selected component (if applicable):
fedora-release-2-4

How reproducible:
Always

Steps to Reproduce:
1. ls /usr/share/doc/fedora-release-2

Additional info:
Comment 1 Elliot Lee 2005-01-19 18:26:54 EST 
The way you suggested doing it isn't that bad of an idea. However, it
seems better to let each repo distribute its own keys (to deal with
keys expiring, and give them more control to add packages signed with
new keys). As for authentication, typically, downloading keys is not a
big security problem - if it does become one, I'm sure someone will
think of a better solution than including the keys in the OS.

There's also the concern that including the keys of would be
sanctioning the repos, many of which include packages of questionable
legality or bad fit with Fedora Core's licensing goals.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.