Bug 28246 - RFE: Add testers-list only public signing key for packages
Summary: RFE: Add testers-list only public signing key for packages
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: up2date
Version: 7.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Adrian Likins
QA Contact: Aaron Brown
Keywords: FutureFeature
Depends On:
TreeView+ depends on / blocked
Reported: 2001-02-19 02:51 UTC by R P Herrold
Modified: 2007-04-18 16:31 UTC (History)
4 users (show)

Clone Of:
Last Closed: 2003-02-14 14:00:27 UTC

Attachments (Terms of Use)

Description R P Herrold 2001-02-19 02:51:34 UTC
J Katz reprised a prior discussion:

Also note that you're probably going to want to edit
/etc/sysconfig/up2date and set useGPG=0 so that you don't get asked if
you want to continue on every package due to the fact that all of the
beta packages are unsigned :(
This brings us back to the question of having a beta key to verify
packages... especially with up2date stuff, it would be _extremely_


Prior disclaimers apply -- it might be appropiate to add a 'rawhide' key as
well, to allow prevention of unintended installation of rawhide in a
production environment ...

Comment 1 Glen Foster 2001-02-19 20:01:15 UTC
While I like this idea for this, it's not something we'll do right away.  I'm
marking this defect as DEFERRED (but not closing it).

Comment 2 R P Herrold 2001-02-19 21:13:57 UTC
Hi, Glen,            NEEDINFO and non-DEFERRable request

The production cycle is such that in the next few weeks, physical
CD's will be released into the retail market, and the up2date keying
will likewise be pre-keyed.

Does it not make sense to generate known keys for beta@redhat.com and
rawhide@redhat.com , and _DISTRIBUTE_ these NOW, in this cycle,
and build the rest of the infrastructure later?

Comment 3 R P Herrold 2001-04-11 03:51:13 UTC
Re-open for consideration of proposed RFE in RH 7.2

Comment 4 R P Herrold 2001-10-26 00:46:59 UTC
Post release of RH 7.2 
I am still interested in this -- and indeed, if every package was signed -- 
with at least ONE RH key as a matter of the SOP, if the 'released without 
signing' fiasco of  RH 7.2 gold could have been 'covered' by acknowledging the 
secondary previously 'unofficial' key.

Comment 5 Aleksey Nogin 2001-10-26 14:10:48 UTC
There needs to be something similar for rhcontrib (currently rhcontrib.bero.org)
for making sure the mirrored package is the same as the one that was compiled in
rhcontrib. But there we also need some mechanism for preserving the SRPM
signature when the uploaded SRPM was signed.

Comment 6 R P Herrold 2002-02-11 02:31:21 UTC
At relesase of first Beta for RH 8.0

Still interested -- still applicable for all the same reasons.

Comment 7 Adrian Likins 2002-03-26 22:43:16 UTC
Versions included in the skipjack beta should include a 
beta only key and up2date support for using it.

Comment 8 Jay Turner 2003-02-14 14:00:27 UTC
This has been fixed for quite some time.  Closing out.

Note You need to log in before you can comment on or make changes to this bug.