Bug 28246 - RFE: Add testers-list only public signing key for packages
RFE: Add testers-list only public signing key for packages
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: up2date (Show other bugs)
7.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Adrian Likins
Aaron Brown
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-02-18 21:51 EST by R P Herrold
Modified: 2007-04-18 12:31 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-02-14 09:00:27 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description R P Herrold 2001-02-18 21:51:34 EST
J Katz reprised a prior discussion:

Also note that you're probably going to want to edit
/etc/sysconfig/up2date and set useGPG=0 so that you don't get asked if
you want to continue on every package due to the fact that all of the
beta packages are unsigned :(
 
This brings us back to the question of having a beta key to verify
packages... especially with up2date stuff, it would be _extremely_
helpful                                                            

--------------------------------------

Prior disclaimers apply -- it might be appropiate to add a 'rawhide' key as
well, to allow prevention of unintended installation of rawhide in a
production environment ...
Comment 1 Glen Foster 2001-02-19 15:01:15 EST
While I like this idea for this, it's not something we'll do right away.  I'm
marking this defect as DEFERRED (but not closing it).
Comment 2 R P Herrold 2001-02-19 16:13:57 EST
Hi, Glen,            NEEDINFO and non-DEFERRable request

The production cycle is such that in the next few weeks, physical
CD's will be released into the retail market, and the up2date keying
will likewise be pre-keyed.

Does it not make sense to generate known keys for beta@redhat.com and
rawhide@redhat.com , and _DISTRIBUTE_ these NOW, in this cycle,
and build the rest of the infrastructure later?
Comment 3 R P Herrold 2001-04-10 23:51:13 EDT
Re-open for consideration of proposed RFE in RH 7.2
Comment 4 R P Herrold 2001-10-25 20:46:59 EDT
Post release of RH 7.2 
======================
I am still interested in this -- and indeed, if every package was signed -- 
with at least ONE RH key as a matter of the SOP, if the 'released without 
signing' fiasco of  RH 7.2 gold could have been 'covered' by acknowledging the 
secondary previously 'unofficial' key.
Comment 5 Aleksey Nogin 2001-10-26 10:10:48 EDT
There needs to be something similar for rhcontrib (currently rhcontrib.bero.org)
for making sure the mirrored package is the same as the one that was compiled in
rhcontrib. But there we also need some mechanism for preserving the SRPM
signature when the uploaded SRPM was signed.
Comment 6 R P Herrold 2002-02-10 21:31:21 EST
At relesase of first Beta for RH 8.0
====================================

Still interested -- still applicable for all the same reasons.
Comment 7 Adrian Likins 2002-03-26 17:43:16 EST
Versions included in the skipjack beta should include a 
beta only key and up2date support for using it.
Comment 8 Jay Turner 2003-02-14 09:00:27 EST
This has been fixed for quite some time.  Closing out.

Note You need to log in before you can comment on or make changes to this bug.