On Mon, 1 Nov 2004, Peter Jones wrote:
On Fri, 2004-10-29 at 09:44 -0500, Ian Pilcher wrote:
Jeff Spaleta wrote:
Can rawhide packages be automatically signed... of course Does autosigning help the intended, well informed, audience of the rawhide packages... yes Does autosigning hurt the unintended, un-informed or mis-informed audience... i think it does.
So you're suggesting that the use of signed packages should be limited by some "least common denominator" of ignorant users? I suspect that if you broadly adopt that principle, you won't be real happy with the results.
No, this is the wrong problem to discuss. The problem isn't that the users are ignorant. The problem is that we've systematically taught them what to expect a signature means, and we're going back and saying that sometimes -- only sometimes -- it only means part of that.
That's a serious flaw, and it's one we must address before we consider implementing any sort of automatic signatures. The way to do so is to separate the task of verifying the source (or even the chain of sources, if there are mirrors of mirrors) from that of verifying trust of the contents.
Are you saying - currently when a package is gpg-signed by a person - he/she actually goes through a manual process of verifying the following?
- source is not tampered (including the intial .tar.gz, patches, .spec files) - binary is not tampered - source -> binary process didn't introduce 'ANY' tampering?
If not - I don't see any big change - as far as user perception goes on gpg-sigining on build system.
For us users there is no confusion: - 'rawhide-key' is different from 'redhat-key' - so there is no confusion here. - 'gpg' singed packages doesn't => stability (aka rawhide can always eat data) - so no confusion here..
Satish