On Mon, 2004-11-01 at 18:50 -0500, Peter Jones wrote:
On Mon, 2004-11-01 at 17:34 -0600, Satish Balay wrote:
Ok - you & Seth seem to have a solution to the problem.
Still no good explanation why ALL keys should be treated the same.
Because there's nothing about a key that tells you how to treat it.
Exactly. There's where "common sense" comes into play, i.e. I shouldn't enable Rawhide repositories if a broken system makes me cry.
To me 'rehdat-key' is different from 'linva-key' etc. And I think rawhide can do the same.
The analogy I keep thinking is 'my signature' is differnet than 'RedHat's CEO's signature' treating both to mean the same is nuts..
But the signature isn't different in kind. You just "know" which documents one is good on and which one isn't. But we don't have that kind of knowledge for all keys. We don't know which repositories each key is good for what on, and making the infrastructure to tell that about keys is a lot of work. Making the infrastructure for a key to sign something which tells us is significantly easier, I think.
Just to overstretch analogies a bit, the "signature" of Fisher-Price on a kid's toy isn't different from the "signature" of Heckler&Koch on a submachine gun either. Despite that they convey very different messages ("when you push the button, the doll cries" vs. "... a whole family cries").
Let's face it, currently a signed package only means "someone/-thing has signed off on it" on a technical level, anything else is just what we humans put into it and nothing tools can guess by themselves. I.e. we can only differentiate between "keys we trust" on a certain system by either putting them into yum.conf/sources or not. Everything beyond that would need infrastructure that currently doesn't exist.
Nils