On Wed, 2007-08-22 at 13:55 -0400, Colin Walters wrote:
The obvious default policy to me is:
* Fedora trusts the GPG keys it ships
* All other keys are denied
I'd say:
* PackageKit trusts the GPG keys that are in /etc/pki.
* All other keys are denied.
Yum, on the other hand, does ask and show a fingerprint, but it also
shows the path to the key (IIRC), so the smart user can see if it's a
trusted key from /etc/pki or if it's an unknown key that she needs to
check.
The scenario where this does break down is installing software from
other sites like livna. If we have some sort of hoop there in the
process that's probably fine. Maybe you have to "sudo rpm -ivh
http://livna.org/gpg.asc", or click some dialog. Firefox makes users
installing extensions wait 3 seconds.
Yup. Which is basically what we have today. You do
rpm -ivh
http://www.3dparty.org/3rdpart-release.rpm
That puts the key in /etc/pki, which means you've agreed to trust it. As
long as
3dparty.org is a good repo and you're net being MITM:d, it's
fine. And it's a manual step that requires doing stuff in a root shell
or responing with the root password when you click on the rpm link in
the browser. There's room for improvement here though, perhaps if some
legally and technically sane way of helping the use figure out who to
trust can be found.
/abo