On Thu, Jan 03, 2008 at 05:22:27PM -0500, seth vidal wrote: > > On Thu, 2008-01-03 at 23:18 +0100, Till Maas wrote: > > On Do Januar 3 2008, seth vidal wrote: > > > > > it uses urlgrabber which uses urllib[2] underneath. ssl connections > > > specific ca to focus on. > > > > > > but what does this have to do with gpg certs? gpg certs aren't ssl > > > certs. > > > > When yum (rpm?) verifies ssl certificates for https urls to acquire > > gpgkeys, > > it is possible to use these urls in the mock config, without losing (much) > > security. > > too many options here: > 1. rpm has nothing to do, in yum, with downloading gpg keys or packages. > 2. you want to use an ssl cert to verify the location we're retrieving > the gpg keys from? And you want to use a special CA to guarantee we have > the right one? > 3. What's the LOSS of security you're worried with?
I believe that Till is concerned with establishing a chain-of-trust so that we know the output RPMs from mock are good. This chain starts at the mock binary and goes to the mirror we download the RPMs from for the chroot. We have to have a way to know that what we are downloading from the mirror has not been compromised in any way. Till, from a maintenance standpoint, I favor simply adding an https url for the gpg keys. From a security perspective, it would most likely be best if mock included the respective keys. If mock is going to include keys, you should name them after the respective mock configs so it is easy to see when we can drop specific keys. RPM-GPG-KEY-fedora-8-x86_64 or something similar. -- Michael -- Fedora-buildsys-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
