On Wed, Mar 10, 2021, at 1:06 PM, Miroslav Suchý wrote: > Dne 10. 03. 21 v 17:43 Colin Walters napsal(a): > > For 3rd party repositories like COPR, as I noted in that issue I think the > > best is to bootstrap trust over TLS - e.g. we have > > ``` > > gpgkeyfingerprint=<sha256> > > ``` > > Would you, as sysadmin, notice if the fingerprint changed (because of > attacker)? I definitelly not. > > That > gpgkeyid=iss...@email.com > gpgkey_dns_verification=1 > is IMO better approach.
With this model, the fingerprint changing is a hard failure. Now if you're scoping in key rotation - that is indeed a hard problem. Does COPR rotate keys today at all? I think it's fair to say that key rotation is the most broken-by-design thing about GPG. It's not clear to me that DNS is the right answer though. We're having a parallel discussion about this in https://github.com/ostreedev/ostree/pull/2260 _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
