On 29 January 2011 20:58, Pascal Terjan pter...@gmail.com wrote:
Sorry everyone, while removing my tests run on valstar, as that's not
the best place for tests, I removed bootsrap repository :(
I have stopped the build system and Nanar is sending back his copy of
the repository.
So you really
On Mon, Jan 31, 2011 at 08:21, Thomas Backlund t...@iki.fi wrote:
Pascal Terjan skrev 31.1.2011 00:54:
All packages have been rebuild, BS should be back in its original state
Have you also re-enabled youri reuploading check ?
Yes that's what I mean by BS should be back in its original state
On Sun, Jan 30, 2011 at 08:16:36PM -0800, Motoko-chan wrote:
On 01/30/2011 07:16 PM, nicolas vigier wrote:
[...]
- We add the bo...@mageia.org public key inside the urpmi package.
We change urpmi so that it refuses to use any key which has not been
signed by bo...@mageia.org. And
Hey,
2011/1/31 nicolas vigier bo...@mars-attacks.org:
- In case we think the packages@ key may have been compromised, or is
too old, or we want to change it for any other reason, we revoke the
key, and/or revoke the signature from board@ so that it is no
longer accepted by urpmi. We
* Christophe Fergeau (cferg...@gmail.com) wrote:
Hey,
2011/1/31 nicolas vigier bo...@mars-attacks.org:
- In case we think the packages@ key may have been compromised, or is
too old, or we want to change it for any other reason, we revoke the
key, and/or revoke the signature from
On Sun, 30 Jan 2011, Motoko-chan wrote:
On 01/30/2011 07:16 PM, nicolas vigier wrote:
So I propose that we use two keys :
- We sign all packages from all repositories using only one key. This
key is stored on the buildsystem. We can call it packa...@mageia.org.
Sounds good to me.
-
On 31 January 2011 16:03, nicolas vigier bo...@mars-attacks.org wrote:
What if urpmi automatically trusts packages signed with a key signed by
board@ and prompt on the first install of a package that is signed by a
different key? The yum tool used by Fedora, RHEL, and CentOS works very
well by
On Mon, 31 Jan 2011, Thierry Vignaud wrote:
On 31 January 2011 16:03, nicolas vigier bo...@mars-attacks.org wrote:
What if urpmi automatically trusts packages signed with a key signed by
board@ and prompt on the first install of a package that is signed by a
different key? The yum tool
2011/1/31 nicolas vigier bo...@mars-attacks.org:
On Sun, 30 Jan 2011, Motoko-chan wrote:
What if urpmi automatically trusts packages signed with a key signed by
board@ and prompt on the first install of a package that is signed by a
different key? The yum tool used by Fedora, RHEL, and CentOS
Le lundi 31 janvier 2011 à 16:03 +0100, nicolas vigier a écrit :
On Sun, 30 Jan 2011, Motoko-chan wrote:
If possible, using a split key so that no single person can revoke a
signature or sign a key would be useful. This would prevent attacks where
an individual might be tricked into
On Mon, 31 Jan 2011, Michael Scherer wrote:
So I propose that we use two keys :
- We sign all packages from all repositories using only one key. This
key is stored on the buildsystem. We can call it packa...@mageia.org.
- We have an other key, that we call bo...@mageia.org. This key
On Mon, 31 Jan 2011 17:18:25 +0100, Michael Scherer wrote about Re:
[Mageia-dev] PGP keys and package signing:
The problem is not leaking the key, it is about cryptographic attacks
about older keys.
If in 10 years, there is some technology that allows people to get our
private key by bruteforce
Le lundi 31 janvier 2011 à 21:49 +, Dick Gevers a écrit :
On Mon, 31 Jan 2011 17:18:25 +0100, Michael Scherer wrote about Re:
[Mageia-dev] PGP keys and package signing:
The problem is not leaking the key, it is about cryptographic attacks
about older keys.
If in 10 years, there is
On Tue, 01 Feb 2011 00:15:36 +0100, Michael Scherer wrote about Re:
[Mageia-dev] PGP keys and package signing:
Le lundi 31 janvier 2011 à 21:49 +, Dick Gevers a écrit :
On Mon, 31 Jan 2011 17:18:25 +0100, Michael Scherer wrote about Re:
[Mageia-dev] PGP keys and package signing:
The
14 matches
Mail list logo
