[OM Cooker] Trusted RPM packages
Tomasz Gajc
tpgxyz at gmail.com
Mon Jan 18 05:04:16 EST 2016
Hi Jeff, thanks for the detailed info. I have couple of questions,
hopefully looking for your answer.
2016-01-16 22:59 GMT+01:00 Jeff Johnson <n3npq at mac.com>:
>
>
> What remains to be done (in some order) is this:
>
> 1) confirm the non-repudiable signature exists by building a package and
> verifying
> the signature (using "rpm -qvvp *.rpm" should be sufficient), and that the
> pubkey is
> contained within every package.
>
Which pubkey? OMA or rpmbuild's one ?
>
> 2) remove the check for "official" pubkey in urpmi.
>
I do not understand one thing. How user can verify if rpm file which is
signed with "one time generated" gpg key is trusted with that
virtual-notary certificate ?
>
> 3) create the manifest format to taste including additional identification
> like the non-repudiable pubkey id
>
I do not understand what non-repudiable means :(
>
> 4) register the manifest with http://virtual-notary.org and get the
> certificate. confirm that the certificate
> is consistent with the document.
>
What do you mean by manifest ? You mean to notarize a document ?
http://virtual-notary.org/dispatch/document/input/
>
> 5) decide how to add the above steps to the mirroring process, and how to
> document the procedure.
>
This is very unclear to me. Please elaborate on this more because i'd like
to understand how that notary should work.
>
> Apologies for wordiness. Poke me on the irc meeting if you have questions.
>
> hth
>
> 73 de Jeff
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://ml.openmandriva.org/pipermail/om-cooker_ml.openmandriva.org/attachments/20160118/38e63842/attachment.html>
More information about the OM-Cooker
mailing list