Hello Clemens, Thank you as well for supporting the proposal!
Does this mean that after switching to a more strict crypto-policy, the > next run would remove (or propose to remove) keys that are no longer > considered secure under that crypto-policy? Although this wasn’t the main intent of the proposal, it was suggested by the RPM team to also consider this aspect when checking for expired PGP keys. The idea is to leverage the existing RPM method pgpPubKeyLint <https://github.com/rpm-software-management/rpm/blob/rpm-4.20.0-release/include/rpm/rpmpgp.h#L377>, which evaluates whether a given key is usable for verification. While this check is performed during key import, scenarios could arise where a key becomes broken or deemed weak after it has already been imported. This behavior would depend on the policy configured on the system (see rpm-sequoia <https://github.com/rpm-software-management/rpm-sequoia?tab=readme-ov-file#configuration> for reference). Incorporating this check is more of a suggested enhancement for the proposed plugin implementation and has not yet been fully specified. Jan On Wed, Dec 4, 2024 at 3:12 PM Clemens Lang <cll...@redhat.com> wrote: > Hi Jan, > > > I support this proposal, it’s a good idea and it will certainly improve > the user experience in this area. > I have one question: > > > On 3. Dec 2024, at 18:18, Aoife Moloney via devel-announce < > devel-annou...@lists.fedoraproject.org> wrote: > > > > We aim to address customer issues when installing RPM packages from > > repositories while outdated repository keys are present on the system. > > These issues include expired keys, obsolete signing algorithms (e.g., > > SHA1), or other problems that could be easily detected by tools like > > an RPM PGP linter. Currently, PGP checks fail, and users must manually > > remove expired keys using commands like `rpmkeys --delete`. > > > > The proposed solution is a new LIBDNF5 plugin. This plugin will act as > > a hook, checking for invalid repository PGP keys on the system before > > executing a DNF transaction. > > Does this mean that after switching to a more strict crypto-policy, the > next run would remove (or propose to remove) keys that are no longer > considered secure under that crypto-policy? > > > Thanks, > Clemens > > -- > Clemens Lang > RHEL Crypto Team > Red Hat > >
-- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
